From e6836ce7b656268d1f80e65bc686eb4a47ace1a2 Mon Sep 17 00:00:00 2001 From: Nick Adam Date: Wed, 21 Jan 2026 01:37:40 +0100 Subject: [PATCH] added outpost service pod --- .gitignore | 1 + apps/authentik/outpost-service.yaml | 17 +++++++++++ .../configmap-dynamic-legacy.yaml | 28 ------------------- infrastructure/traefik-middleware-app.yaml | 1 + .../traefik-middleware-authentik.yaml | 25 +++++++++++++++++ 5 files changed, 44 insertions(+), 28 deletions(-) create mode 100644 .gitignore create mode 100644 apps/authentik/outpost-service.yaml delete mode 100644 infrastructure/traefik-edge/configmap-dynamic-legacy.yaml create mode 100644 infrastructure/traefik-middleware-authentik.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1e800c0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +vikunja/ \ No newline at end of file diff --git a/apps/authentik/outpost-service.yaml b/apps/authentik/outpost-service.yaml new file mode 100644 index 0000000..0bd23af --- /dev/null +++ b/apps/authentik/outpost-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: ak-outpost-authentik-embedded-outpost + namespace: authentik + labels: + app.kubernetes.io/name: authentik-outpost + app.kubernetes.io/managed-by: manual +spec: + ports: + - name: http + protocol: TCP + port: 9000 + targetPort: 9000 + selector: + app: authentik + component: server \ No newline at end of file diff --git a/infrastructure/traefik-edge/configmap-dynamic-legacy.yaml b/infrastructure/traefik-edge/configmap-dynamic-legacy.yaml deleted file mode 100644 index 0a9d333..0000000 --- a/infrastructure/traefik-edge/configmap-dynamic-legacy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: traefik-edge-dynamic-legacy - namespace: traefik-system - labels: - app.kubernetes.io/name: traefik - app.kubernetes.io/component: edge-dynamic -data: - 20-legacy-vm.yaml: | - http: - routers: - # Route für Apps auf VM 301 - to-apps-vm: - rule: HostRegexp(`^[a-z0-9-]+\.apps\.stabify\.de$`) - service: apps-vm-service - entryPoints: [ websecure ] - tls: - certResolver: le - domains: - - main: "*.apps.stabify.de" - - services: - apps-vm-service: - loadBalancer: - servers: - - url: "http://vm-docker-apps-301.stabify.de:80" - passHostHeader: true diff --git a/infrastructure/traefik-middleware-app.yaml b/infrastructure/traefik-middleware-app.yaml index 919a0f1..e4eebf0 100644 --- a/infrastructure/traefik-middleware-app.yaml +++ b/infrastructure/traefik-middleware-app.yaml @@ -15,6 +15,7 @@ spec: recurse: false include: | traefik-middleware-ipwhitelist.yaml + traefik-middleware-auth.yaml destination: server: https://kubernetes.default.svc namespace: traefik-system diff --git a/infrastructure/traefik-middleware-authentik.yaml b/infrastructure/traefik-middleware-authentik.yaml new file mode 100644 index 0000000..9d2f71f --- /dev/null +++ b/infrastructure/traefik-middleware-authentik.yaml @@ -0,0 +1,25 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: authentik-global + namespace: traefik-system + labels: + app.kubernetes.io/name: traefik + app.kubernetes.io/component: middleware +spec: + forwardAuth: + # Adresse zeigt auf den neuen Service, den wir oben erstellt haben + address: http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - authorization \ No newline at end of file