added outpost service pod
This commit is contained in:
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
|||||||
|
vikunja/
|
||||||
17
apps/authentik/outpost-service.yaml
Normal file
17
apps/authentik/outpost-service.yaml
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: ak-outpost-authentik-embedded-outpost
|
||||||
|
namespace: authentik
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: authentik-outpost
|
||||||
|
app.kubernetes.io/managed-by: manual
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
protocol: TCP
|
||||||
|
port: 9000
|
||||||
|
targetPort: 9000
|
||||||
|
selector:
|
||||||
|
app: authentik
|
||||||
|
component: server
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: traefik-edge-dynamic-legacy
|
|
||||||
namespace: traefik-system
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: traefik
|
|
||||||
app.kubernetes.io/component: edge-dynamic
|
|
||||||
data:
|
|
||||||
20-legacy-vm.yaml: |
|
|
||||||
http:
|
|
||||||
routers:
|
|
||||||
# Route für Apps auf VM 301
|
|
||||||
to-apps-vm:
|
|
||||||
rule: HostRegexp(`^[a-z0-9-]+\.apps\.stabify\.de$`)
|
|
||||||
service: apps-vm-service
|
|
||||||
entryPoints: [ websecure ]
|
|
||||||
tls:
|
|
||||||
certResolver: le
|
|
||||||
domains:
|
|
||||||
- main: "*.apps.stabify.de"
|
|
||||||
|
|
||||||
services:
|
|
||||||
apps-vm-service:
|
|
||||||
loadBalancer:
|
|
||||||
servers:
|
|
||||||
- url: "http://vm-docker-apps-301.stabify.de:80"
|
|
||||||
passHostHeader: true
|
|
||||||
@@ -15,6 +15,7 @@ spec:
|
|||||||
recurse: false
|
recurse: false
|
||||||
include: |
|
include: |
|
||||||
traefik-middleware-ipwhitelist.yaml
|
traefik-middleware-ipwhitelist.yaml
|
||||||
|
traefik-middleware-auth.yaml
|
||||||
destination:
|
destination:
|
||||||
server: https://kubernetes.default.svc
|
server: https://kubernetes.default.svc
|
||||||
namespace: traefik-system
|
namespace: traefik-system
|
||||||
|
|||||||
25
infrastructure/traefik-middleware-authentik.yaml
Normal file
25
infrastructure/traefik-middleware-authentik.yaml
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: authentik-global
|
||||||
|
namespace: traefik-system
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: traefik
|
||||||
|
app.kubernetes.io/component: middleware
|
||||||
|
spec:
|
||||||
|
forwardAuth:
|
||||||
|
# Adresse zeigt auf den neuen Service, den wir oben erstellt haben
|
||||||
|
address: http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
|
||||||
|
trustForwardHeader: true
|
||||||
|
authResponseHeaders:
|
||||||
|
- X-authentik-username
|
||||||
|
- X-authentik-groups
|
||||||
|
- X-authentik-email
|
||||||
|
- X-authentik-name
|
||||||
|
- X-authentik-uid
|
||||||
|
- X-authentik-jwt
|
||||||
|
- X-authentik-meta-jwks
|
||||||
|
- X-authentik-meta-outpost
|
||||||
|
- X-authentik-meta-provider
|
||||||
|
- X-authentik-meta-app
|
||||||
|
- authorization
|
||||||
Reference in New Issue
Block a user