added outpost service pod

2026-01-21 01:37:40 +01:00
parent 799315d79e
commit e6836ce7b6
5 changed files with 44 additions and 28 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+vikunja/
--- a/apps/authentik/outpost-service.yaml
+++ b/apps/authentik/outpost-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ak-outpost-authentik-embedded-outpost
+  namespace: authentik
+  labels:
+    app.kubernetes.io/name: authentik-outpost
+    app.kubernetes.io/managed-by: manual
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: 9000
+      targetPort: 9000
+  selector:
+    app: authentik
+    component: server
--- a/infrastructure/traefik-edge/configmap-dynamic-legacy.yaml
+++ b/infrastructure/traefik-edge/configmap-dynamic-legacy.yaml
@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: traefik-edge-dynamic-legacy
-  namespace: traefik-system
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/component: edge-dynamic
-data:
-  20-legacy-vm.yaml: |
-    http:
-      routers:
-        # Route für Apps auf VM 301
-        to-apps-vm:
-          rule: HostRegexp(`^[a-z0-9-]+\.apps\.stabify\.de$`)
-          service: apps-vm-service
-          entryPoints: [ websecure ]
-          tls:
-            certResolver: le
-            domains:
-              - main: "*.apps.stabify.de"
-
-      services:
-        apps-vm-service:
-          loadBalancer:
-            servers:
-              - url: "http://vm-docker-apps-301.stabify.de:80"
-            passHostHeader: true
--- a/infrastructure/traefik-middleware-app.yaml
+++ b/infrastructure/traefik-middleware-app.yaml
@@ -15,6 +15,7 @@ spec:
      recurse: false
      include: |
        traefik-middleware-ipwhitelist.yaml
+        traefik-middleware-auth.yaml
  destination:
    server: https://kubernetes.default.svc
    namespace: traefik-system
--- a/infrastructure/traefik-middleware-authentik.yaml
+++ b/infrastructure/traefik-middleware-authentik.yaml
@@ -0,0 +1,25 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authentik-global
+  namespace: traefik-system
+  labels:
+    app.kubernetes.io/name: traefik
+    app.kubernetes.io/component: middleware
+spec:
+  forwardAuth:
+    # Adresse zeigt auf den neuen Service, den wir oben erstellt haben
+    address: http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - authorization