docs(guide): add section for Authentik integration (#34365)
- Split authentication section of the guide into two sub-sections: Authelia and Authentik. - Add detailed instructions for configuring Authentik for domain-level forward auth. **Description** <!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. --> 📘 Added guide section for configuring Authentik with NGINX Ingress Controller. This was motivated by a thread in the Discord server where I shared my configuration with another user who was asking questions and @PrivatePuffin suggested I contribute to the docs 😃 **⚙️ Type of change** - [ ] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code - [x] 📜 Documentation Changes **🧪 How Has This Been Tested?** <!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration --> **📃 Notes:** <!-- Please enter any other relevant information here --> **✔️ Checklist:** - [x ] ⚖️ My code follows the style guidelines of this project - [x] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [x] 📄 I have made changes to the documentation - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [ ] ⬆️ I increased versions for any altered app according to semantic versioning - [x] I made sure the title starts with `feat(chart-name):`, `fix(chart-name):`, `chore(chart-name):`, `docs(chart-name):` or `fix(docs):` **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --------- Signed-off-by: Alfred Göppel <43101280+alfi0812@users.noreply.github.com> Co-authored-by: Alfred Göppel <43101280+alfi0812@users.noreply.github.com>
This commit is contained in:
@@ -137,7 +137,7 @@ annotations:
|
||||
|
||||
### Auth
|
||||
|
||||
For Authelia, Authentik and more
|
||||
#### Authelia
|
||||
|
||||
```yaml
|
||||
annotations:
|
||||
@@ -147,6 +147,30 @@ annotations:
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: 'Remote-User,Remote-Name,Remote-Groups,Remote-Email'
|
||||
```
|
||||
|
||||
#### Authentik
|
||||
|
||||
When using Authentik, take care to configure the service as follows.
|
||||
|
||||
```yaml
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
```
|
||||
|
||||
For domain-level forward auth, you must configure the embedded outpost first (please refer to
|
||||
[Authentik's docs](https://truecharts.org/charts/stable/authentik/how_to/)). The basic steps are to create a provider and application, then enable the embedded outpost for your newly created application.
|
||||
|
||||
Once that has been done, configure each service you wish to place behind Authentik as follows:
|
||||
|
||||
```yaml
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authentik-http.authentik.svc.cluster.local:10230/outpost.goauthentik.io/auth/nginx
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${DOMAIN_1}/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Host $http_host;
|
||||
```
|
||||
|
||||
### IP Whitelist
|
||||
|
||||
```yaml
|
||||
|
||||
Reference in New Issue
Block a user