RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: update k8s integration (#3908)

pull/3854/head
James Elliott 2022-08-26 21:03:12 +10:00 committed by GitHub
parent 21929d6508
commit 4d3ac31051
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/content/en/integration/kubernetes/nginx-ingress.md
View File

@ -13,7 +13,8 @@ toc: true
---
There are two nginx ingress controllers for Kubernetes. The Kubernetes official one [ingress-nginx], and the F5 nginx
official one [nginx-ingress-controller]. Currently we only have support docs for [ingress-nginx].
official one [nginx-ingress-controller]. We only have integration documentation for [ingress-nginx] and there are no
plans to support the F5 [nginx-ingress-controller].
The [nginx documentation](../proxies/nginx.md) may also be useful for crafting advanced snippets to use with annotations
even though it's not specific to Kubernetes.
@ -26,12 +27,15 @@ bootstrapping *Authelia*.
## NGINX Ingress Controller (ingress-nginx)
If you use NGINX Ingress Controller (ingress-nginx) you can protect an ingress with the following annotations. The
If you use NGINX Ingress Controller ([ingress-nginx]) you can protect an ingress with the following annotations. The
example assumes that the public domain Authelia is served on is `https://auth.example.com` and there is a
Kubernetes service with the name `authelia` in the `default` namespace with TCP port `80` configured to route to the
Authelia HTTP port and that your cluster is configured with the default
DNS domain name of `cluster.local`.
*__Important Note:__ The following annotations should be applied to an Ingress you wish to protect. They __SHOULD NOT__
be applied to the Authelia Ingress itself.*
### Ingress Annotations
```yaml

32
docs/content/en/integration/kubernetes/traefik-ingress.md
View File

@ -32,18 +32,21 @@ bootstrapping *Authelia*.
Depending on your Traefik version you may be required to configure the
[allowCrossNamespace](https://doc.traefik.io/traefik/providers/kubernetes-crd/#allowcrossnamespace) to reuse a
[Middleware] from a namespace different to the Ingress or IngressRoute. Alternatively you can create the [Middleware] in
every namespace you need to use it.
[Middleware] from a [Namespace] different to the [Ingress] / [IngressRoute]. Alternatively you can create the [Middleware]
in every [Namespace] you need to use it.
## Middleware
Regardless if you're using the [Traefik Kubernetes Ingress] or purely the [Traefik Kubernetes CRD], you must configure
the [Traefik Kubernetes CRD] as far as we're aware at this time in order to configure a [ForwardAuth] [Middleware].
This is an example [Middleware] manifest. This eample assumes that you have deployed an Authelia pod and you have
configured it to be served on the URL `https://auth.example.com` and there is a Kubernetes Service with the name
`authelia` in the `default` namespace with TCP port `80` configured to route to the Authelia pod's HTTP port and that
your cluster is configured with the default DNS domain name of `cluster.local`.
This is an example [Middleware] manifest. This example assumes that you have deployed an Authelia [Pod] and you have
configured it to be served on the URL `https://auth.example.com` and there is a Kubernetes [Service] with the name
`authelia` in the `default` [Namespace] with TCP port `80` configured to route to the Authelia [Pod]'s HTTP port and
that your cluster is configured with the default DNS domain name of `cluster.local`.
*__Important Note:__ The [Middleware] should be applied to an [Ingress] / [IngressRoute] you wish to protect. It
__SHOULD NOT__ be applied to the Authelia [Ingress] / [IngressRoute] itself.*
{{< details "middleware.yml" >}}
```yaml
@ -71,9 +74,9 @@ spec:
## Ingress
This is an example Ingress manifest which uses the above [Middleware](#middleware). This example assumes you have an
application you wish to serve on `https://app.example.com` and there is a Kubernetes Service with the name `app` in the
`default` namespace with TCP port `80` configured to route to the application pod's HTTP port.
This is an example [Ingress] manifest which uses the above [Middleware](#middleware). This example assumes you have an
application you wish to serve on `https://app.example.com` and there is a Kubernetes [Service] with the name `app` in
the `default` [Namespace] with TCP port `80` configured to route to the application [Pod]'s HTTP port.
{{< details "ingress.yml" >}}
```yaml
@ -105,9 +108,9 @@ spec:
## IngressRoute
This is an example IngressRoute manifest which uses the above [Middleware](#middleware). This example assumes you have an
application you wish to serve on `https://app.example.com` and there is a Kubernetes Service with the name `app` in the
`default` namespace with TCP port `80` configured to route to the application pod's HTTP port.
This is an example [IngressRoute] manifest which uses the above [Middleware](#middleware). This example assumes you have
an application you wish to serve on `https://app.example.com` and there is a Kubernetes [Service] with the name `app` in
the `default` [Namespace] with TCP port `80` configured to route to the application [Pod]'s HTTP port.
{{< details "ingressRoute.yml" >}}
```yaml
@ -138,6 +141,11 @@ spec:
```
{{< /details >}}
[Namespace]: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
[Pod]: https://kubernetes.io/docs/concepts/workloads/pods/
[Service]: https://kubernetes.io/docs/concepts/services-networking/service/
[IngressRoute]: https://doc.traefik.io/traefik/providers/kubernetes-crd/
[Ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/
[Traefik Kubernetes Ingress]: https://doc.traefik.io/traefik/providers/kubernetes-ingress/
[Traefik Kubernetes CRD]: https://doc.traefik.io/traefik/providers/kubernetes-crd/
[Middleware]: https://doc.traefik.io/traefik/middlewares/overview/