From 4d3ac31051957b14d49b1495f96b0b6cd8f62c81 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Fri, 26 Aug 2022 21:03:12 +1000 Subject: [PATCH] docs: update k8s integration (#3908) --- .../integration/kubernetes/nginx-ingress.md | 8 +++-- .../integration/kubernetes/traefik-ingress.md | 32 ++++++++++++------- 2 files changed, 26 insertions(+), 14 deletions(-) diff --git a/docs/content/en/integration/kubernetes/nginx-ingress.md b/docs/content/en/integration/kubernetes/nginx-ingress.md index db5838ccf..c50f74f0d 100644 --- a/docs/content/en/integration/kubernetes/nginx-ingress.md +++ b/docs/content/en/integration/kubernetes/nginx-ingress.md @@ -13,7 +13,8 @@ toc: true --- There are two nginx ingress controllers for Kubernetes. The Kubernetes official one [ingress-nginx], and the F5 nginx -official one [nginx-ingress-controller]. Currently we only have support docs for [ingress-nginx]. +official one [nginx-ingress-controller]. We only have integration documentation for [ingress-nginx] and there are no +plans to support the F5 [nginx-ingress-controller]. The [nginx documentation](../proxies/nginx.md) may also be useful for crafting advanced snippets to use with annotations even though it's not specific to Kubernetes. @@ -26,12 +27,15 @@ bootstrapping *Authelia*. ## NGINX Ingress Controller (ingress-nginx) -If you use NGINX Ingress Controller (ingress-nginx) you can protect an ingress with the following annotations. The +If you use NGINX Ingress Controller ([ingress-nginx]) you can protect an ingress with the following annotations. The example assumes that the public domain Authelia is served on is `https://auth.example.com` and there is a Kubernetes service with the name `authelia` in the `default` namespace with TCP port `80` configured to route to the Authelia HTTP port and that your cluster is configured with the default DNS domain name of `cluster.local`. +*__Important Note:__ The following annotations should be applied to an Ingress you wish to protect. They __SHOULD NOT__ +be applied to the Authelia Ingress itself.* + ### Ingress Annotations ```yaml diff --git a/docs/content/en/integration/kubernetes/traefik-ingress.md b/docs/content/en/integration/kubernetes/traefik-ingress.md index 4dc9f30ff..cd207eb35 100644 --- a/docs/content/en/integration/kubernetes/traefik-ingress.md +++ b/docs/content/en/integration/kubernetes/traefik-ingress.md @@ -32,18 +32,21 @@ bootstrapping *Authelia*. Depending on your Traefik version you may be required to configure the [allowCrossNamespace](https://doc.traefik.io/traefik/providers/kubernetes-crd/#allowcrossnamespace) to reuse a -[Middleware] from a namespace different to the Ingress or IngressRoute. Alternatively you can create the [Middleware] in -every namespace you need to use it. +[Middleware] from a [Namespace] different to the [Ingress] / [IngressRoute]. Alternatively you can create the [Middleware] +in every [Namespace] you need to use it. ## Middleware Regardless if you're using the [Traefik Kubernetes Ingress] or purely the [Traefik Kubernetes CRD], you must configure the [Traefik Kubernetes CRD] as far as we're aware at this time in order to configure a [ForwardAuth] [Middleware]. -This is an example [Middleware] manifest. This eample assumes that you have deployed an Authelia pod and you have -configured it to be served on the URL `https://auth.example.com` and there is a Kubernetes Service with the name -`authelia` in the `default` namespace with TCP port `80` configured to route to the Authelia pod's HTTP port and that -your cluster is configured with the default DNS domain name of `cluster.local`. +This is an example [Middleware] manifest. This example assumes that you have deployed an Authelia [Pod] and you have +configured it to be served on the URL `https://auth.example.com` and there is a Kubernetes [Service] with the name +`authelia` in the `default` [Namespace] with TCP port `80` configured to route to the Authelia [Pod]'s HTTP port and +that your cluster is configured with the default DNS domain name of `cluster.local`. + +*__Important Note:__ The [Middleware] should be applied to an [Ingress] / [IngressRoute] you wish to protect. It +__SHOULD NOT__ be applied to the Authelia [Ingress] / [IngressRoute] itself.* {{< details "middleware.yml" >}} ```yaml @@ -71,9 +74,9 @@ spec: ## Ingress -This is an example Ingress manifest which uses the above [Middleware](#middleware). This example assumes you have an -application you wish to serve on `https://app.example.com` and there is a Kubernetes Service with the name `app` in the -`default` namespace with TCP port `80` configured to route to the application pod's HTTP port. +This is an example [Ingress] manifest which uses the above [Middleware](#middleware). This example assumes you have an +application you wish to serve on `https://app.example.com` and there is a Kubernetes [Service] with the name `app` in +the `default` [Namespace] with TCP port `80` configured to route to the application [Pod]'s HTTP port. {{< details "ingress.yml" >}} ```yaml @@ -105,9 +108,9 @@ spec: ## IngressRoute -This is an example IngressRoute manifest which uses the above [Middleware](#middleware). This example assumes you have an -application you wish to serve on `https://app.example.com` and there is a Kubernetes Service with the name `app` in the -`default` namespace with TCP port `80` configured to route to the application pod's HTTP port. +This is an example [IngressRoute] manifest which uses the above [Middleware](#middleware). This example assumes you have +an application you wish to serve on `https://app.example.com` and there is a Kubernetes [Service] with the name `app` in +the `default` [Namespace] with TCP port `80` configured to route to the application [Pod]'s HTTP port. {{< details "ingressRoute.yml" >}} ```yaml @@ -138,6 +141,11 @@ spec: ``` {{< /details >}} +[Namespace]: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ +[Pod]: https://kubernetes.io/docs/concepts/workloads/pods/ +[Service]: https://kubernetes.io/docs/concepts/services-networking/service/ +[IngressRoute]: https://doc.traefik.io/traefik/providers/kubernetes-crd/ +[Ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress/ [Traefik Kubernetes Ingress]: https://doc.traefik.io/traefik/providers/kubernetes-ingress/ [Traefik Kubernetes CRD]: https://doc.traefik.io/traefik/providers/kubernetes-crd/ [Middleware]: https://doc.traefik.io/traefik/middlewares/overview/