spacemule
commented
1 week ago @alexppg
If you're looking to create an external outpost, you install the authentik/authentik-remote-cluster helm chart on the remote cluster. After install, it outputs a command for generating a kubeconfig. You can supply that as a variable to an authentik_service_connection_kubernetes resource.
Alternately, once the service account is created with the proper rules on the remote cluster, you can use something like Lens (or command-line-fu) to generate a kubeconfig. If it's in YAML, there are several cli tools to convert to JSON.
It's even easier if the outpost is on the local cluster, you just create a local service connection like this:
resource "authentik_service_connection_kubernetes" "local" {
name = "local"
local = true
}The full config I have, if it helps you looks like this:
resource "authentik_service_connection_kubernetes" "local" {
name = "local"
local = true
}
resource "authentik_service_connection_kubernetes" "home_k3s" {
name = "home-k3s"
kubeconfig = var.home_k3s_kubeconfig
}
resource "authentik_outpost" "proxy" {
name = "proxy"
type = "proxy"
config = jsonencode(
{
authentik_host = "https://authentik.sample.net"
authentik_host_browser = "https://authentik.sample.net"
authentik_host_insecure = false
container_image = null
docker_labels = null
docker_map_ports = true
docker_network = null
kubernetes_disabled_components = []
kubernetes_image_pull_secrets = []
kubernetes_ingress_annotations = {"cert-manager.io/cluster-issuer": "letsencrypt"}
kubernetes_ingress_class_name = null
kubernetes_ingress_secret_name = "authentik-outpost-tls-secret"
kubernetes_json_patches = null
kubernetes_namespace = "authentik"
kubernetes_replicas = 1
kubernetes_service_type = "ClusterIP"
log_level = "info"
object_naming_template = "ak-outpost-%(name)s"
}
)
service_connection = authentik_service_connection_kubernetes.local.id
protocol_providers = [
authentik_provider_proxy.sample_local.id
]
}
resource "authentik_outpost" "remote_proxy" {
name = "remote proxy"
config = jsonencode(
{
authentik_host = "https://authentik.sample.net
authentik_host_browser = "https://authentik.sample.net"
authentik_host_insecure = false
container_image = null
docker_labels = null
docker_map_ports = true
docker_network = null
kubernetes_disabled_components = []
kubernetes_image_pull_secrets = []
kubernetes_ingress_annotations = {"cert-manager.io/cluster-issuer": "letsencrypt"}
kubernetes_ingress_class_name = null
kubernetes_ingress_secret_name = "authentik-outpost-tls-secret"
kubernetes_json_patches = null
kubernetes_namespace = "authentik"
kubernetes_replicas = 1
kubernetes_service_type = "ClusterIP"
log_level = "info"
object_naming_template = "ak-outpost-%(name)s"
}
)
service_connection = authentik_service_connection_kubernetes.home_k3s.id
protocol_providers = [
authentik_provider_proxy.sample.id
]
}Hope that helps!
alexppg
Hello there!
First of all, thanks for the provider and authentik, it's awesome!
I want to create a kubernetes outpost using the authentik_outpost resource, but I'm not sure how. I understand that the config argument should contain a json that would configure that, but I'm not sure how I could get that json.
Could you please tell how to do so? Also I think it would be nice to have some examples on the provider's docs or at least a link to the json's schema.
Thanks!