diff --git a/website/docs/outposts/index.md b/website/docs/outposts/_config.md similarity index 55% rename from website/docs/outposts/index.md rename to website/docs/outposts/_config.md index f00ad1db4..50dc088b9 100644 --- a/website/docs/outposts/index.md +++ b/website/docs/outposts/_config.md @@ -1,32 +1,7 @@ ---- -title: Overview ---- - -An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts. - -![](outposts.png) - -Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the Outpost to connect to authentik. - -authentik can manage the deployment, updating and general lifecycle of an Outpost. To communicate with the underlying platforms on which the outpost is deployed, authentik has several built-in integrations. - -- If you've deployed authentik on docker-compose, authentik automatically creates an integration for the local docker socket (See [Docker](./integrations/docker.md)). -- If you've deployed authentik on Kubernetes, with `kubernetesIntegration` set to true (default), authentik automatically creates an integrations for the local Kubernetes Cluster (See [Kubernetes](./integrations/kubernetes.md)). - -To deploy an outpost with these integrations, simply select them during the creation of an Outpost. A background task is started, which creates the container/deployment. You can see that Status on the System Tasks page. - -To deploy an outpost manually, see: - -- [Kubernetes](./manual-deploy-kubernetes.md) -- [docker-compose](./manual-deploy-docker-compose.md) - -## Configuration - -Outposts fetch their configuration from authentik. Below are all the options you can set, and how they influence the outpost. - ```yaml # Log level that the outpost will set # Allowed levels: trace, debug, info, warning, error +# Applies to: non-embedded log_level: debug ######################################## # The settings below are only relevant when using a managed outpost @@ -36,27 +11,33 @@ authentik_host: https://authentik.tld/ # Disable SSL Validation for the authentik connection authentik_host_insecure: false # Optionally specify a different URL used for user-facing interactions +# Applies to: proxy outposts authentik_host_browser: # Template used for objects created (deployments/containers, services, secrets, etc) object_naming_template: ak-outpost-%(name)s # Use a specific docker image for this outpost rather than the default. This also applies to Kubernetes # outposts. +# Applies to: non-embedded container_image: ######################################## # Docker outpost specific settings ######################################## # Network the outpost container should be connected to +# Applies to: non-embedded docker_network: null # Optionally disable mapping of ports to outpost container, may be useful when using docker networks # (Available with 2021.9.4+) +# Applies to: non-embedded docker_map_ports: true # Optionally additional labels for docker containers # (Available with 2022.1.2) +# Applies to: non-embedded docker_labels: null ######################################## # Kubernetes outpost specific settings ######################################## # Replica count for the deployment of the outpost +# Applies to: non-embedded kubernetes_replicas: 1 # Namespace to deploy in, defaults to the same namespace authentik is deployed in (if available) kubernetes_namespace: authentik @@ -76,11 +57,6 @@ kubernetes_service_type: ClusterIP kubernetes_disabled_components: [] # If the above docker image is in a private repository, use these secrets to pull. # NOTE: The secret must be created manually in the namespace first. +# Applies to: non-embedded kubernetes_image_pull_secrets: [] ``` - -## Metrics - -Each authentik outpost has a Prometheus metrics endpoint accessible under port `:9300/metrics`. This endpoint is not mapped via docker, as the endpoint doesn't have any authentication. - -For the embedded outpost, the metrics of the outpost and the metrics of the core authentik server are both returned under the same endpoint. diff --git a/website/docs/outposts/embedded/embedded.md b/website/docs/outposts/embedded/embedded.mdx similarity index 72% rename from website/docs/outposts/embedded/embedded.md rename to website/docs/outposts/embedded/embedded.mdx index 08bf426ef..00da2c198 100644 --- a/website/docs/outposts/embedded/embedded.md +++ b/website/docs/outposts/embedded/embedded.mdx @@ -12,15 +12,19 @@ The embedded outpost cannot be disabled, if it doesn't make sense to use it in y ### Configuration -Since the outpost uses OAuth2, there is some configuration required. +Since authentik doesn't know it's own "primary" URL, there might be some configuration required. -On a fresh authentik install, your Outpost list will look like this: +By default, when opening the admin dashboard on a fresh install, authentik will automatically configure the outpost to use the same URL as was used to access authentik. -![](./stock.png) - -Click the edit button on the right of the column, and set the value of `authentik_host` to the URL you want to login with. +If this isn't correct, or needs to be changed, click the edit button on the right of the outpost, and set the value of `authentik_host` to the URL you want to login with. Make sure to set it to full URL, only configuring a hostname or FQDN will not work. +Additionally, most of the other configuration options can be used as with any other outpost, except from items which are marked as "non-embedded" + +import Configuration from "../_config.md"; + + + ### Routing Routing is handled like this: diff --git a/website/docs/outposts/embedded/stock.png b/website/docs/outposts/embedded/stock.png deleted file mode 100644 index b1f194633..000000000 Binary files a/website/docs/outposts/embedded/stock.png and /dev/null differ diff --git a/website/docs/outposts/index.mdx b/website/docs/outposts/index.mdx new file mode 100644 index 000000000..78ac19436 --- /dev/null +++ b/website/docs/outposts/index.mdx @@ -0,0 +1,35 @@ +--- +title: Overview +--- + +An outpost is a single deployment of a authentik component, which can be deployed in a completely separate environment. Currently, Proxy Provider and LDAP are supported as outposts. + +![](outposts.png) + +Upon creation, a service account and a token is generated. The service account only has permissions to read the outpost and provider configuration. This token is used by the Outpost to connect to authentik. + +authentik can manage the deployment, updating and general lifecycle of an Outpost. To communicate with the underlying platforms on which the outpost is deployed, authentik has several built-in integrations. + +- If you've deployed authentik on docker-compose, authentik automatically creates an integration for the local docker socket (See [Docker](./integrations/docker.md)). +- If you've deployed authentik on Kubernetes, with `kubernetesIntegration` set to true (default), authentik automatically creates an integrations for the local Kubernetes Cluster (See [Kubernetes](./integrations/kubernetes.md)). + +To deploy an outpost with these integrations, simply select them during the creation of an Outpost. A background task is started, which creates the container/deployment. You can see that Status on the System Tasks page. + +To deploy an outpost manually, see: + +- [Kubernetes](./manual-deploy-kubernetes.md) +- [docker-compose](./manual-deploy-docker-compose.md) + +## Configuration + +Outposts fetch their configuration from authentik. Below are all the options you can set, and how they influence the outpost. + +import Configuration from "./_config.md"; + + + +## Metrics + +Each authentik outpost has a Prometheus metrics endpoint accessible under port `:9300/metrics`. This endpoint is not mapped via docker, as the endpoint doesn't have any authentication. + +For the embedded outpost, the metrics of the outpost and the metrics of the core authentik server are both returned under the same endpoint.