acrescenta ingress do outpost de autenticação

RJ-SMTR · Apr 19, 2024 · 47944ab · 47944ab
1 parent f313482
commit 47944ab
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 3 deletions.
diff --git a/.github/workflows/cd-stag.yaml b/.github/workflows/cd-stag.yaml
@@ -91,5 +91,5 @@ jobs:
       - name: Deploy
         run: |-
           envsubst < ./k8s/deployment-staging.yaml > deployment.yml
-          kubectl apply -n operacao-chuva-staging -f deployment.yml
+          kubectl apply -f deployment.yml
           kubectl get services -n operacao-chuva-staging -o wide
diff --git a/k8s/deployment-staging.yaml b/k8s/deployment-staging.yaml
@@ -201,19 +201,26 @@ spec:
   selector:
     app: operacao-chuva
 ---
-# Ingress
+# Ingress App
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: operacao-chuva-ingress
   namespace: operacao-chuva-staging
-
   annotations:
     kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/rewrite-target: /
     cert-manager.io/issuer: "letsencrypt-staging"
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/proxy-body-size: 200m
+    nginx.ingress.kubernetes.io/auth-response-headers: >-
+      Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+    nginx.ingress.kubernetes.io/auth-signin: >-
+      https://operacao-chuva-staging.mobilidade.rio/outpost.goauthentik.io/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-snippet: |
+      proxy_set_header X-Forwarded-Host $http_host;
+    nginx.ingress.kubernetes.io/auth-url: >-
+      http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
 spec:
   tls:
     - hosts:
@@ -231,6 +238,34 @@ spec:
                 port:
                   number: 80
 ---
+# Ingress Outpost
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+    name: operacao-chuva-staging-outpost
+    namespace: authentik
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      cert-manager.io/issuer: "letsencrypt-staging"    
+spec:
+    tls:
+    - hosts:
+        - operacao-chuva-staging.mobilidade.rio
+      secretName: operacao-chuva-tls
+    rules:
+        - host: operacao-chuva-staging.mobilidade.rio
+          http:
+              paths:
+                  - path: /outpost.goauthentik.io
+                    pathType: Prefix
+                    backend:
+                        # Or, to use an external Outpost, create an ExternalName service and reference that here.
+                        # See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
+                        service:
+                            name: ak-outpost-authentik-embedded-outpost
+                            port:
+                                number: http
+---
 # Issuer
 apiVersion: cert-manager.io/v1
 kind: Issuer