Podman authentik kubefile with traefik.
Table of Contents
Authentik Instance
---
apiVersion: v1
kind: Pod
metadata:
labels:
app: authentik
io.containers.autoupdate: registry
traefik.enable: true
traefik.docker.network: proxy
traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme: https
traefik.http.routers.authentik-secure.entrypoints: https
traefik.http.routers.authentik-secure.rule: Host(`auth.domain`)
traefik.http.routers.authentik-secure.service: authentik
traefik.http.routers.authentik-secure.tls: true
traefik.http.routers.authentik-secure.tls.certresolver: letsencrypt
traefik.http.routers.authentik.entrypoints: http
traefik.http.routers.authentik.middlewares: authentik-https-redirect
traefik.http.routers.authentik.rule: Host(`auth.domain`)
traefik.http.services.authentik.loadbalancer.server.port: 9000
name: authentik
spec:
containers:
- name: postgresql
image: docker.io/library/postgres:16-alpine
env:
- name: POSTGRES_DB
value: authentik
- name: POSTGRES_USER
value: authentik
- name: POSTGRES_PASSWORD
value: ""
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: authentik-postgresql
healthcheck:
exec:
command: ["pg_isready", "-d", "${POSTGRES_DB}", "-U", "${POSTGRES_USER}"]
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 5
- name: redis
image: docker.io/library/redis:alpine
command: ["redis-server", "--save", "60", "1", "--loglevel", "warning"]
volumeMounts:
- mountPath: /data
name: authentik-redis
healthcheck:
exec:
command: ["redis-cli ping | grep PONG"]
periodSeconds: 30
timeoutSeconds: 3
failureThreshold: 5
- name: server
image: ghcr.io/goauthentik/server:latest
args: ["server"]
env:
- name: AUTHENTIK_REDIS__HOST
value: redis
- name: AUTHENTIK_POSTGRESQL__HOST
value: postgresql
- name: AUTHENTIK_POSTGRESQL__USER
value: authentik
- name: AUTHENTIK_POSTGRESQL__NAME
value: authentik
- name: AUTHENTIK_POSTGRESQL__PASSWORD
value: ""
- name: AUTHENTIK_SECRET_KEY
value: ""
securityContext:
runAsUser: 1000
volumeMounts:
- mountPath: /media
name: media
- mountPath: /templates
name: custom-templates
- name: worker
image: ghcr.io/goauthentik/server:latest
args: ["worker"]
env:
- name: AUTHENTIK_REDIS__HOST
value: redis
- name: AUTHENTIK_POSTGRESQL__HOST
value: postgresql
- name: AUTHENTIK_POSTGRESQL__USER
value: authentik
- name: AUTHENTIK_POSTGRESQL__NAME
value: authentik
- name: AUTHENTIK_POSTGRESQL__PASSWORD
value: ""
- name: AUTHENTIK_SECRET_KEY
value: ""
securityContext:
runAsUser: 1000
volumeMounts:
- mountPath: /media
name: media
- mountPath: /templates
name: custom-templates
volumes:
- name: authentik-postgresql
persistentVolumeClaim:
claimName: authentik-postgresql
- name: authentik-redis
persistentVolumeClaim:
claimName: authentik-redis
- name: media
hostPath:
path: /opt/container/authentik/media
type: DirectoryOrCreate
- name: custom-templates
hostPath:
path: /opt/container/authentik/custom-templates
type: DirectoryOrCreate
Authentik Proxy
---
apiVersion: v1
kind: Pod
metadata:
labels:
app: authentik-proxy
io.containers.autoupdate: registry
traefik.enable: true
traefik.docker.network: proxy
traefik.http.routers.authentik-proxy.rule: "PathPrefix(`/outpost.goauthentik.io/`)"
traefik.http.routers.authentik-proxy.service: authentik-proxy
traefik.http.services.authentik-proxy.loadbalancer.server.port: 9000
name: authentik-proxy
spec:
containers:
- name: main
image: ghcr.io/goauthentik/proxy:latest
env:
- name: AUTHENTIK_HOST
value: https://auth.domain
- name: AUTHENTIK_INSECURE
value: "false"
- name: AUTHENTIK_TOKEN
value: ""