goauthentik · BeryJu · Jun 5, 2025 · Jun 5, 2025
@@ -10,117 +10,95 @@ Afterwards, configure the proxy provider to connect to `<service name>.<namespac
 apiVersion: v1
 kind: Secret
 metadata:
-  labels:
-    app.kubernetes.io/instance: __OUTPOST_NAME__
-    app.kubernetes.io/managed-by: goauthentik.io
-    app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.12.3
-  name: authentik-outpost-api
-stringData:
-  authentik_host: "__AUTHENTIK_URL__"
-  authentik_host_insecure: "true"
-  token: "__AUTHENTIK_TOKEN__"
+    labels:
+        app.kubernetes.io/instance: __OUTPOST_NAME__
+        app.kubernetes.io/name: authentik-outpost
+    name: authentik-outpost-api
 type: Opaque
+stringData:
+    AUTHENTIK_HOST: "__AUTHENTIK_URL__"
+    AUTHENTIK_INSECURE: "true"
+    AUTHENTIK_TOKEN: "__AUTHENTIK_TOKEN__"
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  labels:
-    app.kubernetes.io/instance: __OUTPOST_NAME__
-    app.kubernetes.io/managed-by: goauthentik.io
-    app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.12.3
-  name: authentik-outpost
+    labels:
+        app.kubernetes.io/instance: __OUTPOST_NAME__
+        app.kubernetes.io/name: authentik-outpost
+    name: authentik-outpost
 spec:
-  ports:
-    - name: http
-      port: 9000
-      protocol: TCP
-      targetPort: http
-    - name: https
-      port: 9443
-      protocol: TCP
-      targetPort: https
-  type: ClusterIP
-  selector:
-    app.kubernetes.io/managed-by: goauthentik.io
-    app.kubernetes.io/name: authentik-outpost
-    app.kubernetes.io/instance: __OUTPOST_NAME__
+    ports:
+        - name: http
+          port: 9000
+          protocol: TCP
+          targetPort: http
+        - name: https
+          port: 9443
+          protocol: TCP
+          targetPort: https
+    type: ClusterIP
+    selector:
+        app.kubernetes.io/instance: __OUTPOST_NAME__
+        app.kubernetes.io/name: authentik-outpost
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  labels:
-    app.kubernetes.io/instance: __OUTPOST_NAME__
-    app.kubernetes.io/managed-by: goauthentik.io
-    app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.12.3
-  name: authentik-outpost
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: __OUTPOST_NAME__
-      app.kubernetes.io/managed-by: goauthentik.io
-      app.kubernetes.io/name: authentik-proxy
-      app.kubernetes.io/version: 2021.12.3
-  template:
-    metadata:
-      labels:
+    labels:
         app.kubernetes.io/instance: __OUTPOST_NAME__
-        app.kubernetes.io/managed-by: goauthentik.io
-        app.kubernetes.io/name: authentik-proxy
-        app.kubernetes.io/version: 2021.12.3
-    spec:
-      containers:
-        - env:
-          - name: AUTHENTIK_HOST
-            valueFrom:
-              secretKeyRef:
-                key: authentik_host
-                name: authentik-outpost-api
-          - name: AUTHENTIK_TOKEN
-            valueFrom:
-              secretKeyRef:
-                key: token
-                name: authentik-outpost-api
-          - name: AUTHENTIK_INSECURE
-            valueFrom:
-              secretKeyRef:
-                key: authentik_host_insecure
-                name: authentik-outpost-api
-        image: ghcr.io/goauthentik/proxy
-        name: proxy
-        ports:
-          - containerPort: 9000
-            name: http
-            protocol: TCP
-          - containerPort: 9443
-            name: https
-            protocol: TCP
+        app.kubernetes.io/name: authentik-outpost
+    name: authentik-outpost
+spec:
+    selector:
+        matchLabels:
+            app.kubernetes.io/instance: __OUTPOST_NAME__
+            app.kubernetes.io/name: authentik-outpost
+    template:
+        metadata:
+            labels:
+                app.kubernetes.io/instance: __OUTPOST_NAME__
+                app.kubernetes.io/name: authentik-outpost
+        spec:
+            containers:
+                - image: ghcr.io/goauthentik/proxy
+                  name: proxy
+                  ports:
+                      - containerPort: 9000
+                        name: http
+                        protocol: TCP
+                      - containerPort: 9443
+                        name: https
+                        protocol: TCP
+                  envFrom:
+                      - secretRef:
+                            name: authentik-outpost-api
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  annotations:
-    nginx.ingress.kubernetes.io/affinity: cookie
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
-    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
-    traefik.ingress.kubernetes.io/affinity: "true"
-  labels:
-    app.kubernetes.io/instance: __OUTPOST_NAME__
-    app.kubernetes.io/managed-by: goauthentik.io
-    app.kubernetes.io/name: authentik-proxy
-    app.kubernetes.io/version: 2021.12.3
-  name: authentik-outpost
+    annotations:
+        # This example includes annotations for common ingress controllers,
+        # remove annotations not used
+        nginx.ingress.kubernetes.io/affinity: cookie
+        nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
+        nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
+        traefik.ingress.kubernetes.io/affinity: "true"
+    labels:
+        app.kubernetes.io/instance: __OUTPOST_NAME__
+        app.kubernetes.io/name: authentik-outpost
+    name: authentik-outpost
 spec:
-  rules:
-  - host: __EXTERNAL_HOSTNAME__
-    http:
-      paths:
-      - backend:
-          service:
-            name: authentik-outpost
-            port:
-              name: http
-        path: /
+    ingressClassName: nginx
+    rules:
+        - host: __EXTERNAL_HOSTNAME__
+          http:
+              paths:
+                  - path: /
+                    pathType: Prefix
+                    backend:
+                        service:
+                            name: authentik-outpost
+                            port:
+                                name: http
 ```