authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

Kubernetes Proxy Outposts - remove insecure http default

Open mzhaase opened this issue 1 year ago • 0 comments

Describe the bug Using kubernetes integration and a proxy outpost, the proxy outpost will create an ingress for every application. That ingress will use http to connect to the outpost. This is an insecure default and can only be changed by adding a json patch under advanced options.

To Reproduce Steps to reproduce the behavior:

  1. Create application with wizard
  2. Select Forward Auth (Single Application)
  3. Create an proxy outpost using local kubernetes cluster integration and the created application.

Expected behavior The created ingress should use port.name = https. It should also add applicable annotations.

ingress-nginx:

nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

Version and Deployment (please complete the following information):

  • authentik version: 2024.8.2
  • Deployment: helm

mzhaase avatar Oct 17 '24 12:10 mzhaase