summaryrefslogtreecommitdiff
path: root/docs/content/en/integration/kubernetes/nginx-ingress.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/content/en/integration/kubernetes/nginx-ingress.md')
-rw-r--r--docs/content/en/integration/kubernetes/nginx-ingress.md41
1 files changed, 41 insertions, 0 deletions
diff --git a/docs/content/en/integration/kubernetes/nginx-ingress.md b/docs/content/en/integration/kubernetes/nginx-ingress.md
new file mode 100644
index 000000000..b8b949351
--- /dev/null
+++ b/docs/content/en/integration/kubernetes/nginx-ingress.md
@@ -0,0 +1,41 @@
+---
+title: "NGINX Ingress"
+description: "A guide to integrating Authelia with the NGINX Kubernetes Ingress."
+lead: "A guide to integrating Authelia with the NGINX Kubernetes Ingress."
+date: 2022-05-15T13:52:27+10:00
+draft: false
+images: []
+menu:
+ integration:
+ parent: "kubernetes"
+weight: 530
+toc: true
+---
+
+There are two nginx ingress controllers for Kubernetes. The Kubernetes official one [ingress-nginx], and the F5 nginx
+official one [nginx-ingress-controller]. Currently we only have support docs for [ingress-nginx].
+
+The [nginx documentation](../proxies/nginx.md) may also be useful for crafting advanced snippets to use with annotations
+even though it's not specific to Kubernetes.
+
+## NGINX Ingress Controller (ingress-nginx)
+
+If you use NGINX Ingress Controller (ingress-nginx) you can protect an ingress with the following annotations. The
+example assumes that the public domain Authelia is served on is `https://auth.example.com` and there is a
+Kubernetes service with the name `authelia` in the `default` namespace with TCP port `80` configured to route to the
+Authelia HTTP port and that your cluster is configured with the default
+DNS domain name of `cluster.local`.
+
+### Ingress Annotations
+
+```yaml
+annotations:
+ nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+ nginx.ingress.kubernetes.io/auth-signin: https://auth.example.com
+ nginx.ingress.kubernetes.io/auth-snippet: |
+ proxy_set_header X-Forwarded-Method $request_method;
+ nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local/api/verify
+```
+
+[ingress-nginx]: https://kubernetes.github.io/ingress-nginx/
+[nginx-ingress-controller]: https://docs.nginx.com/nginx-ingress-controller/