diff options
Diffstat (limited to 'docs/deployment/deployment-kubernetes.md')
| -rw-r--r-- | docs/deployment/deployment-kubernetes.md | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/docs/deployment/deployment-kubernetes.md b/docs/deployment/deployment-kubernetes.md deleted file mode 100644 index 103bca226..000000000 --- a/docs/deployment/deployment-kubernetes.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -layout: default -title: Deployment - Kubernetes -parent: Deployment -nav_order: 3 ---- - -# Deployment on Kubernetes - -<p> - <img src="../images/logos/kubernetes.png" width="100" style="padding-right: 10px"> -</p> - -## UNDER CONSTRUCTION - -The following areas are actively being worked on for Kubernetes: -1. Detailed Documentaiton -2. [Helm Chart (v3)](https://github.com/authelia/chartrepo) -3. Kustomize Deployment -4. Manifest Examples - -Users are welcome to reach out directly by using any of our various [contact options](../about-us.md#contact-options). - -### Important Notes - -The following section has special notes regarding utilizing Authelia with Kubernetes. - -1. Authelia (and all of your other applications) may receive an invalid remote IP if the service handling traffic to - the Kubernetes Ingress of your choice doesn't have the `externalTrafficPolicy` setting configured to `local` as per - the Kubernetes [preserving the client source ip] documentation. -2. Authelia's configuration management system conflicts with the `enableServiceLinks` option when it's set to `true` - which is the default. This shoudld be changed to `false`. - -### NGINX Ingress Controller -If you use NGINX Ingress Controller you can protect an ingress with the following annotations. -The assumptions are that your public domain where authelia is running would be https://auth.mypublicdomain.com -and there would be a service called authelia with port 80 in the default namespace. - -```yaml -annotations: - nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email - nginx.ingress.kubernetes.io/auth-signin: https://auth.mypublicdomain.com - nginx.ingress.kubernetes.io/auth-snippet: | - proxy_set_header X-Forwarded-Method $request_method; - nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local/api/verify - nginx.ingress.kubernetes.io/configuration-snippet: | - proxy_set_header X-Forwarded-Method $request_method; -``` - -## FAQ - -### RAM usage - -If using file-based authentication, the argon2id provider will by default use 1GB of RAM for password generation. This means you should allow for at least this amount in your deployment/daemonset spec and have this much available on your node, alternatively you can [tweak the providers settings](https://www.authelia.com/docs/configuration/authentication/file.html#memory). Otherwise, your Authelia may OOM during login. See [here](https://github.com/authelia/authelia/issues/1234#issuecomment-663910799) for more info. - -[preserving the client source ip]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
\ No newline at end of file |