A guide to integrating Authelia with the NGINX Kubernetes Ingress.
There are two nginx ingress controllers for Kubernetes. The Kubernetes official one ingress-nginx, and the F5 nginx official one nginx-ingress-controller. We only have integration documentation for ingress-nginx and there are no plans to support the F5 nginx-ingress-controller.
The nginx documentation may also be useful for crafting advanced snippets to use with annotations even though it’s not specific to Kubernetes.
It’s strongly recommended that users setting up Authelia for the first time take a look at our Get Started guide. This takes you through various steps which are essential to bootstrapping Authelia.
NGINX Ingress Controller (ingress-nginx)
If you use NGINX Ingress Controller (ingress-nginx) you can protect an ingress with the following annotations. The
example assumes that the public domain Authelia is served on is
https://auth.example.com and there is a
Kubernetes service with the name
authelia in the
default namespace with TCP port
80 configured to route to the
Authelia HTTP port and that your cluster is configured with the default
DNS domain name of
Important Note: The following annotations should be applied to an Ingress you wish to protect. They SHOULD NOT be applied to the Authelia Ingress itself.
annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local/api/verify nginx.ingress.kubernetes.io/auth-signin: https://auth.example.com?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Method $request_method;