Setting up a page to authenticate and protect an unauthenticated page using Authentik, from a kubernetes cluster isn’t as well documented if your primary ingress is nginx. Traefik seems to be more popular and better documented. Authentik does have some documentation but there are a couple clarifying steps missing. docs.goauthentik.io/docs/add-secure-apps/providers/proxy/server_nginx For starters, create the group that will be assigned the app, users do not need to be assigned yet. Then create an application and a provider using the Wizard.

I want to authenticate to work on my kubernetes (k3s) cluster not for any particular reason but specifically for knowledges sake. Following this I was able to get most of the way but there were a couple caveats and it doesn’t seem to be documented that many places. I’m not sure if it’s because it’s a bare metal situation and most k8 clusters are run on hyperscalers or if it’s just not something that’s usually done.