2021-11-12 21:57:19 +00:00
|
|
|
Create a middleware:
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
|
|
kind: Middleware
|
|
|
|
metadata:
|
|
|
|
name: authentik
|
|
|
|
spec:
|
|
|
|
forwardAuth:
|
2021-11-26 12:29:38 +00:00
|
|
|
address: http://outpost.company:9000/akprox/auth/traefik
|
2021-11-12 21:57:19 +00:00
|
|
|
trustForwardHeader: true
|
2021-12-20 20:37:22 +00:00
|
|
|
authResponseHeadersRegex: ^(Auth|Remote|X).*$
|
2021-11-12 21:57:19 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
Add the following settings to your IngressRoute
|
|
|
|
|
|
|
|
By default traefik does not allow cross-namespace references for middlewares:
|
|
|
|
|
|
|
|
See [here](https://doc.traefik.io/traefik/v2.4/providers/kubernetes-crd/#allowcrossnamespace) to enable it.
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
spec:
|
|
|
|
routes:
|
|
|
|
- kind: Rule
|
2021-11-26 12:29:38 +00:00
|
|
|
match: "Host(`app.company`)"
|
2021-11-12 21:57:19 +00:00
|
|
|
middlewares:
|
|
|
|
- name: authentik
|
|
|
|
namespace: authentik
|
|
|
|
priority: 10
|
|
|
|
services: # Unchanged
|
|
|
|
# This part is only required for single-app setups
|
|
|
|
- kind: Rule
|
2021-11-26 12:29:38 +00:00
|
|
|
match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
|
2021-11-12 21:57:19 +00:00
|
|
|
priority: 15
|
|
|
|
services:
|
|
|
|
- kind: Service
|
2021-11-26 13:08:45 +00:00
|
|
|
# Or, to use an external Outpost, create an ExternalName service and reference that here.
|
|
|
|
# See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
|
|
|
|
name: ak-outpost-example-outpost
|
2021-11-12 21:57:19 +00:00
|
|
|
port: 9000
|
|
|
|
```
|