This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
2021-11-12 21:57:19 +00:00
|
|
|
Create a middleware:
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
|
|
kind: Middleware
|
|
|
|
metadata:
|
|
|
|
name: authentik
|
|
|
|
spec:
|
|
|
|
forwardAuth:
|
2021-11-26 12:29:38 +00:00
|
|
|
address: http://outpost.company:9000/akprox/auth/traefik
|
2021-11-12 21:57:19 +00:00
|
|
|
trustForwardHeader: true
|
|
|
|
authResponseHeaders:
|
|
|
|
- Set-Cookie
|
|
|
|
- X-authentik-username
|
|
|
|
- X-authentik-groups
|
|
|
|
- X-authentik-email
|
|
|
|
- X-authentik-name
|
|
|
|
- X-authentik-uid
|
|
|
|
```
|
|
|
|
|
|
|
|
Add the following settings to your IngressRoute
|
|
|
|
|
|
|
|
By default traefik does not allow cross-namespace references for middlewares:
|
|
|
|
|
|
|
|
See [here](https://doc.traefik.io/traefik/v2.4/providers/kubernetes-crd/#allowcrossnamespace) to enable it.
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
spec:
|
|
|
|
routes:
|
|
|
|
- kind: Rule
|
2021-11-26 12:29:38 +00:00
|
|
|
match: "Host(`app.company`)"
|
2021-11-12 21:57:19 +00:00
|
|
|
middlewares:
|
|
|
|
- name: authentik
|
|
|
|
namespace: authentik
|
|
|
|
priority: 10
|
|
|
|
services: # Unchanged
|
|
|
|
# This part is only required for single-app setups
|
|
|
|
- kind: Rule
|
2021-11-26 12:29:38 +00:00
|
|
|
match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
|
2021-11-12 21:57:19 +00:00
|
|
|
priority: 15
|
|
|
|
services:
|
|
|
|
- kind: Service
|
2021-11-26 13:08:45 +00:00
|
|
|
# Or, to use an external Outpost, create an ExternalName service and reference that here.
|
|
|
|
# See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
|
|
|
|
name: ak-outpost-example-outpost
|
2021-11-12 21:57:19 +00:00
|
|
|
port: 9000
|
|
|
|
```
|