2021-11-12 21:57:19 +00:00
|
|
|
Create a middleware:
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
|
|
kind: Middleware
|
|
|
|
metadata:
|
|
|
|
name: authentik
|
|
|
|
spec:
|
|
|
|
forwardAuth:
|
2022-02-08 19:25:38 +00:00
|
|
|
address: http://outpost.company:9000/outpost.goauthentik.io/auth/traefik
|
2021-11-12 21:57:19 +00:00
|
|
|
trustForwardHeader: true
|
2021-12-22 14:30:01 +00:00
|
|
|
authResponseHeaders:
|
|
|
|
- X-authentik-username
|
|
|
|
- X-authentik-groups
|
|
|
|
- X-authentik-email
|
|
|
|
- X-authentik-name
|
|
|
|
- X-authentik-uid
|
|
|
|
- X-authentik-jwt
|
|
|
|
- X-authentik-meta-jwks
|
|
|
|
- X-authentik-meta-outpost
|
|
|
|
- X-authentik-meta-provider
|
|
|
|
- X-authentik-meta-app
|
|
|
|
- X-authentik-meta-version
|
2021-11-12 21:57:19 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
Add the following settings to your IngressRoute
|
|
|
|
|
|
|
|
By default traefik does not allow cross-namespace references for middlewares:
|
|
|
|
|
|
|
|
See [here](https://doc.traefik.io/traefik/v2.4/providers/kubernetes-crd/#allowcrossnamespace) to enable it.
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
spec:
|
|
|
|
routes:
|
|
|
|
- kind: Rule
|
2021-11-26 12:29:38 +00:00
|
|
|
match: "Host(`app.company`)"
|
2021-11-12 21:57:19 +00:00
|
|
|
middlewares:
|
|
|
|
- name: authentik
|
|
|
|
namespace: authentik
|
|
|
|
priority: 10
|
|
|
|
services: # Unchanged
|
|
|
|
# This part is only required for single-app setups
|
|
|
|
- kind: Rule
|
2022-02-08 19:25:38 +00:00
|
|
|
match: "Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
2021-11-12 21:57:19 +00:00
|
|
|
priority: 15
|
|
|
|
services:
|
|
|
|
- kind: Service
|
2021-11-26 13:08:45 +00:00
|
|
|
# Or, to use an external Outpost, create an ExternalName service and reference that here.
|
|
|
|
# See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
|
|
|
|
name: ak-outpost-example-outpost
|
2021-11-12 21:57:19 +00:00
|
|
|
port: 9000
|
|
|
|
```
|