From a6a8eddf7cfaa1437d610859e45815c1c703c50b Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 9 May 2021 12:40:44 +0200
Subject: [PATCH] providers/proxy: create ingress for forward_auth /akprox path

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 .../proxy/controllers/k8s/ingress.py          | 45 ++++++++++++-------
 1 file changed, 30 insertions(+), 15 deletions(-)

diff --git a/authentik/providers/proxy/controllers/k8s/ingress.py b/authentik/providers/proxy/controllers/k8s/ingress.py
index ead62326b..e6356a244 100644
--- a/authentik/providers/proxy/controllers/k8s/ingress.py
+++ b/authentik/providers/proxy/controllers/k8s/ingress.py
@@ -101,26 +101,41 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
         tls_hosts = []
         for proxy_provider in ProxyProvider.objects.filter(
             outpost__in=[self.controller.outpost],
-            forward_auth_mode=False,
         ):
             proxy_provider: ProxyProvider
             external_host_name = urlparse(proxy_provider.external_host)
             if external_host_name.scheme == "https":
                 tls_hosts.append(external_host_name.hostname)
-            rule = NetworkingV1beta1IngressRule(
-                host=external_host_name.hostname,
-                http=NetworkingV1beta1HTTPIngressRuleValue(
-                    paths=[
-                        NetworkingV1beta1HTTPIngressPath(
-                            backend=NetworkingV1beta1IngressBackend(
-                                service_name=self.name,
-                                service_port="http",
-                            ),
-                            path="/",
-                        )
-                    ]
-                ),
-            )
+            if proxy_provider.forward_auth_mode:
+                rule = NetworkingV1beta1IngressRule(
+                    host=external_host_name.hostname,
+                    http=NetworkingV1beta1HTTPIngressRuleValue(
+                        paths=[
+                            NetworkingV1beta1HTTPIngressPath(
+                                backend=NetworkingV1beta1IngressBackend(
+                                    service_name=self.name,
+                                    service_port="http",
+                                ),
+                                path="/akprox",
+                            )
+                        ]
+                    ),
+                )
+            else:
+                rule = NetworkingV1beta1IngressRule(
+                    host=external_host_name.hostname,
+                    http=NetworkingV1beta1HTTPIngressRuleValue(
+                        paths=[
+                            NetworkingV1beta1HTTPIngressPath(
+                                backend=NetworkingV1beta1IngressBackend(
+                                    service_name=self.name,
+                                    service_port="http",
+                                ),
+                                path="/",
+                            )
+                        ]
+                    ),
+                )
             rules.append(rule)
         if not rules:
             self.logger.debug("No providers use proxying, no ingress needed")