trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/docs/providers/proxy/_traefik_ingress.md

1.2 KiB
Raw Blame History

Create a middleware:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: authentik
spec:
  forwardAuth:
    address: http://authentik-outpost-example-outpost:9000/akprox/auth/traefik
    trustForwardHeader: true
    authResponseHeaders:
      - Set-Cookie
      - X-authentik-username
      - X-authentik-groups
      - X-authentik-email
      - X-authentik-name
      - X-authentik-uid

Add the following settings to your IngressRoute

:::warning By default traefik does not allow cross-namespace references for middlewares:

See here to enable it. :::

spec:
  routes:
    - kind: Rule
      match: "Host(`*external host that you configured in authentik*`)"
      middlewares:
        - name: authentik
          namespace: authentik
      priority: 10
      services: # Unchanged
    # This part is only required for single-app setups
    - kind: Rule
      match: "Host(`*external host that you configured in authentik*`) && PathPrefix(`/akprox/`)"
      priority: 15
      services:
        - kind: Service
          name: authentik-outpost-example-outpost
          port: 9000