authentik/website/docs/providers/proxy/_traefik_ingress.md at a5c30fd9c7e3d3b1317c43c3e6b46afaf1915666

Archived

This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.

Jens Langhammer ef23a0da52 outposts/proxy: fix traefik header regex to only match Remote- and X- headers to prevent websocket errors

closes #1969

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

2021-12-20 13:30:19 +01:00

1.1 KiB

Raw Blame History

Create a middleware:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: authentik
spec:
  forwardAuth:
    address: http://outpost.company:9000/akprox/auth/traefik
    trustForwardHeader: true
    authResponseHeadersRegex: ^(Remote|X).*$

Add the following settings to your IngressRoute

By default traefik does not allow cross-namespace references for middlewares:

See here to enable it.

spec:
  routes:
    - kind: Rule
      match: "Host(`app.company`)"
      middlewares:
        - name: authentik
          namespace: authentik
      priority: 10
      services: # Unchanged
    # This part is only required for single-app setups
    - kind: Rule
      match: "Host(`app.company`) && PathPrefix(`/akprox/`)"
      priority: 15
      services:
        - kind: Service
          # Or, to use an external Outpost, create an ExternalName service and reference that here.
          # See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
          name: ak-outpost-example-outpost
          port: 9000

1.1 KiB Raw Blame History

1.1 KiB

Raw Blame History