providers/proxy: use wildcard for traefik headers copy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
60b95271eb
commit
7aa8e35f87
|
@ -20,7 +20,7 @@ class TraefikMiddlewareSpecForwardAuth:
|
||||||
|
|
||||||
address: str
|
address: str
|
||||||
# pylint: disable=invalid-name
|
# pylint: disable=invalid-name
|
||||||
authResponseHeaders: list[str]
|
authResponseHeadersRegex: str
|
||||||
# pylint: disable=invalid-name
|
# pylint: disable=invalid-name
|
||||||
trustForwardHeader: bool
|
trustForwardHeader: bool
|
||||||
|
|
||||||
|
@ -108,21 +108,7 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
|
||||||
spec=TraefikMiddlewareSpec(
|
spec=TraefikMiddlewareSpec(
|
||||||
forwardAuth=TraefikMiddlewareSpecForwardAuth(
|
forwardAuth=TraefikMiddlewareSpecForwardAuth(
|
||||||
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
|
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
|
||||||
authResponseHeaders=[
|
authResponseHeadersRegex="^.*$",
|
||||||
"Set-Cookie",
|
|
||||||
# Legacy headers, remove after 2022.1
|
|
||||||
"X-Auth-Username",
|
|
||||||
"X-Auth-Groups",
|
|
||||||
"X-Forwarded-Email",
|
|
||||||
"X-Forwarded-Preferred-Username",
|
|
||||||
"X-Forwarded-User",
|
|
||||||
# New headers, unique prefix
|
|
||||||
"X-authentik-username",
|
|
||||||
"X-authentik-groups",
|
|
||||||
"X-authentik-email",
|
|
||||||
"X-authentik-name",
|
|
||||||
"X-authentik-uid",
|
|
||||||
],
|
|
||||||
trustForwardHeader=True,
|
trustForwardHeader=True,
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
|
|
|
@ -50,7 +50,7 @@ services:
|
||||||
traefik.http.routers.authentik.tls: true
|
traefik.http.routers.authentik.tls: true
|
||||||
traefik.http.middlewares.authentik.forwardauth.address: http://outpost.company:9000/akprox/auth/traefik
|
traefik.http.middlewares.authentik.forwardauth.address: http://outpost.company:9000/akprox/auth/traefik
|
||||||
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
|
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
|
||||||
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
|
traefik.http.middlewares.authentik.forwardauth.authResponseHeadersRegex: ^.*$
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
||||||
whoami:
|
whoami:
|
||||||
|
|
|
@ -9,13 +9,7 @@ spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: http://outpost.company:9000/akprox/auth/traefik
|
address: http://outpost.company:9000/akprox/auth/traefik
|
||||||
trustForwardHeader: true
|
trustForwardHeader: true
|
||||||
authResponseHeaders:
|
authResponseHeadersRegex: ^.*$
|
||||||
- Set-Cookie
|
|
||||||
- X-authentik-username
|
|
||||||
- X-authentik-groups
|
|
||||||
- X-authentik-email
|
|
||||||
- X-authentik-name
|
|
||||||
- X-authentik-uid
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Add the following settings to your IngressRoute
|
Add the following settings to your IngressRoute
|
||||||
|
|
|
@ -5,13 +5,7 @@ http:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: http://outpost.company:9000/akprox/auth/traefik
|
address: http://outpost.company:9000/akprox/auth/traefik
|
||||||
trustForwardHeader: true
|
trustForwardHeader: true
|
||||||
authResponseHeaders:
|
authResponseHeadersRegex: ^.*$
|
||||||
- Set-Cookie
|
|
||||||
- X-authentik-username
|
|
||||||
- X-authentik-groups
|
|
||||||
- X-authentik-email
|
|
||||||
- X-authentik-name
|
|
||||||
- X-authentik-uid
|
|
||||||
routers:
|
routers:
|
||||||
default-router:
|
default-router:
|
||||||
rule: "Host(`app.company`)"
|
rule: "Host(`app.company`)"
|
||||||
|
|
Reference in a new issue