providers/proxy: use wildcard for traefik headers copy

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-01 20:19:35 +01:00
parent 60b95271eb
commit 7aa8e35f87
4 changed files with 5 additions and 31 deletions

View file

@ -20,7 +20,7 @@ class TraefikMiddlewareSpecForwardAuth:
address: str
# pylint: disable=invalid-name
authResponseHeaders: list[str]
authResponseHeadersRegex: str
# pylint: disable=invalid-name
trustForwardHeader: bool
@ -108,21 +108,7 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
spec=TraefikMiddlewareSpec(
forwardAuth=TraefikMiddlewareSpecForwardAuth(
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
authResponseHeaders=[
"Set-Cookie",
# Legacy headers, remove after 2022.1
"X-Auth-Username",
"X-Auth-Groups",
"X-Forwarded-Email",
"X-Forwarded-Preferred-Username",
"X-Forwarded-User",
# New headers, unique prefix
"X-authentik-username",
"X-authentik-groups",
"X-authentik-email",
"X-authentik-name",
"X-authentik-uid",
],
authResponseHeadersRegex="^.*$",
trustForwardHeader=True,
)
),

View file

@ -50,7 +50,7 @@ services:
traefik.http.routers.authentik.tls: true
traefik.http.middlewares.authentik.forwardauth.address: http://outpost.company:9000/akprox/auth/traefik
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
traefik.http.middlewares.authentik.forwardauth.authResponseHeadersRegex: ^.*$
restart: unless-stopped
whoami:

View file

@ -9,13 +9,7 @@ spec:
forwardAuth:
address: http://outpost.company:9000/akprox/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- Set-Cookie
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
authResponseHeadersRegex: ^.*$
```
Add the following settings to your IngressRoute

View file

@ -5,13 +5,7 @@ http:
forwardAuth:
address: http://outpost.company:9000/akprox/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- Set-Cookie
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
authResponseHeadersRegex: ^.*$
routers:
default-router:
rule: "Host(`app.company`)"