providers/proxy: use wildcard for traefik headers copy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
60b95271eb
commit
7aa8e35f87
|
@ -20,7 +20,7 @@ class TraefikMiddlewareSpecForwardAuth:
|
|||
|
||||
address: str
|
||||
# pylint: disable=invalid-name
|
||||
authResponseHeaders: list[str]
|
||||
authResponseHeadersRegex: str
|
||||
# pylint: disable=invalid-name
|
||||
trustForwardHeader: bool
|
||||
|
||||
|
@ -108,21 +108,7 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
|
|||
spec=TraefikMiddlewareSpec(
|
||||
forwardAuth=TraefikMiddlewareSpecForwardAuth(
|
||||
address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
|
||||
authResponseHeaders=[
|
||||
"Set-Cookie",
|
||||
# Legacy headers, remove after 2022.1
|
||||
"X-Auth-Username",
|
||||
"X-Auth-Groups",
|
||||
"X-Forwarded-Email",
|
||||
"X-Forwarded-Preferred-Username",
|
||||
"X-Forwarded-User",
|
||||
# New headers, unique prefix
|
||||
"X-authentik-username",
|
||||
"X-authentik-groups",
|
||||
"X-authentik-email",
|
||||
"X-authentik-name",
|
||||
"X-authentik-uid",
|
||||
],
|
||||
authResponseHeadersRegex="^.*$",
|
||||
trustForwardHeader=True,
|
||||
)
|
||||
),
|
||||
|
|
|
@ -50,7 +50,7 @@ services:
|
|||
traefik.http.routers.authentik.tls: true
|
||||
traefik.http.middlewares.authentik.forwardauth.address: http://outpost.company:9000/akprox/auth/traefik
|
||||
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
|
||||
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
|
||||
traefik.http.middlewares.authentik.forwardauth.authResponseHeadersRegex: ^.*$
|
||||
restart: unless-stopped
|
||||
|
||||
whoami:
|
||||
|
|
|
@ -9,13 +9,7 @@ spec:
|
|||
forwardAuth:
|
||||
address: http://outpost.company:9000/akprox/auth/traefik
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- Set-Cookie
|
||||
- X-authentik-username
|
||||
- X-authentik-groups
|
||||
- X-authentik-email
|
||||
- X-authentik-name
|
||||
- X-authentik-uid
|
||||
authResponseHeadersRegex: ^.*$
|
||||
```
|
||||
|
||||
Add the following settings to your IngressRoute
|
||||
|
|
|
@ -5,13 +5,7 @@ http:
|
|||
forwardAuth:
|
||||
address: http://outpost.company:9000/akprox/auth/traefik
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- Set-Cookie
|
||||
- X-authentik-username
|
||||
- X-authentik-groups
|
||||
- X-authentik-email
|
||||
- X-authentik-name
|
||||
- X-authentik-uid
|
||||
authResponseHeadersRegex: ^.*$
|
||||
routers:
|
||||
default-router:
|
||||
rule: "Host(`app.company`)"
|
||||
|
|
Reference in a new issue