From 4004de0e464b278a56add446f3e3d3195ace7e21 Mon Sep 17 00:00:00 2001
From: ties <ties@noreply.git.ties.one>
Date: Thu, 29 Aug 2024 09:05:38 +0000
Subject: [PATCH] Add templates/traefik.yaml

---
 templates/traefik.yaml | 44 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 templates/traefik.yaml

diff --git a/templates/traefik.yaml b/templates/traefik.yaml
new file mode 100644
index 0000000..f1e090b
--- /dev/null
+++ b/templates/traefik.yaml
@@ -0,0 +1,44 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  routes:
+    - kind: Rule
+      match: {{ .Values.expose.match }}
+{{- if .Values.expose.middlewares }}
+      middlewares:
+        {{ toYaml .Values.expose.middlewares }}
+{{- end }}
+      services:
+        - name: {{ .Values.expose.service.name }}
+          port: {{ .Values.expose.service.port }}
+          namespace: {{ .Values.namespace }}
+{{ if has "authentik" .Values.expose.middlewares }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authentik
+  namespace: {{ .Values.namespace }}
+spec:
+  forwardAuth:
+{{- $regexArray := mustRegexFindAll "Host[(]`[^`]+`[)]" .Values.expose.match -1 }}
+{{- $firstHost := index $regexArray 0 }}
+{{- $hostname := regexReplaceAll ".+`([^`]+)`.+" $firstHost "$1"}}
+    address: https://{{ $hostname }}/outpost.goauthentik.io/auth/traefik
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
+    trustForwardHeader: true
+{{ end }}
\ No newline at end of file