53 lines
1.5 KiB
YAML
53 lines
1.5 KiB
YAML
{{- if .Values.expose }}
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: {{ .Values.name }}
|
|
namespace: {{ .Values.namespace }}
|
|
spec:
|
|
routes:
|
|
- kind: Rule
|
|
match: {{ .Values.expose.match }}
|
|
{{- if .Values.expose.middlewares }}
|
|
middlewares:
|
|
{{ toYaml .Values.expose.middlewares }}
|
|
{{- end }}
|
|
services:
|
|
- name: {{ .Values.expose.service.name }}
|
|
port: {{ .Values.expose.service.port }}
|
|
namespace: {{ .Values.namespace }}
|
|
|
|
{{- $authentikMiddleware := false }}
|
|
{{- range .Values.expose.middlewares }}
|
|
{{- if eq .name "authentik" }}
|
|
{{- $authentikMiddleware = true }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if $authentikMiddleware }}
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: authentik
|
|
namespace: {{ .Values.namespace }}
|
|
spec:
|
|
forwardAuth:
|
|
{{- $regexArray := mustRegexFindAll "Host[(]`[^`]+`[)]" .Values.expose.match -1 }}
|
|
{{- $firstHost := index $regexArray 0 }}
|
|
{{- $hostname := regexReplaceAll ".+`([^`]+)`.?" $firstHost "$1"}}
|
|
address: https://{{ $hostname }}/outpost.goauthentik.io/auth/traefik
|
|
authResponseHeaders:
|
|
- X-authentik-username
|
|
- X-authentik-groups
|
|
- X-authentik-email
|
|
- X-authentik-name
|
|
- X-authentik-uid
|
|
- X-authentik-jwt
|
|
- X-authentik-meta-jwks
|
|
- X-authentik-meta-outpost
|
|
- X-authentik-meta-provider
|
|
- X-authentik-meta-app
|
|
- X-authentik-meta-version
|
|
trustForwardHeader: true
|
|
{{- end }}
|
|
{{- end }} |