History

Allow to be run without middleware + improve request reading consistency (#217 )

Prior to this change, the request URI was only ever read from the
X-Forwarded-Uri header which was only set when the container was
accessed via the forwardauth middleware. As such, it was necessary
to apply the treafik-forward-auth middleware to the treafik-forward-auth
container when running auth host mode.
This is a quirk, unnecessary complexity and is a frequent source of
configuration issues.

2021-06-24 21:45:28 +01:00

traefik-forward-auth

Allow to be run without middleware + improve request reading consistency (#217 )

2021-06-24 21:45:28 +01:00

whoami

Rename selective auth + fix selective auth examples (#130 )

2020-05-26 14:47:14 +01:00

kustomization.yaml

Add traefik v2 kubernetes examples

2020-05-07 15:47:58 +01:00

README.md

Rename selective auth + fix selective auth examples (#130 )

2020-05-26 14:47:14 +01:00

README.md

Kubernetes - Advanced Separate Pod Example

This is an advanced example of how to deploy traefik-forward-auth in it's own pod. This example is a good starting point for those who already have traefik deployed (e.g. using helm).

This example uses Selective Authentication to selectively apply forward authentication to each selective ingresses, for example:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: whoami
  labels:
    app: whoami
spec:
  entryPoints:
    - https
  routes:
  - match: Host(`whoami.example.com`)
    kind: Rule
    services:
      - name: whoami
        port: 80
    middlewares:
      - name: traefik-forward-auth
  tls:
    certresolver: default

This example also includes SSL via traefik acme/lesencrypt, auth host mode, and leverages kustomise. A simple example "whoami" application (deployment, service and ingress) is included for completeness.

Example deployment:

# Deploy traefik-forward-auth
kubectl apply -k traefik-forward-auth

# Deploy example whoami app
kubectl apply -k whoami