Add traefik-forward-auth yaml that was missed in a previous commit

2024-08-12 16:39:12 -07:00 · 2024-08-12 16:39:12 -07:00 · 96123a83b9
commit 96123a83b9
parent 24e3dbfa7f
2 changed files with 81 additions and 1 deletions
--- a/k8s/operators/longhorn/ingress.yaml
+++ b/k8s/operators/longhorn/ingress.yaml
@ -2,9 +2,11 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: longhorn-frontend-internal
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-traefik-forward-auth@kubernetescrd
 spec:
  rules:
-    - host: longhorn.longhorn-system.k8s
+    - host: longhorn.k8s.home.finn.io
      http:
        paths:
          - path: /
--- a/k8s/system/traefik-forward-auth.yaml
+++ b/k8s/system/traefik-forward-auth.yaml
@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: traefik-forward-auth
+  namespace: kube-system
+  labels:
+    app: traefik-forward-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: traefik-forward-auth
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: traefik-forward-auth
+    spec:
+      terminationGracePeriodSeconds: 60
+      containers:
+      - image: git.janky.solutions/jankysolutions/infra/traefik-forward-auth:latest
+        name: traefik-forward-auth
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        ports:
+        - containerPort: 4181
+          protocol: TCP
+        envFrom:
+          - configMapRef:
+              name: traefik-forward-auth
+          - secretRef:
+              name: traefik-forward-auth
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-forward-auth
+  namespace: kube-system
+spec:
+  selector:
+    app: traefik-forward-auth
+  ports:
+  - name: auth-http
+    port: 4181
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: traefik-forward-auth
+  namespace: kube-system
+spec:
+  forwardAuth:
+    address: http://traefik-forward-auth:4181
+    authResponseHeaders:
+      - X-Forwarded-User
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: traefik-forward-auth
+  namespace: kube-system
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-traefik-forward-auth@kubernetescrd
+spec:
+  rules:
+  - host: authproxy.k8s.home.finn.io
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: traefik-forward-auth
+            port: 
+              number: 4181