From 96123a83b97f900b046e292a0ec940d2e19b1b5a Mon Sep 17 00:00:00 2001 From: Finn Date: Mon, 12 Aug 2024 16:39:12 -0700 Subject: [PATCH] Add traefik-forward-auth yaml that was missed in a previous commit --- k8s/operators/longhorn/ingress.yaml | 4 +- k8s/system/traefik-forward-auth.yaml | 78 ++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 k8s/system/traefik-forward-auth.yaml diff --git a/k8s/operators/longhorn/ingress.yaml b/k8s/operators/longhorn/ingress.yaml index 2ccc429..bcf67eb 100644 --- a/k8s/operators/longhorn/ingress.yaml +++ b/k8s/operators/longhorn/ingress.yaml @@ -2,9 +2,11 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: longhorn-frontend-internal + annotations: + traefik.ingress.kubernetes.io/router.middlewares: kube-system-traefik-forward-auth@kubernetescrd spec: rules: - - host: longhorn.longhorn-system.k8s + - host: longhorn.k8s.home.finn.io http: paths: - path: / diff --git a/k8s/system/traefik-forward-auth.yaml b/k8s/system/traefik-forward-auth.yaml new file mode 100644 index 0000000..326d359 --- /dev/null +++ b/k8s/system/traefik-forward-auth.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: traefik-forward-auth + namespace: kube-system + labels: + app: traefik-forward-auth +spec: + replicas: 1 + selector: + matchLabels: + app: traefik-forward-auth + strategy: + type: Recreate + template: + metadata: + labels: + app: traefik-forward-auth + spec: + terminationGracePeriodSeconds: 60 + containers: + - image: git.janky.solutions/jankysolutions/infra/traefik-forward-auth:latest + name: traefik-forward-auth + resources: + limits: + memory: "128Mi" + cpu: "500m" + ports: + - containerPort: 4181 + protocol: TCP + envFrom: + - configMapRef: + name: traefik-forward-auth + - secretRef: + name: traefik-forward-auth +--- +apiVersion: v1 +kind: Service +metadata: + name: traefik-forward-auth + namespace: kube-system +spec: + selector: + app: traefik-forward-auth + ports: + - name: auth-http + port: 4181 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: traefik-forward-auth + namespace: kube-system +spec: + forwardAuth: + address: http://traefik-forward-auth:4181 + authResponseHeaders: + - X-Forwarded-User +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: traefik-forward-auth + namespace: kube-system + annotations: + traefik.ingress.kubernetes.io/router.middlewares: kube-system-traefik-forward-auth@kubernetescrd +spec: + rules: + - host: authproxy.k8s.home.finn.io + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: traefik-forward-auth + port: + number: 4181