habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95d6ffe898b24286c08de1ff7e86442e51a87d8f
authentik/docs/topics/add-secure-apps/providers/proxy/_traefik_ingress.md
Teffen Ellis 582812b3ec website: Flesh out docs split. 
website: Copy files during build.

website: Allow for mixed env builds.

website: Reduce build size.

website: Expose build.

website: Add build memory debugging.

WIP: Disable broken links check to compare memory usage.

website: Update deps.

website: Clean up API paths.

website: Flesh out 3.8 fixes.

Format.

website: Update ignore paths.

Website: Clean up integrations build.

website: Fix paths.

website: Optimize remark.

website: Update deps.

website: Format.

website: Remove linking.

website: Fix paths.

wip: Attempt API only build.

Prep.

Migrate render to runtime. Tidy sidebar.

Clean up templates.

docs: Move directory. WIP

docs: Flesh out split.

website: Fix issue where routes have collisions.
2025-07-01 21:53:19 +02:00

1.9 KiB
Raw Blame History

Create a middleware:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
    name: authentik
spec:
    forwardAuth:
        # This address should point to the cluster endpoint provided by the kubernetes service, not the Ingress.
        address: http://outpost.company:9000/outpost.goauthentik.io/auth/traefik
        trustForwardHeader: true
        authResponseHeaders:
            - X-authentik-username
            - X-authentik-groups
            - X-authentik-entitlements
            - X-authentik-email
            - X-authentik-name
            - X-authentik-uid
            - X-authentik-jwt
            - X-authentik-meta-jwks
            - X-authentik-meta-outpost
            - X-authentik-meta-provider
            - X-authentik-meta-app
            - X-authentik-meta-version

:::info Traefik changed the apiVersion of the middleware CRD in version 3.0, for older versions please subsititue "apiVersion: traefik.containo.us/v1alpha1" :::

Add the following settings to your IngressRoute

By default traefik does not allow cross-namespace references for middlewares:

See here to enable it.

spec:
    routes:
        - kind: Rule
          match: "Host(`app.company`)"
          middlewares:
              - name: authentik
                namespace: authentik
          priority: 10
          services: # Unchanged
        # This part is only required for single-app setups
        - kind: Rule
          match: "Host(`app.company`) && PathPrefix(`/outpost.goauthentik.io/`)"
          priority: 15
          services:
              - kind: Service
                # Or, to use an external Outpost, create an ExternalName service and reference that here.
                # See https://kubernetes.io/docs/concepts/services-networking/service/#externalname
                name: ak-outpost-example-outpost
                port: 9000