apiVersion: apps/v1 kind: Deployment metadata: name: traefik-forward-auth namespace: yonote-onprem labels: app: traefik-forward-auth spec: replicas: 1 selector: matchLabels: app: traefik-forward-auth strategy: type: Recreate revisionHistoryLimit: 10 progressDeadlineSeconds: 600 template: metadata: labels: app: traefik-forward-auth spec: containers: - name: traefik-forward-auth image: thomseddon/traefik-forward-auth:2 ports: - containerPort: 4181 protocol: TCP env: - name: DOMAIN value: "wilix.org,wilix.dev" - name: AUTH_HOST value: "auth.yonote.develop.wilix.dev" - name: INSECURE_COOKIE value: "false" - name: DEFAULT_PROVIDER value: "oidc" - name: PROVIDERS_OIDC_ISSUER_URL value: "https://auth.onprem-test.stands.wilix.dev/realms/yonote" - name: PROVIDERS_OIDC_CLIENT_ID value: "admin" - name: PROVIDERS_OIDC_CLIENT_SECRET value: "12345" - name: SECRET value: "0987654321" - name: LOG_LEVEL value: "debug" imagePullPolicy: IfNotPresent resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File restartPolicy: Always terminationGracePeriodSeconds: 60 dnsPolicy: ClusterFirst securityContext: {} schedulerName: default-scheduler --- apiVersion: v1 kind: Service metadata: name: traefik-forward-auth namespace: yonote-onprem labels: app: traefik-forward-auth spec: ports: - name: auth-http protocol: TCP port: 4181 targetPort: 4181 selector: app: traefik-forward-auth type: ClusterIP sessionAffinity: None --- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: traefik-forward-auth spec: forwardAuth: address: https://auth.onprem-test.stands.wilix.dev:4181 authResponseHeaders: - X-Forwarded-User