Created
February 25, 2022 09:25
-
-
Save jakubhajek/496f3569e29745541e1bf67752fbf185 to your computer and use it in GitHub Desktop.
Traefik Ingressroute OIDC and JWT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: traefik.containo.us/v1alpha1 | |
kind: IngressRoute | |
metadata: | |
name: app-tls | |
namespace: app | |
spec: | |
entryPoints: | |
- websecure | |
routes: | |
- kind: Rule | |
match: Host(`app.d.aws.traefiklabs.tech`) | |
services: | |
- name: app-v1 | |
port: 80 | |
middlewares: | |
- name: oidc-auth | |
tls: | |
certResolver: default | |
--- | |
apiVersion: traefik.containo.us/v1alpha1 | |
kind: IngressRoute | |
metadata: | |
name: app-tls-jwt | |
namespace: app | |
spec: | |
entryPoints: | |
- websecure | |
routes: | |
- kind: Rule | |
# consider having a more precise regular expression to match the JWT token explicitly | |
match: Host(`app.d.aws.traefiklabs.tech`) && HeadersRegexp (`Authorization`, `Bearer*`) | |
services: | |
- name: app-v1 | |
port: 80 | |
middlewares: | |
- name: jwt-auth | |
tls: | |
certResolver: default | |
--- | |
apiVersion: traefik.containo.us/v1alpha1 | |
kind: Middleware | |
metadata: | |
name: oidc-auth | |
namespace: app | |
spec: | |
plugin: | |
oidcAuth: | |
source: oidcSource | |
scopes: | |
- openid | |
redirectUrl: "/callback" | |
session: | |
name: "%s-session" | |
path: "/" | |
secret: powpowpowpowpowpowpowpow | |
expiry: 86400 | |
forwardHeaders: | |
X-Traefik-Group: groups | |
claims: Contains(`groups`, `admin`) | |
--- | |
apiVersion: traefik.containo.us/v1alpha1 | |
kind: Middleware | |
metadata: | |
name: jwt-auth | |
namespace: app | |
spec: | |
plugin: | |
jwtAuth: | |
source: jwtSource | |
forwardHeaders: | |
X-User: id |
Hey @jacobsandersen, This is part of the Traefik Enterprise, please see the docs for that plugin. If you are interested in Traefik Enterprise don't hesitate to get in touch with Traefik Folks, cc/ @emilevauge
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Where did the jwtAuth plugin come from?