Skip to content

Instantly share code, notes, and snippets.

@jakubhajek
Created February 25, 2022 09:25
Show Gist options
  • Save jakubhajek/496f3569e29745541e1bf67752fbf185 to your computer and use it in GitHub Desktop.
Save jakubhajek/496f3569e29745541e1bf67752fbf185 to your computer and use it in GitHub Desktop.
Traefik Ingressroute OIDC and JWT
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: app-tls
namespace: app
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`app.d.aws.traefiklabs.tech`)
services:
- name: app-v1
port: 80
middlewares:
- name: oidc-auth
tls:
certResolver: default
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: app-tls-jwt
namespace: app
spec:
entryPoints:
- websecure
routes:
- kind: Rule
# consider having a more precise regular expression to match the JWT token explicitly
match: Host(`app.d.aws.traefiklabs.tech`) && HeadersRegexp (`Authorization`, `Bearer*`)
services:
- name: app-v1
port: 80
middlewares:
- name: jwt-auth
tls:
certResolver: default
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: oidc-auth
namespace: app
spec:
plugin:
oidcAuth:
source: oidcSource
scopes:
- openid
redirectUrl: "/callback"
session:
name: "%s-session"
path: "/"
secret: powpowpowpowpowpowpowpow
expiry: 86400
forwardHeaders:
X-Traefik-Group: groups
claims: Contains(`groups`, `admin`)
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: jwt-auth
namespace: app
spec:
plugin:
jwtAuth:
source: jwtSource
forwardHeaders:
X-User: id
@jacobsandersen
Copy link

Where did the jwtAuth plugin come from?

@jakubhajek
Copy link
Author

Hey @jacobsandersen, This is part of the Traefik Enterprise, please see the docs for that plugin. If you are interested in Traefik Enterprise don't hesitate to get in touch with Traefik Folks, cc/ @emilevauge

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment