From 4faecf7888e4adf9d8bedade20d2da8b7cb18cbc Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 25 Feb 2026 16:24:36 -0600 Subject: [PATCH] feat: add proxy auth --- .../helm/sonarr-4k/templates/middleware.yaml | 26 +++++++++++++++++++ clusters/cl01tl/helm/sonarr-4k/values.yaml | 6 +++++ 2 files changed, 32 insertions(+) create mode 100644 clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml new file mode 100644 index 000000000..341764b57 --- /dev/null +++ b/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml @@ -0,0 +1,26 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: oidc-forward-auth + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: oidc-forward-auth + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + forwardAuth: + address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/clusters/cl01tl/helm/sonarr-4k/values.yaml b/clusters/cl01tl/helm/sonarr-4k/values.yaml index 937732139..2e12b7f58 100644 --- a/clusters/cl01tl/helm/sonarr-4k/values.yaml +++ b/clusters/cl01tl/helm/sonarr-4k/values.yaml @@ -81,6 +81,12 @@ sonarr-4k: namespace: traefik hostnames: - sonarr-4k.alexlebens.net + filters: + - type: ExtensionRef + extensionRef: + group: traefik.io + kind: Middleware + name: oidc-forward-auth rules: - backendRefs: - group: ''