added outpost service pod

infrastructure/traefik-edge/configmap-dynamic-legacy.yaml

@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: traefik-edge-dynamic-legacy
-  namespace: traefik-system
-  labels:
-    app.kubernetes.io/name: traefik
-    app.kubernetes.io/component: edge-dynamic
-data:
-  20-legacy-vm.yaml: |
-    http:
-      routers:
-        # Route für Apps auf VM 301
-        to-apps-vm:
-          rule: HostRegexp(`^[a-z0-9-]+\.apps\.stabify\.de$`)
-          service: apps-vm-service
-          entryPoints: [ websecure ]
-          tls:
-            certResolver: le
-            domains:
-              - main: "*.apps.stabify.de"
-
-      services:
-        apps-vm-service:
-          loadBalancer:
-            servers:
-              - url: "http://vm-docker-apps-301.stabify.de:80"
-            passHostHeader: true

infrastructure/traefik-middleware-app.yaml

@@ -15,6 +15,7 @@ spec:
       recurse: false
       include: |
         traefik-middleware-ipwhitelist.yaml
+        traefik-middleware-auth.yaml
   destination:
     server: https://kubernetes.default.svc
     namespace: traefik-system

infrastructure/traefik-middleware-authentik.yaml

@@ -0,0 +1,25 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authentik-global
+  namespace: traefik-system
+  labels:
+    app.kubernetes.io/name: traefik
+    app.kubernetes.io/component: middleware
+spec:
+  forwardAuth:
+    # Adresse zeigt auf den neuen Service, den wir oben erstellt haben
+    address: http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - authorization