traefik forward auth

reflector/helmrelease-reflector.yaml

@@ -20,7 +20,7 @@ spec:
     # This is a YAML-formatted file.
     # Declare variables to be passed into your templates.
 
-    replicaCount: 1
+    replicaCount: 2
 
     image:
       repository: emberstack/kubernetes-reflector

traefik/helmrelease-traefik.yaml

@@ -240,7 +240,7 @@ spec:
         # -- Load Kubernetes IngressRoute provider
         enabled: true
         # -- Allows IngressRoute to reference resources in namespace other than theirs
-        allowCrossNamespace: false
+        allowCrossNamespace: true
         # -- Allows to reference ExternalName services in IngressRoute
         allowExternalNameServices: false
         # -- Allows to return 503 when there is no endpoints available

traefik/middleware-traefik-forward-auth.yaml

@@ -0,0 +1,20 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+    name: authentik
+spec:
+    forwardAuth:
+        address: http://authentik.michaelthomson.dev:9000/outpost.goauthentik.io/auth/traefik
+        trustForwardHeader: true
+        authResponseHeaders:
+            - X-authentik-username
+            - X-authentik-groups
+            - X-authentik-email
+            - X-authentik-name
+            - X-authentik-uid
+            - X-authentik-jwt
+            - X-authentik-meta-jwks
+            - X-authentik-meta-outpost
+            - X-authentik-meta-provider
+            - X-authentik-meta-app
+            - X-authentik-meta-version