prowlarr and bazarr forward auth

Signed-off-by: Michael Thomson <michael@michaelthomson.dev>

media/bazarr/ingress.yaml

@@ -6,6 +6,7 @@ metadata:
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.middlewares: authentik-bazarr@kubernetescrd
 spec:
   rules:
   - host: bazarr.michaelthomson.dev

media/prowlarr/ingress.yaml

@@ -6,6 +6,7 @@ metadata:
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.middlewares: authentik-prowlarr@kubernetescrd
 spec:
   rules:
   - host: prowlarr.michaelthomson.dev

traefik/bazarr-middleware.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: bazarr
+  namespace: authentik
+spec:
+  forwardAuth:
+    address: https://bazarr.michaelthomson.dev/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+    - X-authentik-username
+    - X-authentik-groups
+    - X-authentik-email
+    - X-authentik-name
+    - X-authentik-uid
+    - X-authentik-jwt
+    - X-authentik-meta-jwks
+    - X-authentik-meta-outpost
+    - X-authentik-meta-provider
+    - X-authentik-meta-app
+    - X-authentik-meta-version
+    - authorization
+    tls:
+      certSecret: letsencrypt-wildcard-cert-michaelthomson.dev

traefik/prowlarr-middleware.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: prowlarr
+  namespace: authentik
+spec:
+  forwardAuth:
+    address: https://prowlarr.michaelthomson.dev/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+    - X-authentik-username
+    - X-authentik-groups
+    - X-authentik-email
+    - X-authentik-name
+    - X-authentik-uid
+    - X-authentik-jwt
+    - X-authentik-meta-jwks
+    - X-authentik-meta-outpost
+    - X-authentik-meta-provider
+    - X-authentik-meta-app
+    - X-authentik-meta-version
+    - authorization
+    tls:
+      certSecret: letsencrypt-wildcard-cert-michaelthomson.dev