fleet-infra/traefik/middleware-traefik-forward-auth.yaml

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: authentik
  namespace: traefik
spec:
    forwardAuth:
        address: "http://authentik.authentik/outpost.goauthentik.io/auth/traefik"
        trustForwardHeader: true
        authResponseHeaders:
            - Authorization
            - X-authentik-username
            - X-authentik-groups
            - X-authentik-email
            - X-authentik-name
            - X-authentik-uid
            - X-authentik-jwt
            - X-authentik-meta-jwks
            - X-authentik-meta-outpost
            - X-authentik-meta-provider
            - X-authentik-meta-app
            - X-authentik-meta-version
        tls:
          certSecret: letsencrypt-wildcard-cert-michaelthomson.dev