We are in the process of moving our Ingress from Nginx to Traefik and right now i am stuck with an issue. We are using forwardauth proxy and everything works fine so far except for Grafana where we want to pass a certain header from forwardauth service to Grafana so a user can login automatically. I am still trying to find the right way to achieve this in Traefik.
For Nginx Ingress, we have the following annotations,
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/auth-response-headers: Authorization
nginx.ingress.kubernetes.io/auth-url: "https://$host/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://$host/oauth2/start?rd=$escaped_request_uri"
nginx.ingress.kubernetes.io/configuration-snippet: |
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
when i deployed the traefik Ingress, I did the following things
1. add an IngressRoute for the hostname I need to access
2. add a middleware for the headers i need to extract
Here is the middleware yaml file
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: sso
spec:
forwardAuth:
address: http://traefik-sso:4181
authResponseHeaders:
- "X-Forwarded-User"
- "X-Auth-User"
- "X-Auth-Request-Email"
- "X-Auth-Request-User"
trustForwardHeader: true
The above steps has not resolve the issue. Can you help me the correct snippet to be used in the Traefik to proxies the authorization header in the auth response to the Grafana.