Hi ,
Usecase: LDAP intergration for Prometheus
Reverse proxy : Traefik version 2
SSO: Authelia 4.33.2
LDAP : our prod
I'm using helm chart to configure traefik ,authelia and LDAP.
Authelia+LDAP works successfully,
I have a issue in auth forward traefik ( middleware)
-
I have a secure url ( Prometheus) when i hit it, based on the configuration it should redirect me to SSO ( which is authelia).
-
It has been identified the forward auth address syntax is not working properly.
kind: Middleware
metadata:
name: auth
namespace: default
spec:
forwardAuth:
address: http://authelia.default.svc.cluster.local/auth/api/verify?rd=https://secureurl/auth/
trustForwardHeader: true
authRequestHeaders:
- "Remote-User"
- "Remote-Groups"
- "Remote-Name"
- "Remote-Email"
tls:
insecureSkipVerify: true
secure container: prometheus( renamed as whoami), ingress.
I'm using two middleware yaml , one for regex and one for actual config
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
traefik.ingress.kubernetes.io/router.middlewares: default-auth@kubernetescrd, default regex@kubernetescrd
name: whoami
namespace: default
spec:
rules:
- host: whoami.url
http:
paths:- backend:
service:
name: whoami
port:
number: 80
path: /
pathType: Prefix
tls:
- backend:
- secretName: tls ( our secret)
I just want to check if anyone came across this kind of setup.
i doubt there is a syntax issue with address on middleware under auth_forward.
any suggestion on this query, could you please provide your feedback. thanks in advance