What is it?

This is demo how to use forwardauth middleware of traefik. You can find more details about it on official traefik docs

How to use it (in k8s)?

register an app in Azure Active Directory to obtain ClientId, ClientSecret, TenantId
build docker image src/TraefikAuthAAD/Dockerfile and publish it to a registry
create a deploy and make sure that you override these environment variables:

JwtSigningKey="-- required: put your signing key --"
AzureAD__GroupId="-- optional: put id of group to restrict list of users that have access --"
AzureAD__ClientId="{clientId}"
AzureAD__ClientSecret="{clientSecret}"
AzureAD__AuthorizeEndpoint="https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize"
AzureAD__TokenEndpoint="https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token"

create a service for the deploy
create a traefik middleware object:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: auth
spec:
  forwardAuth:
    address: http://{service name or ip}/auth
    trustForwardHeader: true

use the middleware in your ingress objects

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
src		src
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

src

src

.gitignore

.gitignore

LICENSE

LICENSE

README.md

README.md

Repository files navigation

What is it?

How to use it (in k8s)?

About

Languages

License

vitaliy-leschenko/traefik-forwardauth-azuread

Folders and files

Latest commit

History

Repository files navigation

What is it?

How to use it (in k8s)?

About

Topics

Resources

License

Stars

Watchers

Forks

Languages