From 459bf957e0d36560afb23032f3e99655604f75d5 Mon Sep 17 00:00:00 2001 From: Marcos Soutullo Date: Tue, 26 Oct 2021 18:22:30 +0100 Subject: [PATCH] chore: Tidy things up after forking and releasing a new branch --- .github/FUNDING.yml | 1 - renovate.json => .github/renovate.json5 | 0 .github/workflows/release.yml | 14 +- README.md | 111 ++++++------ .../advanced-separate-pod/README.md | 0 .../advanced-separate-pod/kustomization.yaml | 0 .../configs}/traefik-forward-auth.ini | 0 .../traefik-forward-auth/deployment.yaml | 0 .../traefik-forward-auth/ingress.yaml | 0 .../traefik-forward-auth/kustomization.yaml | 0 .../traefik-forward-auth/middleware.yaml | 0 .../secrets}/traefik-forward-auth.env | 0 .../traefik-forward-auth/service.yaml | 0 .../whoami/deployment.yaml | 0 .../advanced-separate-pod/whoami/ingress.yaml | 0 .../whoami/kustomization.yaml | 0 .../advanced-separate-pod/whoami/service.yaml | 0 .../kubernetes/advanced-single-pod/README.md | 0 .../advanced-single-pod/kustomization.yaml | 0 .../traefik/configs/traefik-forward-auth.ini | 0 .../advanced-single-pod/traefik/crds.yaml | 0 .../traefik/deployment.yaml | 0 .../advanced-single-pod/traefik/ingress.yaml | 0 .../traefik/kustomization.yaml | 0 .../traefik/middleware.yaml | 0 .../advanced-single-pod/traefik/pvc.yaml | 0 .../advanced-single-pod/traefik/rbac.yaml | 0 .../traefik/secrets/traefik-forward-auth.env | 0 .../advanced-single-pod/traefik/service.yaml | 0 .../whoami/deployment.yaml | 0 .../advanced-single-pod/whoami/ingress.yaml | 0 .../whoami/kustomization.yaml | 0 .../advanced-single-pod/whoami/service.yaml | 0 .../kubernetes/simple-separate-pod/README.md | 0 .../simple-separate-pod/k8s-app.yml | 0 .../k8s-traefik-forward-auth.yml | 0 .../swarm/docker-compose-auth-host.yml | 0 .../swarm/docker-compose-oidc.yml | 0 .../{traefik-v2 => }/swarm/docker-compose.yml | 0 examples/traefik-v1.7/kubernetes/README.md | 10 -- .../advanced-separate-pod/README.md | 16 -- .../traefik-forward-auth/deployment.yaml | 68 ------- .../traefik-forward-auth/ingress.yaml | 22 --- .../traefik-forward-auth/kustomization.yaml | 22 --- .../traefik-forward-auth/service.yaml | 14 -- .../advanced-separate-pod/whoami/ingress.yaml | 19 -- .../traefik/configs/traefik.toml | 169 ------------------ .../traefik/deployment.yaml | 94 ---------- .../advanced-single-pod/traefik/ingress.yaml | 36 ---- .../traefik/kustomization.yaml | 28 --- .../advanced-single-pod/traefik/rbac.yaml | 52 ------ .../advanced-single-pod/traefik/service.yaml | 58 ------ .../advanced-single-pod/whoami/ingress.yaml | 16 -- .../kubernetes/simple-separate-pod/README.md | 43 ----- .../simple-separate-pod/k8s-app.yml | 62 ------- .../k8s-traefik-forward-auth.yml | 90 ---------- .../swarm/docker-compose-auth-host.yml | 44 ----- .../swarm/docker-compose-oidc.yml | 40 ----- .../traefik-v1.7/swarm/docker-compose.yml | 39 ---- examples/traefik-v1.7/swarm/traefik.toml | 138 -------------- .../advanced-separate-pod/kustomization.yaml | 3 - .../configs/traefik-forward-auth.ini | 8 - .../secrets/traefik-forward-auth.env | 3 - .../whoami/deployment.yaml | 19 -- .../whoami/kustomization.yaml | 7 - .../advanced-separate-pod/whoami/service.yaml | 14 -- .../kubernetes/advanced-single-pod/README.md | 18 -- .../advanced-single-pod/kustomization.yaml | 3 - .../traefik/configs/traefik-forward-auth.ini | 8 - .../advanced-single-pod/traefik/pvc.yaml | 17 -- .../traefik/secrets/traefik-forward-auth.env | 3 - .../whoami/deployment.yaml | 19 -- .../whoami/kustomization.yaml | 7 - .../advanced-single-pod/whoami/service.yaml | 14 -- 74 files changed, 67 insertions(+), 1282 deletions(-) delete mode 100644 .github/FUNDING.yml rename renovate.json => .github/renovate.json5 (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-separate-pod/README.md (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-separate-pod/kustomization.yaml (100%) rename examples/{traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth => kubernetes/advanced-separate-pod/traefik-forward-auth/configs}/traefik-forward-auth.ini (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-separate-pod/traefik-forward-auth/kustomization.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-separate-pod/traefik-forward-auth/middleware.yaml (100%) rename examples/{traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth => kubernetes/advanced-separate-pod/traefik-forward-auth/secrets}/traefik-forward-auth.env (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-separate-pod/traefik-forward-auth/service.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-separate-pod/whoami/deployment.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-separate-pod/whoami/ingress.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-separate-pod/whoami/kustomization.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-separate-pod/whoami/service.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-single-pod/README.md (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-single-pod/kustomization.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-single-pod/traefik/configs/traefik-forward-auth.ini (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-single-pod/traefik/crds.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-single-pod/traefik/deployment.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-single-pod/traefik/ingress.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-single-pod/traefik/kustomization.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-single-pod/traefik/middleware.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-single-pod/traefik/pvc.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-single-pod/traefik/rbac.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-single-pod/traefik/service.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-single-pod/whoami/deployment.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/advanced-single-pod/whoami/ingress.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-single-pod/whoami/kustomization.yaml (100%) rename examples/{traefik-v1.7 => }/kubernetes/advanced-single-pod/whoami/service.yaml (100%) rename examples/{traefik-v2 => }/kubernetes/simple-separate-pod/README.md (100%) rename examples/{traefik-v2 => }/kubernetes/simple-separate-pod/k8s-app.yml (100%) rename examples/{traefik-v2 => }/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml (100%) rename examples/{traefik-v2 => }/swarm/docker-compose-auth-host.yml (100%) rename examples/{traefik-v2 => }/swarm/docker-compose-oidc.yml (100%) rename examples/{traefik-v2 => }/swarm/docker-compose.yml (100%) delete mode 100644 examples/traefik-v1.7/kubernetes/README.md delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-separate-pod/README.md delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/kustomization.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/service.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/ingress.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/configs/traefik.toml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/deployment.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/ingress.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/kustomization.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/rbac.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/service.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/ingress.yaml delete mode 100644 examples/traefik-v1.7/kubernetes/simple-separate-pod/README.md delete mode 100644 examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-app.yml delete mode 100644 examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml delete mode 100644 examples/traefik-v1.7/swarm/docker-compose-auth-host.yml delete mode 100644 examples/traefik-v1.7/swarm/docker-compose-oidc.yml delete mode 100644 examples/traefik-v1.7/swarm/docker-compose.yml delete mode 100644 examples/traefik-v1.7/swarm/traefik.toml delete mode 100644 examples/traefik-v2/kubernetes/advanced-separate-pod/kustomization.yaml delete mode 100644 examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/configs/traefik-forward-auth.ini delete mode 100644 examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/secrets/traefik-forward-auth.env delete mode 100644 examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/deployment.yaml delete mode 100644 examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/kustomization.yaml delete mode 100644 examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/service.yaml delete mode 100644 examples/traefik-v2/kubernetes/advanced-single-pod/README.md delete mode 100644 examples/traefik-v2/kubernetes/advanced-single-pod/kustomization.yaml delete mode 100644 examples/traefik-v2/kubernetes/advanced-single-pod/traefik/configs/traefik-forward-auth.ini delete mode 100644 examples/traefik-v2/kubernetes/advanced-single-pod/traefik/pvc.yaml delete mode 100644 examples/traefik-v2/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env delete mode 100644 examples/traefik-v2/kubernetes/advanced-single-pod/whoami/deployment.yaml delete mode 100644 examples/traefik-v2/kubernetes/advanced-single-pod/whoami/kustomization.yaml delete mode 100644 examples/traefik-v2/kubernetes/advanced-single-pod/whoami/service.yaml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index f6f6ce8..0000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1 +0,0 @@ -github: kitos9112 diff --git a/renovate.json b/.github/renovate.json5 similarity index 100% rename from renovate.json rename to .github/renovate.json5 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index db962b9..7757768 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -73,15 +73,25 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Get tag name - run: echo "TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + run: | + echo "TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - name: Build and push uses: docker/build-push-action@v2 with: context: . - platforms: linux/amd64,linux/arm64,linux/arm + platforms: linux/amd64,linux/arm64 push: true tags: | kitos9112/traefik-forward-auth:latest kitos9112/traefik-forward-auth:${{ env.TAG }} + ghcr.io/kitos9112/traefik-forward-auth:latest + ghcr.io/kitos9112/traefik-forward-auth:${{ env.TAG }} diff --git a/README.md b/README.md index 2248593..923fd11 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,11 @@ -![Build Status](https://img.shields.io/github/workflow/status/thomseddon/traefik-forward-auth/CI) [![Go Report Card](https://goreportcard.com/badge/github.com/thomseddon/traefik-forward-auth)](https://goreportcard.com/report/github.com/thomseddon/traefik-forward-auth) ![Docker Pulls](https://img.shields.io/docker/pulls/thomseddon/traefik-forward-auth.svg) [![GitHub release](https://img.shields.io/github/release/thomseddon/traefik-forward-auth.svg)](https://GitHub.com/thomseddon/traefik-forward-auth/releases/) +![Build Status](https://img.shields.io/github/workflow/status/kitos9112/traefik-forward-auth/CI) [![Go Report Card](https://goreportcard.com/badge/github.com/kitos9112/traefik-forward-auth)](https://goreportcard.com/report/github.com/kitos9112/traefik-forward-auth) ![Docker Pulls](https://img.shields.io/docker/pulls/kitos9112/traefik-forward-auth.svg) [![GitHub release](https://img.shields.io/github/release/kitos9112/traefik-forward-auth.svg)](https://GitHub.com/kitos9112/traefik-forward-auth/releases/) [![Total alerts](https://img.shields.io/lgtm/alerts/g/kitos9112/traefik-forward-auth.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/kitos9112/traefik-forward-auth/alerts/) # Traefik Forward Auth -A minimal forward authentication service that provides OAuth/SSO login and authentication for the [traefik](https://github.com/traefik/traefik) reverse proxy/load balancer. +> Forked from [traefik-forward-auth](https://github.com/thomseddon/traefik-forward-auth) as it stopped being maintained, or at least it looked to me :) + +A minimal forward authentication service that provides OAuth/SSO login and authentication for the [traefik](https://github.com/containous/traefik) reverse proxy/load balancer. ## Why? @@ -17,18 +19,18 @@ A minimal forward authentication service that provides OAuth/SSO login and authe # Contents -- [Traefik Forward Auth !Build Status [![Go Report Card](https://goreportcard.com/badge/github.com/thomseddon/traefik-forward-auth)](https://goreportcard.com/report/github.com/thomseddon/traefik-forward-auth) ![Docker Pulls](https://img.shields.io/docker/pulls/thomseddon/traefik-forward-auth.svg) [![GitHub release](https://img.shields.io/github/release/thomseddon/traefik-forward-auth.svg)](https://GitHub.com/thomseddon/traefik-forward-auth/releases/)](#traefik-forward-auth----) +- [Traefik Forward Auth !Build Status [![Go Report Card](https://goreportcard.com/badge/github.com/kitos9112/traefik-forward-auth)](https://goreportcard.com/report/github.com/kitos9112/traefik-forward-auth) ![Docker Pulls](https://img.shields.io/docker/pulls/kitos9112/traefik-forward-auth.svg) [![GitHub release](https://img.shields.io/github/release/kitos9112/traefik-forward-auth.svg)](https://GitHub.com/kitos9112/traefik-forward-auth/releases/)](#traefik-forward-auth----) - [Why?](#why) - [Contents](#contents) - [Releases](#releases) - - [Upgrade Guide](#upgrade-guide) + - [Upgrade Guide](#upgrade-guide) - [Usage](#usage) - - [Simple:](#simple) - - [Advanced:](#advanced) - - [Provider Setup](#provider-setup) - - [Google](#google) - - [OpenID Connect](#openid-connect) - - [Generic OAuth2](#generic-oauth2) + - [Simple:](#simple) + - [Advanced:](#advanced) + - [Provider Setup](#provider-setup) + - [Google](#google) + - [OpenID Connect](#openid-connect) + - [Generic OAuth2](#generic-oauth2) - [Configuration](#configuration) - [Overview](#overview) - [Option Details](#option-details) @@ -49,21 +51,17 @@ A minimal forward authentication service that provides OAuth/SSO login and authe ## Releases -We recommend using the `2` tag on docker hub (`thomseddon/traefik-forward-auth:2`). +We recommend using the `2` tag on docker hub (`kitos9112/traefik-forward-auth:2`). -You can also use the latest incremental releases found on [docker hub](https://hub.docker.com/r/thomseddon/traefik-forward-auth/tags) and [github](https://github.com/thomseddon/traefik-forward-auth/releases). +You can also use the latest incremental releases found on [docker hub](https://hub.docker.com/r/kitos9112/traefik-forward-auth/tags) and [github](https://github.com/kitos9112/traefik-forward-auth/releases). ARM releases are also available on docker hub, just append `-arm` or `-arm64` to your desired released (e.g. `2-arm` or `2.1-arm64`). We also build binary files for usage without docker starting with releases after 2.2.0 You can find these as assets of the specific GitHub release. -#### Upgrade Guide - -v2 was released in June 2019, whilst this is fully backwards compatible, a number of configuration options were modified, please see the [upgrade guide](https://github.com/thomseddon/traefik-forward-auth/wiki/v2-Upgrade-Guide) to prevent warnings on startup and ensure you are using the current configuration. - ## Usage -#### Simple: +### Simple See below for instructions on how to setup your [Provider Setup](#provider-setup). @@ -82,7 +80,7 @@ services: - /var/run/docker.sock:/var/run/docker.sock traefik-forward-auth: - image: thomseddon/traefik-forward-auth:2 + image: kitos9112/traefik-forward-auth:2 environment: - PROVIDERS_GOOGLE_CLIENT_ID=your-client-id - PROVIDERS_GOOGLE_CLIENT_SECRET=your-client-secret @@ -100,15 +98,15 @@ services: - "traefik.http.routers.whoami.middlewares=traefik-forward-auth" ``` -#### Advanced: +### Advanced -Please see the examples directory for a more complete [docker-compose.yml](https://github.com/thomseddon/traefik-forward-auth/blob/master/examples/traefik-v2/swarm/docker-compose.yml) or [kubernetes/simple-separate-pod](https://github.com/thomseddon/traefik-forward-auth/blob/master/examples/traefik-v2/kubernetes/simple-separate-pod/). +Please see the examples directory for a more complete [docker-compose.yml](https://github.com/kitos9112/traefik-forward-auth/blob/master/examples/traefik-v2/swarm/docker-compose.yml) or [kubernetes/simple-separate-pod](https://github.com/kitos9112/traefik-forward-auth/blob/master/examples/traefik-v2/kubernetes/simple-separate-pod/). -Also in the examples directory is [docker-compose-auth-host.yml](https://github.com/thomseddon/traefik-forward-auth/blob/master/examples/traefik-v2/swarm/docker-compose-auth-host.yml) and [kubernetes/advanced-separate-pod](https://github.com/thomseddon/traefik-forward-auth/blob/master/examples/traefik-v2/kubernetes/advanced-separate-pod/) which shows how to configure a central auth host, along with some other options. +Also in the examples directory is [docker-compose-auth-host.yml](https://github.com/kitos9112/traefik-forward-auth/blob/master/examples/traefik-v2/swarm/docker-compose-auth-host.yml) and [kubernetes/advanced-separate-pod](https://github.com/kitos9112/traefik-forward-auth/blob/master/examples/traefik-v2/kubernetes/advanced-separate-pod/) which shows how to configure a central auth host, along with some other options. #### Provider Setup -Below are some general notes on provider setup, specific instructions and examples for a number of providers can be found on the [Provider Setup](https://github.com/thomseddon/traefik-forward-auth/wiki/Provider-Setup) wiki page. +Below are some general notes on provider setup, specific instructions and examples for a number of providers can be found on the [Provider Setup](https://github.com/kitos9112/traefik-forward-auth/wiki/Provider-Setup) wiki page. ##### Google @@ -126,7 +124,7 @@ Any provider that supports OpenID Connect 1.0 can be configured via the OIDC con You must set the `providers.oidc.issuer-url`, `providers.oidc.client-id` and `providers.oidc.client-secret` config options. -Please see the [Provider Setup](https://github.com/thomseddon/traefik-forward-auth/wiki/Provider-Setup) wiki page for examples. +Please see the [Provider Setup](https://github.com/kitos9112/traefik-forward-auth/wiki/Provider-Setup) wiki page for examples. ##### Generic OAuth2 @@ -143,7 +141,7 @@ You can also set: - `providers.generic-oauth.scope`- Any scopes that should be included in the request (default: profile, email) - `providers.generic-oauth.token-style` - How token is presented when querying the User URL. Can be `header` or `query`, defaults to `header`. With `header` the token is provided in an Authorization header, with query the token is provided in the `access_token` query string value. -Please see the [Provider Setup](https://github.com/thomseddon/traefik-forward-auth/wiki/Provider-Setup) wiki page for examples. +Please see the [Provider Setup](https://github.com/kitos9112/traefik-forward-auth/wiki/Provider-Setup) wiki page for examples. ## Configuration @@ -151,7 +149,7 @@ Please see the [Provider Setup](https://github.com/thomseddon/traefik-forward-au The following configuration options are supported: -``` +```sh Usage: traefik-forward-auth [OPTIONS] @@ -218,7 +216,7 @@ All options can be supplied in any of the following ways, in the following prece The host should be specified without protocol or path, for example: - ``` + ```sh --auth-host="auth.example.com" ``` @@ -230,7 +228,7 @@ All options can be supplied in any of the following ways, in the following prece Used to specify the path to a configuration file, can be set multiple times, each file will be read in the order they are passed. Options should be set in an INI format, for example: - ``` + ```sh url-path = _oauthpath ``` @@ -239,7 +237,7 @@ All options can be supplied in any of the following ways, in the following prece When set, if a user successfully completes authentication, then if the host of the original request requiring authentication is a subdomain of a given cookie domain, then the authentication cookie will be set for the higher level cookie domain. This means that a cookie can allow access to multiple subdomains without re-authentication. Can be specificed multiple times. For example: - ``` + ```sh --cookie-domain="example.com" --cookie-domain="test.org" ``` @@ -327,28 +325,29 @@ All options can be supplied in any of the following ways, in the following prece Specify selective authentication rules. Rules are specified in the following format: `rule..=` - - `` can be any string and is only used to group rules together - - `` can be: - - `action` - same usage as [`default-action`](#default-action), supported values: - - `auth` (default) - - `allow` - - `domains` - optional, same usage as [`domain`](#domain) - - `provider` - same usage as [`default-provider`](#default-provider), supported values: - - `google` - - `oidc` - - `rule` - a rule to match a request, this uses traefik's v2 rule parser for which you can find the documentation here: https://docs.traefik.io/v2.0/routing/routers/#rule, supported values are summarised here: - - ``Headers(`key`, `value`)`` - - ``HeadersRegexp(`key`, `regexp`)`` - - ``Host(`example.com`, ...)`` - - ``HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)`` - - ``Method(methods, ...)`` - - ``Path(`path`, `/articles/{category}/{id:[0-9]+}`, ...)`` - - ``PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)`` - - ``Query(`foo=bar`, `bar=baz`)`` - - `whitelist` - optional, same usage as whitelist`](#whitelist) + - `` can be any string and is only used to group rules together + - `` can be: + - `action` - same usage as [`default-action`](#default-action), supported values: + - `auth` (default) + - `allow` + - `domains` - optional, same usage as [`domain`](#domain) + - `provider` - same usage as [`default-provider`](#default-provider), supported values: + - `google` + - `oidc` + - `rule` - a rule to match a request, this uses traefik's v2 rule parser for which you can find the documentation here: https://docs.traefik.io/v2.0/routing/routers/#rule, supported values are summarised here: + - ``Headers(`key`, `value`)`` + - ``HeadersRegexp(`key`, `regexp`)`` + - ``Host(`example.com`, ...)`` + - ``HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)`` + - ``Method(methods, ...)`` + - ``Path(`path`, `/articles/{category}/{id:[0-9]+}`, ...)`` + - ``PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)`` + - ``Query(`foo=bar`, `bar=baz`)`` + - `whitelist` - optional, same usage as whitelist`](#whitelist) For example: - ``` + + ```sh # Allow requests that being with `/api/public` and contain the `Content-Type` header with a value of `application/json` rule.1.action = allow rule.1.rule = PathPrefix(`/api/public`) && Headers(`Content-Type`, `application/json`) @@ -376,8 +375,8 @@ All options can be supplied in any of the following ways, in the following prece You can restrict who can login with the following parameters: -* `domain` - Use this to limit logins to a specific domain, e.g. test.com only -* `whitelist` - Use this to only allow specific users to login e.g. thom@test.com only +- `domain` - Use this to limit logins to a specific domain, e.g. test.com only +- `whitelist` - Use this to only allow specific users to login e.g. thom@test.com only Note, if you pass both `whitelist` and `domain`, then the default behaviour is for only `whitelist` to be used and `domain` will be effectively ignored. You can allow users matching *either* `whitelist` or `domain` by passing the `match-whitelist-or-domain` parameter (this will be the default behaviour in v3). If you set `domains` or `whitelist` on a rule, the global configuration is ignored. @@ -483,7 +482,7 @@ As the hostname in the `redirect_uri` is dynamically generated based on the orig #### Auth Host Mode -This is an optional mode of operation that is useful when dealing with a large number of subdomains, it is activated by using the `auth-host` config option (see [this example docker-compose.yml](https://github.com/thomseddon/traefik-forward-auth/blob/master/examples/traefik-v2/swarm/docker-compose-auth-host.yml) or [this kubernetes example](https://github.com/thomseddon/traefik-forward-auth/tree/master/examples/traefik-v2/kubernetes/advanced-separate-pod)). +This is an optional mode of operation that is useful when dealing with a large number of subdomains, it is activated by using the `auth-host` config option (see [this example docker-compose.yml](https://github.com/kitos9112/traefik-forward-auth/blob/master/examples/traefik-v2/swarm/docker-compose-auth-host.yml) or [this kubernetes example](https://github.com/kitos9112/traefik-forward-auth/tree/master/examples/traefik-v2/kubernetes/advanced-separate-pod)). For example, if you have a few applications: `app1.test.com`, `app2.test.com`, `appN.test.com`, adding every domain to Google's console can become laborious. To utilise an auth host, permit domain level cookies by setting the cookie domain to `test.com` then set the `auth-host` to: `auth.test.com`. @@ -504,7 +503,7 @@ Two criteria must be met for an `auth-host` to be used: 1. Request matches given `cookie-domain` 2. `auth-host` is also subdomain of same `cookie-domain` -Please note: For Auth Host mode to work, you must ensure that requests to your auth-host are routed to the traefik-forward-auth container, as demonstrated with the service labels in the [docker-compose-auth.yml](https://github.com/thomseddon/traefik-forward-auth/blob/master/examples/traefik-v2/swarm/docker-compose-auth-host.yml) example and the [ingressroute resource](https://github.com/thomseddon/traefik-forward-auth/blob/master/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml) in a kubernetes example. +Please note: For Auth Host mode to work, you must ensure that requests to your auth-host are routed to the traefik-forward-auth container, as demonstrated with the service labels in the [docker-compose-auth.yml](https://github.com/kitos9112/traefik-forward-auth/blob/master/examples/traefik-v2/swarm/docker-compose-auth-host.yml) example and the [ingressroute resource](https://github.com/kitos9112/traefik-forward-auth/blob/master/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml) in a kubernetes example. ### Logging Out @@ -514,10 +513,10 @@ You can use the `logout-redirect` config option to redirect users to another URL Note: This only clears the auth cookie from the users browser and as this service is stateless, it does not invalidate the cookie against future use. So if the cookie was recorded, for example, it could continue to be used for the duration of the cookie lifetime. -## Copyright +## Copyright And License 2018 Thom Seddon - -## License - [MIT](https://github.com/thomseddon/traefik-forward-auth/blob/master/LICENSE.md) + | +2021 Marcos Soutullo +[MIT](https://github.com/kitos9112/traefik-forward-auth/blob/master/LICENSE.md) \ No newline at end of file diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/README.md b/examples/kubernetes/advanced-separate-pod/README.md similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-separate-pod/README.md rename to examples/kubernetes/advanced-separate-pod/README.md diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/kustomization.yaml b/examples/kubernetes/advanced-separate-pod/kustomization.yaml similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-separate-pod/kustomization.yaml rename to examples/kubernetes/advanced-separate-pod/kustomization.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/traefik-forward-auth.ini b/examples/kubernetes/advanced-separate-pod/traefik-forward-auth/configs/traefik-forward-auth.ini similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/traefik-forward-auth.ini rename to examples/kubernetes/advanced-separate-pod/traefik-forward-auth/configs/traefik-forward-auth.ini diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml b/examples/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml rename to examples/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml b/examples/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml rename to examples/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/kustomization.yaml b/examples/kubernetes/advanced-separate-pod/traefik-forward-auth/kustomization.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/kustomization.yaml rename to examples/kubernetes/advanced-separate-pod/traefik-forward-auth/kustomization.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/middleware.yaml b/examples/kubernetes/advanced-separate-pod/traefik-forward-auth/middleware.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/middleware.yaml rename to examples/kubernetes/advanced-separate-pod/traefik-forward-auth/middleware.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/traefik-forward-auth.env b/examples/kubernetes/advanced-separate-pod/traefik-forward-auth/secrets/traefik-forward-auth.env similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/traefik-forward-auth.env rename to examples/kubernetes/advanced-separate-pod/traefik-forward-auth/secrets/traefik-forward-auth.env diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/service.yaml b/examples/kubernetes/advanced-separate-pod/traefik-forward-auth/service.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/service.yaml rename to examples/kubernetes/advanced-separate-pod/traefik-forward-auth/service.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/deployment.yaml b/examples/kubernetes/advanced-separate-pod/whoami/deployment.yaml similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/deployment.yaml rename to examples/kubernetes/advanced-separate-pod/whoami/deployment.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/ingress.yaml b/examples/kubernetes/advanced-separate-pod/whoami/ingress.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/ingress.yaml rename to examples/kubernetes/advanced-separate-pod/whoami/ingress.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/kustomization.yaml b/examples/kubernetes/advanced-separate-pod/whoami/kustomization.yaml similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/kustomization.yaml rename to examples/kubernetes/advanced-separate-pod/whoami/kustomization.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/service.yaml b/examples/kubernetes/advanced-separate-pod/whoami/service.yaml similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/service.yaml rename to examples/kubernetes/advanced-separate-pod/whoami/service.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/README.md b/examples/kubernetes/advanced-single-pod/README.md similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-single-pod/README.md rename to examples/kubernetes/advanced-single-pod/README.md diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/kustomization.yaml b/examples/kubernetes/advanced-single-pod/kustomization.yaml similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-single-pod/kustomization.yaml rename to examples/kubernetes/advanced-single-pod/kustomization.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/configs/traefik-forward-auth.ini b/examples/kubernetes/advanced-single-pod/traefik/configs/traefik-forward-auth.ini similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/configs/traefik-forward-auth.ini rename to examples/kubernetes/advanced-single-pod/traefik/configs/traefik-forward-auth.ini diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/crds.yaml b/examples/kubernetes/advanced-single-pod/traefik/crds.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-single-pod/traefik/crds.yaml rename to examples/kubernetes/advanced-single-pod/traefik/crds.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/deployment.yaml b/examples/kubernetes/advanced-single-pod/traefik/deployment.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-single-pod/traefik/deployment.yaml rename to examples/kubernetes/advanced-single-pod/traefik/deployment.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/ingress.yaml b/examples/kubernetes/advanced-single-pod/traefik/ingress.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-single-pod/traefik/ingress.yaml rename to examples/kubernetes/advanced-single-pod/traefik/ingress.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/kustomization.yaml b/examples/kubernetes/advanced-single-pod/traefik/kustomization.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-single-pod/traefik/kustomization.yaml rename to examples/kubernetes/advanced-single-pod/traefik/kustomization.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/middleware.yaml b/examples/kubernetes/advanced-single-pod/traefik/middleware.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-single-pod/traefik/middleware.yaml rename to examples/kubernetes/advanced-single-pod/traefik/middleware.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/pvc.yaml b/examples/kubernetes/advanced-single-pod/traefik/pvc.yaml similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/pvc.yaml rename to examples/kubernetes/advanced-single-pod/traefik/pvc.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/rbac.yaml b/examples/kubernetes/advanced-single-pod/traefik/rbac.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-single-pod/traefik/rbac.yaml rename to examples/kubernetes/advanced-single-pod/traefik/rbac.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env b/examples/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env rename to examples/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/service.yaml b/examples/kubernetes/advanced-single-pod/traefik/service.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-single-pod/traefik/service.yaml rename to examples/kubernetes/advanced-single-pod/traefik/service.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/deployment.yaml b/examples/kubernetes/advanced-single-pod/whoami/deployment.yaml similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/deployment.yaml rename to examples/kubernetes/advanced-single-pod/whoami/deployment.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/ingress.yaml b/examples/kubernetes/advanced-single-pod/whoami/ingress.yaml similarity index 100% rename from examples/traefik-v2/kubernetes/advanced-single-pod/whoami/ingress.yaml rename to examples/kubernetes/advanced-single-pod/whoami/ingress.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/kustomization.yaml b/examples/kubernetes/advanced-single-pod/whoami/kustomization.yaml similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/kustomization.yaml rename to examples/kubernetes/advanced-single-pod/whoami/kustomization.yaml diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/service.yaml b/examples/kubernetes/advanced-single-pod/whoami/service.yaml similarity index 100% rename from examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/service.yaml rename to examples/kubernetes/advanced-single-pod/whoami/service.yaml diff --git a/examples/traefik-v2/kubernetes/simple-separate-pod/README.md b/examples/kubernetes/simple-separate-pod/README.md similarity index 100% rename from examples/traefik-v2/kubernetes/simple-separate-pod/README.md rename to examples/kubernetes/simple-separate-pod/README.md diff --git a/examples/traefik-v2/kubernetes/simple-separate-pod/k8s-app.yml b/examples/kubernetes/simple-separate-pod/k8s-app.yml similarity index 100% rename from examples/traefik-v2/kubernetes/simple-separate-pod/k8s-app.yml rename to examples/kubernetes/simple-separate-pod/k8s-app.yml diff --git a/examples/traefik-v2/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml b/examples/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml similarity index 100% rename from examples/traefik-v2/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml rename to examples/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml diff --git a/examples/traefik-v2/swarm/docker-compose-auth-host.yml b/examples/swarm/docker-compose-auth-host.yml similarity index 100% rename from examples/traefik-v2/swarm/docker-compose-auth-host.yml rename to examples/swarm/docker-compose-auth-host.yml diff --git a/examples/traefik-v2/swarm/docker-compose-oidc.yml b/examples/swarm/docker-compose-oidc.yml similarity index 100% rename from examples/traefik-v2/swarm/docker-compose-oidc.yml rename to examples/swarm/docker-compose-oidc.yml diff --git a/examples/traefik-v2/swarm/docker-compose.yml b/examples/swarm/docker-compose.yml similarity index 100% rename from examples/traefik-v2/swarm/docker-compose.yml rename to examples/swarm/docker-compose.yml diff --git a/examples/traefik-v1.7/kubernetes/README.md b/examples/traefik-v1.7/kubernetes/README.md deleted file mode 100644 index 850e04f..0000000 --- a/examples/traefik-v1.7/kubernetes/README.md +++ /dev/null @@ -1,10 +0,0 @@ - -# Kubernetes - -These examples show how to deploy traefik-forward-auth alongside traefik v1.7. - -The "seperate pod" examples show traefik-forward-auth in it's own pod and leave the deployment of traefik as an exercise for the user (e.g. if using helm). - -The "single pod" examples show traefik and traefik-forward-auth in a single pod. - -Please see the README's in each example for more details. diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/README.md b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/README.md deleted file mode 100644 index ebd0a77..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/README.md +++ /dev/null @@ -1,16 +0,0 @@ - -# Kubernetes - Advanced Separate Pod Example - -This is an advanced example of how to deploy traefik-forward-auth in it's own pod. This example is a good starting point for those who already have traefik deployed (e.g. using helm). - -This example uses [Selective Authentication](https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md#selective-ingress-authentication-in-kubernetes) to selectively apply forward authentication to each selective ingress, a simple example "whoami" application (deployment, service and ingress) is included for completeness. - -This example leverages kustomise to define Secrets and ConfigMaps, example deployment: - -``` -# Deploy traefik-forward-auth -kubectl apply -k traefik-forward-auth - -# Deploy example whoami app -kubectl apply -k whoami -``` diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml deleted file mode 100644 index 379bca5..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/deployment.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik-forward-auth - labels: - app: traefik-forward-auth -spec: - replicas: 1 - selector: - matchLabels: - app: traefik-forward-auth - strategy: - type: Recreate - template: - metadata: - labels: - app: traefik-forward-auth - spec: - terminationGracePeriodSeconds: 60 - containers: - - image: thomseddon/traefik-forward-auth:2 - name: traefik-forward-auth - ports: - - containerPort: 4181 - protocol: TCP - env: - - name: CONFIG - value: "/config" - - name: DOMAIN - value: "example.com" - # INSECURE_COOKIE is required unless using https entrypoint - - name: INSECURE_COOKIE - value: "true" - # Remove COOKIE_DOMAIN if not using auth host mode - - name: COOKIE_DOMAIN - value: "example.com" - # Remove AUTH_HOST if not using auth host mode - - name: AUTH_HOST - value: "auth.example.com" - - name: LOG_LEVEL - value: "info" - - name: PROVIDERS_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-id - - name: PROVIDERS_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-secret - - name: SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: secret - volumeMounts: - - name: configs - mountPath: /config - subPath: traefik-forward-auth.ini - - volumes: - - name: configs - configMap: - name: configs - - name: traefik-forward-auth-secrets - secret: - secretName: secrets diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml deleted file mode 100644 index a724c53..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# -# NOTE: This is only needed if you are using auth-host mode -# -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: traefik-forward-auth - labels: - app: traefik-forward-auth - annotations: - kubernetes.io/ingress.class: traefik - ingress.kubernetes.io/auth-type: forward - ingress.kubernetes.io/auth-url: http://traefik-forward-auth:4181 - ingress.kubernetes.io/auth-response-headers: X-Forwarded-User -spec: - rules: - - host: auth.example.com - http: - paths: - - backend: - serviceName: traefik-forward-auth - servicePort: auth-http diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/kustomization.yaml b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/kustomization.yaml deleted file mode 100644 index 31fa27a..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/kustomization.yaml +++ /dev/null @@ -1,22 +0,0 @@ -commonLabels: - app: traefik-forward-auth - -resources: -- deployment.yaml -- service.yaml -- ingress.yaml # Only needed for auth-host mode - -# -# Configs -# -configMapGenerator: -- name: configs - files: - - traefik-forward-auth.ini - -# -# Secrets -# -secretGenerator: -- name: traefik-forward-auth-secrets - env: traefik-forward-auth.env diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/service.yaml b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/service.yaml deleted file mode 100644 index 12862bf..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: traefik-forward-auth - labels: - app: traefik-forward-auth -spec: - type: ClusterIP - selector: - app: traefik-forward-auth - ports: - - name: auth-http - port: 4181 - targetPort: 4181 diff --git a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/ingress.yaml b/examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/ingress.yaml deleted file mode 100644 index 2c954f3..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/ingress.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: whoami - labels: - app: whoami - annotations: - kubernetes.io/ingress.class: traefik - ingress.kubernetes.io/auth-type: forward - ingress.kubernetes.io/auth-url: http://traefik-forward-auth:4181 - ingress.kubernetes.io/auth-response-headers: X-Forwarded-User -spec: - rules: - - host: whoami.example.com - http: - paths: - - backend: - serviceName: whoami - servicePort: http diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/configs/traefik.toml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/configs/traefik.toml deleted file mode 100644 index 9939f85..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/configs/traefik.toml +++ /dev/null @@ -1,169 +0,0 @@ -################################################################ -# Global configuration -################################################################ - -# Enable debug mode -# -# Optional -# Default: false -# -# debug = true - -# Log level -# -# Optional -# Default: "ERROR" -# -logLevel = "INFO" - -# Entrypoints to be used by frontends that do not specify any entrypoint. -# Each frontend can specify its own entrypoints. -# -# Optional -# Default: ["http"] -# -defaultEntryPoints = ["http", "https"] - -# If set to true invalid SSL certificates are accepted for backends. -# This disables detection of man-in-the-middle attacks so should only be used on secure backend networks. -# -# Optional -# Default: false -# -insecureSkipVerify = true - -################################################################ -# Entrypoints configuration -################################################################ - -# Entrypoints definition -# -# Optional -# Default: -[entryPoints] - [entryPoints.http] - address = ":80" - compress = true - - [entryPoints.http.redirect] - entryPoint = "https" - - [entryPoints.https] - address = ":443" - compress = true - - [entryPoints.https.tls] - - [entryPoints.https.auth.forward] - address = "http://127.0.0.1:4181" - authResponseHeaders = ["X-Forwarded-User"] - - [entryPoints.traefik] - address = ":8080" - -################################################################ -# Traefik logs configuration -################################################################ - -# Traefik logs -# Enabled by default and log to stdout -# -# Optional -# -[traefikLog] - format = "json" - -# Sets the filepath for the traefik log. If not specified, stdout will be used. -# Intermediate directories are created if necessary. -# -# Optional -# Default: os.Stdout -# -# filePath = "log/traefik.log" - -# Format is either "json" or "common". -# -# Optional -# Default: "common" -# -# format = "common" - -################################################################ -# Access logs configuration -################################################################ - -# Enable access logs -# By default it will write to stdout and produce logs in the textual -# Common Log Format (CLF), extended with additional fields. -# -# Optional -# -# [accessLog] - -# Sets the file path for the access log. If not specified, stdout will be used. -# Intermediate directories are created if necessary. -# -# Optional -# Default: os.Stdout -# -# filePath = "/path/to/log/log.txt" - -# Format is either "json" or "common". -# -# Optional -# Default: "common" -# -# format = "common" - -################################################################ -# API and dashboard configuration -################################################################ - -# Enable API and dashboard -[api] - - # Name of the related entry point - # - # Optional - # Default: "traefik" - # - # entryPoint = "traefik" - - # Enabled Dashboard - # - # Optional - # Default: true - # - # dashboard = false - -################################################################ -# Ping configuration -################################################################ - -# Enable ping -[ping] - - # Name of the related entry point - # - # Optional - # Default: "traefik" - # - # entryPoint = "traefik" - -################################################################ -# Docker configuration backend -################################################################ - -# Enable Kubernetes configuration backend -[kubernetes] - -[acme] -KeyType = "RSA4096" -email = "you@example.com" -storage = "/acme/acme.json" -entryPoint = "https" -onHostRule = true -acmeLogging = true - -[acme.httpChallenge] - entryPoint = "http" diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/deployment.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/deployment.yaml deleted file mode 100644 index e80e945..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# -# Traefik + Traefik Forward Auth Deployment -# -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik - labels: - app: traefik -spec: - replicas: 1 - selector: - matchLabels: - app: traefik - strategy: - type: Recreate - template: - metadata: - labels: - app: traefik - spec: - serviceAccountName: traefik - terminationGracePeriodSeconds: 60 - containers: - - image: traefik:1.7.12 - name: traefik - args: - - --configfile=/config/traefik.toml - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: dash - containerPort: 8080 - protocol: TCP - volumeMounts: - - mountPath: /config - name: configs - - mountPath: /acme - name: acme - - - image: thomseddon/traefik-forward-auth:2 - name: traefik-forward-auth - ports: - - containerPort: 4181 - protocol: TCP - env: - - name: CONFIG - value: "/config" - - name: DOMAIN - value: "example.com" - # INSECURE_COOKIE is required if not using a https entrypoint - # - name: INSECURE_COOKIE - # value: "true" - # Remove COOKIE_DOMAIN if not using auth host mode - - name: COOKIE_DOMAIN - value: "example.com" - - name: AUTH_HOST - value: "auth.example.com" - - name: LOG_LEVEL - value: "info" - - name: PROVIDERS_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-id - - name: PROVIDERS_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: google-client-secret - - name: SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: secret - volumeMounts: - - name: configs - mountPath: /config - subPath: traefik-forward-auth.ini - - volumes: - - name: configs - configMap: - name: configs - - name: traefik-forward-auth-secrets - secret: - secretName: secrets - - name: acme - persistentVolumeClaim: - claimName: traefik-acme diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/ingress.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/ingress.yaml deleted file mode 100644 index 89df622..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/ingress.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# Auth Ingress -# -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: traefik-forward-auth - labels: - app: traefik -spec: - rules: - - host: auth.example.com - http: - paths: - - backend: - serviceName: traefik-forward-auth - servicePort: auth-http - ---- -# -# Dash Ingress -# -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: traefik-dashboard - labels: - app: traefik -spec: - rules: - - host: traefik.example.com - http: - paths: - - backend: - serviceName: traefik-dashboard - servicePort: dashboard-http diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/kustomization.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/kustomization.yaml deleted file mode 100644 index dd7a810..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/kustomization.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default -commonLabels: - app: traefik - -resources: -- deployment.yaml -- service.yaml -- ingress.yaml -- pvc.yaml -- rbac.yaml - -# -# Configs -# -configMapGenerator: -- name: configs - files: - - configs/traefik.toml - - configs/traefik-forward-auth.ini - -# -# Secrets -# -secretGenerator: -- name: traefik-forward-auth-secrets - env: secrets/traefik-forward-auth.env diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/rbac.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/rbac.yaml deleted file mode 100644 index ad1443c..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/rbac.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# RBAC -# Source: traefik/templates/rbac.yaml -# -kind: ServiceAccount -apiVersion: v1 -metadata: - name: traefik ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: traefik -rules: - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: traefik -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik -subjects: -- kind: ServiceAccount - name: traefik - namespace: kube-system diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/service.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/service.yaml deleted file mode 100644 index c21101a..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/traefik/service.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# -# Traefik Service -# -apiVersion: v1 -kind: Service -metadata: - name: traefik - labels: - app: traefik -spec: - # Use NodePort if required - type: LoadBalancer - selector: - app: traefik - ports: - - name: http - port: 80 - targetPort: 80 - - name: https - port: 443 - targetPort: 443 ---- -# -# Auth Service -# -apiVersion: v1 -kind: Service -metadata: - name: traefik-forward-auth - labels: - app: traefik -spec: - type: ClusterIP - selector: - app: traefik - ports: - - name: auth-http - port: 4181 - targetPort: 4181 - ---- -# -# Dash Service -# -apiVersion: v1 -kind: Service -metadata: - name: traefik-dashboard - labels: - app: traefik -spec: - type: ClusterIP - selector: - app: traefik - ports: - - name: dashboard-http - port: 8080 - targetPort: 8080 diff --git a/examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/ingress.yaml b/examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/ingress.yaml deleted file mode 100644 index f53ad49..0000000 --- a/examples/traefik-v1.7/kubernetes/advanced-single-pod/whoami/ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: whoami - labels: - app: whoami - annotations: - kubernetes.io/ingress.class: traefik -spec: - rules: - - host: whoami.example.com - http: - paths: - - backend: - serviceName: whoami - servicePort: http diff --git a/examples/traefik-v1.7/kubernetes/simple-separate-pod/README.md b/examples/traefik-v1.7/kubernetes/simple-separate-pod/README.md deleted file mode 100644 index 5756915..0000000 --- a/examples/traefik-v1.7/kubernetes/simple-separate-pod/README.md +++ /dev/null @@ -1,43 +0,0 @@ - -# Kubernetes - Simple Separate Pod Example - -This is a simple example of how to deploy traefik-forward-auth in it's own pod with minimal configuration. This example is a good starting point for those who already have traefik deployed (e.g. using helm). - -This example uses annotations to apply authentication to selected ingresses (see `k8s-app.yml`). This means ingresses will not be protected by default, only those with these annotations will require forward authentication. For example: - -``` -# -# Ingress -# -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: whoami - labels: - app: whoami - annotations: - kubernetes.io/ingress.class: traefik - ingress.kubernetes.io/auth-type: forward - ingress.kubernetes.io/auth-url: http://traefik-forward-auth:4181 - ingress.kubernetes.io/auth-response-headers: X-Forwarded-User -spec: - rules: - - host: whoami.example.com - http: - paths: - - backend: - serviceName: whoami - servicePort: http -``` - - -Example deployment: -``` -# Deploy traefik-forward-auth -kubectl apply -f k8s-traefik-forward-auth.yml - -# Deploy example whoami app -kubectl apply -f k8s-app.yml -``` - -Please see the advanced examples for more details. diff --git a/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-app.yml b/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-app.yml deleted file mode 100644 index 83b8868..0000000 --- a/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-app.yml +++ /dev/null @@ -1,62 +0,0 @@ -# -# Example Application Deployment -# -apiVersion: apps/v1 -kind: Deployment -metadata: - name: whoami - labels: - app: whoami -spec: - replicas: 1 - selector: - matchLabels: - app: whoami - template: - metadata: - labels: - app: whoami - spec: - containers: - - name: whoami - image: containous/whoami ---- -# -# Service -# -apiVersion: v1 -kind: Service -metadata: - name: whoami - labels: - app: whoami -spec: - ports: - - name: http - port: 80 - selector: - app: whoami - ---- -# -# Ingress -# -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: whoami - labels: - app: whoami - annotations: - kubernetes.io/ingress.class: traefik - ingress.kubernetes.io/auth-type: forward - ingress.kubernetes.io/auth-url: http://traefik-forward-auth:4181 - ingress.kubernetes.io/auth-response-headers: X-Forwarded-User -spec: - rules: - - host: whoami.example.com - http: - paths: - - backend: - serviceName: whoami - servicePort: http diff --git a/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml b/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml deleted file mode 100644 index 10d22b6..0000000 --- a/examples/traefik-v1.7/kubernetes/simple-separate-pod/k8s-traefik-forward-auth.yml +++ /dev/null @@ -1,90 +0,0 @@ -# -# Traefik Forward Auth Deployment -# -apiVersion: apps/v1 -kind: Deployment -metadata: - name: traefik-forward-auth - labels: - app: traefik-forward-auth -spec: - replicas: 1 - selector: - matchLabels: - app: traefik-forward-auth - strategy: - type: Recreate - template: - metadata: - labels: - app: traefik-forward-auth - spec: - terminationGracePeriodSeconds: 60 - containers: - - image: thomseddon/traefik-forward-auth:2 - name: traefik-forward-auth - ports: - - containerPort: 4181 - protocol: TCP - env: - - name: DOMAIN - value: "example.com" - # INSECURE_COOKIE is required unless using https entrypoint - - name: INSECURE_COOKIE - value: "true" - - name: PROVIDERS_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: traefik-forward-auth-google-client-id - - name: PROVIDERS_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: traefik-forward-auth-google-client-secret - - name: SECRET - valueFrom: - secretKeyRef: - name: traefik-forward-auth-secrets - key: traefik-forward-auth-secret - ---- -# -# Auth Service -# -apiVersion: v1 -kind: Service -metadata: - name: traefik-forward-auth - labels: - app: traefik-forward-auth -spec: - type: ClusterIP - selector: - app: traefik-forward-auth - ports: - - name: auth-http - port: 4181 - targetPort: 4181 - ---- -# -# Secrets -# -# Kubernetes requires secret values to be converted to base64 when defined -# explicitly like this. (use `echo -n 'secret-value' | base64`) -# -# These are here for completeness, in reality you may define these elsewhere, -# for example using kustomize (shown in advanced examples) -# -apiVersion: v1 -kind: Secret -metadata: - name: traefik-forward-auth-secrets - labels: - app: traefik-forward-auth -type: Opaque -data: - traefik-forward-auth-google-client-id: base64-client-id - traefik-forward-auth-google-client-secret: base64-client-secret - traefik-forward-auth-secret: base64-something-random diff --git a/examples/traefik-v1.7/swarm/docker-compose-auth-host.yml b/examples/traefik-v1.7/swarm/docker-compose-auth-host.yml deleted file mode 100644 index 3823245..0000000 --- a/examples/traefik-v1.7/swarm/docker-compose-auth-host.yml +++ /dev/null @@ -1,44 +0,0 @@ -version: '3' - -services: - traefik: - image: traefik - command: -c /traefik.toml --logLevel=DEBUG - ports: - - "8085:80" - - "8086:8080" - networks: - - traefik - volumes: - - ./traefik.toml:/traefik.toml - - /var/run/docker.sock:/var/run/docker.sock - - whoami1: - image: containous/whoami - networks: - - traefik - labels: - - "traefik.backend=whoami" - - "traefik.enable=true" - - "traefik.frontend.rule=Host:whoami.yourdomain.com" - - traefik-forward-auth: - image: thomseddon/traefik-forward-auth:2 - environment: - - PROVIDERS_GOOGLE_CLIENT_ID=your-client-id - - PROVIDERS_GOOGLE_CLIENT_SECRET=your-client-secret - - SECRET=something-random - - INSECURE_COOKIE=true - - DOMAIN=yourcompany.com - - AUTH_HOST=auth.yourdomain.com - networks: - - traefik - # When using an auth host, the below must be added - labels: - - traefik.enable=true - - traefik.port=4181 - - traefik.backend=traefik-forward-auth - - traefik.frontend.rule=Host:auth.yourdomain.com - -networks: - traefik: diff --git a/examples/traefik-v1.7/swarm/docker-compose-oidc.yml b/examples/traefik-v1.7/swarm/docker-compose-oidc.yml deleted file mode 100644 index 12d0316..0000000 --- a/examples/traefik-v1.7/swarm/docker-compose-oidc.yml +++ /dev/null @@ -1,40 +0,0 @@ -version: '3' - -services: - traefik: - image: traefik:1.7 - command: -c /traefik.toml - ports: - - "8085:80" - - "8086:8080" - networks: - - traefik - volumes: - - ./traefik.toml:/traefik.toml - - /var/run/docker.sock:/var/run/docker.sock - - whoami1: - image: containous/whoami - networks: - - traefik - labels: - - "traefik.backend=whoami" - - "traefik.enable=true" - - "traefik.frontend.rule=Host:whoami.localhost.com" - - traefik-forward-auth: - build: thomseddon/traefik-forward-auth:2 - environment: - - DEFAULT_PROVIDER=oidc - - PROVIDERS_OIDC_ISSUER_URL=https://login.microsoftonline.com/{tenant} - - PROVIDERS_OIDC_CLIENT_ID=your-client-id - - PROVIDERS_OIDC_CLIENT_SECRET=your-client-secret - - SECRET=something-random - - INSECURE_COOKIE=true - - DOMAIN=yourcompany.com - - LOG_LEVEL=debug - networks: - - traefik - -networks: - traefik: diff --git a/examples/traefik-v1.7/swarm/docker-compose.yml b/examples/traefik-v1.7/swarm/docker-compose.yml deleted file mode 100644 index 1582efb..0000000 --- a/examples/traefik-v1.7/swarm/docker-compose.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: '3' - -services: - traefik: - image: traefik:1.7 - command: -c /traefik.toml --logLevel=DEBUG - ports: - - "8085:80" - - "8086:8080" - networks: - - traefik - volumes: - - ./traefik.toml:/traefik.toml - - /var/run/docker.sock:/var/run/docker.sock - - whoami1: - image: containous/whoami - networks: - - traefik - labels: - - "traefik.backend=whoami" - - "traefik.enable=true" - - "traefik.frontend.rule=Host:whoami.localhost.com" - - traefik-forward-auth: - build: thomseddon/traefik-forward-auth:2 - command: ./traefik-forward-auth --rule.1.action=allow --rule.1.rule="Path(`/public`)" - environment: - - PROVIDERS_GOOGLE_CLIENT_ID=your-client-id - - PROVIDERS_GOOGLE_CLIENT_SECRET=your-client-secret - - SECRET=something-random - - INSECURE_COOKIE=true - - DOMAIN=yourcompany.com - - LOG_LEVEL=debug - networks: - - traefik - -networks: - traefik: diff --git a/examples/traefik-v1.7/swarm/traefik.toml b/examples/traefik-v1.7/swarm/traefik.toml deleted file mode 100644 index 4091d4f..0000000 --- a/examples/traefik-v1.7/swarm/traefik.toml +++ /dev/null @@ -1,138 +0,0 @@ -################################################################ -# Global configuration -################################################################ - -# Enable debug mode -# -# Optional -# Default: false -# -# debug = true - -# Log level -# -# Optional -# Default: "ERROR" -# -# logLevel = "DEBUG" - -# Entrypoints to be used by frontends that do not specify any entrypoint. -# Each frontend can specify its own entrypoints. -# -# Optional -# Default: ["http"] -# -# defaultEntryPoints = ["http", "https"] - -################################################################ -# Entrypoints configuration -################################################################ - -# Entrypoints definition -# -# Optional -# Default: -[entryPoints] - [entryPoints.http] - address = ":80" - - [entryPoints.http.auth.forward] - address = "http://traefik-forward-auth:4181" - authResponseHeaders = ["X-Forwarded-User"] - -################################################################ -# Traefik logs configuration -################################################################ - -# Traefik logs -# Enabled by default and log to stdout -# -# Optional -# -# [traefikLog] - -# Sets the filepath for the traefik log. If not specified, stdout will be used. -# Intermediate directories are created if necessary. -# -# Optional -# Default: os.Stdout -# -# filePath = "log/traefik.log" - -# Format is either "json" or "common". -# -# Optional -# Default: "common" -# -# format = "common" - -################################################################ -# Access logs configuration -################################################################ - -# Enable access logs -# By default it will write to stdout and produce logs in the textual -# Common Log Format (CLF), extended with additional fields. -# -# Optional -# -# [accessLog] - -# Sets the file path for the access log. If not specified, stdout will be used. -# Intermediate directories are created if necessary. -# -# Optional -# Default: os.Stdout -# -# filePath = "/path/to/log/log.txt" - -# Format is either "json" or "common". -# -# Optional -# Default: "common" -# -# format = "common" - -################################################################ -# API and dashboard configuration -################################################################ - -# Enable API and dashboard -[api] - - # Name of the related entry point - # - # Optional - # Default: "traefik" - # - # entryPoint = "traefik" - - # Enabled Dashboard - # - # Optional - # Default: true - # - # dashboard = false - -################################################################ -# Ping configuration -################################################################ - -# Enable ping -[ping] - - # Name of the related entry point - # - # Optional - # Default: "traefik" - # - # entryPoint = "traefik" - -################################################################ -# Docker configuration backend -################################################################ - -# Enable Docker configuration backend -[docker] -exposedByDefault = false -network = "traefik" diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/kustomization.yaml b/examples/traefik-v2/kubernetes/advanced-separate-pod/kustomization.yaml deleted file mode 100644 index 5d673ff..0000000 --- a/examples/traefik-v2/kubernetes/advanced-separate-pod/kustomization.yaml +++ /dev/null @@ -1,3 +0,0 @@ -bases: -- traefik-forward-auth -- whoami diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/configs/traefik-forward-auth.ini b/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/configs/traefik-forward-auth.ini deleted file mode 100644 index 1bf8868..0000000 --- a/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/configs/traefik-forward-auth.ini +++ /dev/null @@ -1,8 +0,0 @@ -rule.example_public.action=allow -rule.example_public.rule=Host("stats.example.com") && PathPrefix("/api/public") - -rule.example_api.action=allow -rule.example_api.rule=Host("api.example.com") && Headers("X-API-Authorization", "a-long-api-key") - -rule.example_api_query.action=allow -rule.example_api_query.rule=Host("api.example.com") && && Query("api_key=a-long-api-key") diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/secrets/traefik-forward-auth.env b/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/secrets/traefik-forward-auth.env deleted file mode 100644 index 06ab509..0000000 --- a/examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/secrets/traefik-forward-auth.env +++ /dev/null @@ -1,3 +0,0 @@ -google-client-id=client-id -google-client-secret=client-secret -secret=something-random diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/deployment.yaml b/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/deployment.yaml deleted file mode 100644 index 0c61e82..0000000 --- a/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: whoami - labels: - app: whoami -spec: - replicas: 1 - selector: - matchLabels: - app: whoami - template: - metadata: - labels: - app: whoami - spec: - containers: - - image: containous/whoami - name: whoami diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/kustomization.yaml b/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/kustomization.yaml deleted file mode 100644 index 917c852..0000000 --- a/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -commonLabels: - app: whoami - -resources: -- deployment.yaml -- service.yaml -- ingress.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/service.yaml b/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/service.yaml deleted file mode 100644 index 77c8eb0..0000000 --- a/examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: whoami - labels: - app: whoami -spec: - type: ClusterIP - ports: - - name: http - port: 80 - selector: - app: whoami - diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/README.md b/examples/traefik-v2/kubernetes/advanced-single-pod/README.md deleted file mode 100644 index 25e914b..0000000 --- a/examples/traefik-v2/kubernetes/advanced-single-pod/README.md +++ /dev/null @@ -1,18 +0,0 @@ - -# Kubernetes - Advanced Single Pod Example - -This is an advanced example of how to deploy traefik and traefik-forward-auth in a single pod. This example is a good starting point for those who already have a manually defined traefik config (e.g. not using helm). - -This example uses [Global Authentication](https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md#global-authentication) to apply authentication for the entire `https` entrypoint. - -This example also includes SSL via traefik acme/lesencrypt, auth host mode, exposes the traefik dashboard and leverages kustomise. No special config if required for your applications, but a simple example "whoami" application (deployment, service and ingress) is included for completeness. - -Example deployment: - -``` -# Deploy traefik+traefik-forward-auth -kubectl apply -k traefik - -# Deploy whoami app -kubectl apply -k whoami -``` diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/kustomization.yaml b/examples/traefik-v2/kubernetes/advanced-single-pod/kustomization.yaml deleted file mode 100644 index c8bfa5a..0000000 --- a/examples/traefik-v2/kubernetes/advanced-single-pod/kustomization.yaml +++ /dev/null @@ -1,3 +0,0 @@ -bases: -- traefik -- whoami diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/configs/traefik-forward-auth.ini b/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/configs/traefik-forward-auth.ini deleted file mode 100644 index 1bf8868..0000000 --- a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/configs/traefik-forward-auth.ini +++ /dev/null @@ -1,8 +0,0 @@ -rule.example_public.action=allow -rule.example_public.rule=Host("stats.example.com") && PathPrefix("/api/public") - -rule.example_api.action=allow -rule.example_api.rule=Host("api.example.com") && Headers("X-API-Authorization", "a-long-api-key") - -rule.example_api_query.action=allow -rule.example_api_query.rule=Host("api.example.com") && && Query("api_key=a-long-api-key") diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/pvc.yaml b/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/pvc.yaml deleted file mode 100644 index 3a131ae..0000000 --- a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/pvc.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Source: traefik/templates/acme-pvc.yaml -# -# PVC -# -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: traefik-acme - labels: - app: traefik -spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "1Gi" - storageClassName: "local-traefik-acme" diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env b/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env deleted file mode 100644 index 06ab509..0000000 --- a/examples/traefik-v2/kubernetes/advanced-single-pod/traefik/secrets/traefik-forward-auth.env +++ /dev/null @@ -1,3 +0,0 @@ -google-client-id=client-id -google-client-secret=client-secret -secret=something-random diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/deployment.yaml b/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/deployment.yaml deleted file mode 100644 index 0c61e82..0000000 --- a/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: whoami - labels: - app: whoami -spec: - replicas: 1 - selector: - matchLabels: - app: whoami - template: - metadata: - labels: - app: whoami - spec: - containers: - - image: containous/whoami - name: whoami diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/kustomization.yaml b/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/kustomization.yaml deleted file mode 100644 index 917c852..0000000 --- a/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -commonLabels: - app: whoami - -resources: -- deployment.yaml -- service.yaml -- ingress.yaml diff --git a/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/service.yaml b/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/service.yaml deleted file mode 100644 index 77c8eb0..0000000 --- a/examples/traefik-v2/kubernetes/advanced-single-pod/whoami/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: whoami - labels: - app: whoami -spec: - type: ClusterIP - ports: - - name: http - port: 80 - selector: - app: whoami -