Traefik Forward Authentication in k8s ingress controller

Asked 21/6, 2018 at 9:5 Answered 13/11, 2023 at 15:0

Hello I tried looking at the auth options in the annotations for kubernetes traefik ingress. I couldn't find anything where I could configure Forward Authentication as documented here: https://docs.traefik.io/configuration/entrypoints/#forward-authentication

I would like to be able to configure forward authentication per ingress resource. This is possible in the nginx ingress controller.

Is that supported currently?

Baron answered 21/6, 2018 at 9:5 Comment(0)

According to the Traefik documentation that feature will be available in version 1.7 of Traefik (currently a release candidate).

Here is a link to the authentication documentation

My guess is that you will need to add the following 2 annotations:

ingress.kubernetes.io/auth-type: forward
ingress.kubernetes.io/auth-url: https://example.com

and probably also the following annotation with the corresponding header fields your auth service returns as value:

ingress.kubernetes.io/auth-response-headers: X-Auth-User, X-Secret

Haas answered 8/8, 2018 at 7:27 Comment(0)

With traefik 2.10.1, if you need forward authentication. you can define a traefik middleware like this:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  labels:
    k8slens-edit-resource-version: v1alpha1
  name: jwt-token-auth
  namespace: reddwarf-pro
spec:
  forwardAuth:
    address: >-
      http://your-auth-service/auth/access_token/verify
    trustForwardHeader: true

then apply the middleware in the route like this:

spec:
  entryPoints:
    - web
  routes:
    - kind: Rule
      match: Host(`tex.foobar.top`) && PathPrefix(`/tex`)
      middlewares:
        - name: jwt-token-auth
      priority: 2
      services:
        - name: backend-service
          port: 8000

Bouncy answered 13/11, 2023 at 15:0 Comment(0)

Recommended topics

Hot tags