Create forward auth

2025-08-14 06:49:05 +02:00 · 2024-05-17 00:03:52 +02:00
parent c466587bb5
commit 0b1ca6338f
15 changed files with 156 additions and 27 deletions
--- a/deployment/auth-service/deployment.yaml
+++ b/deployment/auth-service/deployment.yaml
@@ -40,7 +40,12 @@ spec:
          volumeMounts:
            - name: gh-auth-service-certs
              mountPath: /etc/gh-auth-service/ssl
+            - name: zitadel-service-account
+              mountPath: /etc/gh-auth-service/zitadel
      volumes:
      - name: gh-auth-service-certs
        secret:
          secretName: gh-auth-service-tls
+      - name: zitadel-service-account
+        secret:
+          secretName: zitadel-service-account
--- a/deployment/auth-service/forwardAuth.yaml
+++ b/deployment/auth-service/forwardAuth.yaml
@@ -0,0 +1,11 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: auth-service
+spec:
+  forwardAuth:
+    address: https://gh-auth-service/auth
+    authResponseHeaders:
+      - id
+    tls:
+      insecureSkipVerify: true
--- a/deployment/auth-service/kustomization.yaml
+++ b/deployment/auth-service/kustomization.yaml
@@ -4,6 +4,8 @@ namespace: generations-heritage

 resources:
  - ./certificate.yaml
+  - ./zitadel-acces-key.yaml
  - ./deployment.yaml
  - ./service.yaml
  - ./horizontalPodAutoScaler.yaml
+  - ./forwardAuth.yaml