FLOW traefik-forward-auth chart

Go Template 100%

Find a file

Repository files (latest commit first)
Filename	Latest commit message	Latest commit date
Kojuharov, Gantcho (RWS CIV) 46a79dc065 Merge branch 'force-pkce' into 'main' Force PKCE See merge request osr-wm/development/enabling/charts/traefik-forward-auth!7		2026-01-22 16:21:56 +01:00
chart	repo fix	2026-01-22 16:20:25 +01:00
.gitignore	EN-1980/chart for traefik forward auth	2025-05-09 15:20:40 +02:00
.gitlab-ci.yml	EN-3305 - Implement development release pattern	2026-01-15 11:18:52 +01:00
README.md	EN-1980/chart for traefik forward auth	2025-05-09 15:20:40 +02:00
renovate.json	Add renovate.json	2025-05-06 15:04:26 +00:00

README.md

traefik-forward-auth

This chart deploys a Traefik Forward Auth service configured to login with Gitlab.

Usage

To use the Traefik Forward Auth you need to add an IngressRoute and a Middleware resources to your chart.

For example:

---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: {{ .Release.Name }}
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`{{ .Values.ingress.host }}`)
      kind: Rule
      services:
        - name: {{ .Release.Name }}
          port: 80
      middlewares:
        - name: {{ .Release.Name }}-traefik-forward-auth

---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: {{ .Release.Name }}-traefik-forward-auth
spec:
  forwardAuth:
    address: http://traefik-forward-auth.traefik-forward-auth:4181 # This is where FLOW deploys the forward auth service by default 
    authResponseHeaders:
      - X-Forwarded-User

NOTE: The IngressRoute will replace your Ingress resource.

NOTE: You need to also add <your-application-url/_oauth> as a valid redirect uri to the Gitlab OIDC provider application.