mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
33 lines
868 B
YAML
33 lines
868 B
YAML
---
|
|
# yaml-language-server: $schema=https://schemas.budimanjojo.com/gateway.envoyproxy.io/securitypolicy_v1alpha1.json
|
|
apiVersion: gateway.envoyproxy.io/v1alpha1
|
|
kind: SecurityPolicy
|
|
metadata:
|
|
name: ${APP}
|
|
spec:
|
|
extAuth:
|
|
headersToExtAuth:
|
|
- X-Forwarded-For # this is here so we can get the real IP
|
|
- X-Forwarded-Proto
|
|
- authorization
|
|
- header-authorization
|
|
- proxy-authorization
|
|
- accept
|
|
- cookie
|
|
failOpen: false
|
|
http:
|
|
backendRefs:
|
|
- group: ""
|
|
kind: Service
|
|
name: authelia
|
|
namespace: default
|
|
port: 8888
|
|
path: /api/authz/ext-authz/
|
|
headersToBackend:
|
|
- 'remote-*'
|
|
- 'authelia-*'
|
|
targetRefs:
|
|
- group: ${EXT_AUTH_GROUP:-gateway.networking.k8s.io}
|
|
kind: ${EXT_AUTH_KIND:-HTTPRoute}
|
|
name: ${EXT_AUTH_TARGET:-${APP}}
|