auricom-home-cluster/kubernetes/apps/network/envoy-gateway/internal/securitypolicy.yaml

---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: SecurityPolicy
metadata:
  name: internal-secure
spec:
  extAuth:
    failOpen: false
    headersToExtAuth:
      - X-Forwarded-Proto
      - authorization
      - proxy-authorization
      - accept
      - cookie
    http:
      backendRefs:
        - group: ""
          kind: Service
          name: authelia
          namespace: default
          port: 80
      path: /api/authz/ext-authz/
  targetRefs:
    - group: gateway.networking.k8s.io
      kind: Gateway
      name: internal