jakubhajek/ingress.yaml

## ingress.yaml
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: app-tls
  namespace: app
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`app.d.aws.traefiklabs.tech`)
      services:
        - name: app-v1
          port: 80
      middlewares:
        - name: oidc-auth
  tls:
    certResolver: default
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: app-tls-jwt
  namespace: app
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
    # consider having a more precise regular expression to match the JWT token explicitly
      match: Host(`app.d.aws.traefiklabs.tech`) && HeadersRegexp (`Authorization`, `Bearer*`)
      services:
        - name: app-v1
          port: 80
      middlewares:
        - name: jwt-auth
  tls:
    certResolver: default
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: oidc-auth
  namespace: app
spec:
  plugin:
    oidcAuth:
      source: oidcSource
      scopes:
        - openid
      redirectUrl: "/callback"
      session:
        name: "%s-session"
        path: "/"
        secret: powpowpowpowpowpowpowpow
        expiry: 86400
      forwardHeaders:
        X-Traefik-Group: groups
      claims: Contains(`groups`, `admin`)

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: jwt-auth
  namespace: app
spec:
  plugin:
    jwtAuth:
      source: jwtSource
      forwardHeaders:
        X-User: id
	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: app-tls
	namespace: app
	spec:
	entryPoints:
	- websecure
	routes:
	- kind: Rule
	match: Host(`app.d.aws.traefiklabs.tech`)
	services:
	- name: app-v1
	port: 80
	middlewares:
	- name: oidc-auth
	tls:
	certResolver: default
	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: app-tls-jwt
	namespace: app
	spec:
	entryPoints:
	- websecure
	routes:
	- kind: Rule
	# consider having a more precise regular expression to match the JWT token explicitly
	match: Host(`app.d.aws.traefiklabs.tech`) && HeadersRegexp (`Authorization`, `Bearer*`)
	services:
	- name: app-v1
	port: 80
	middlewares:
	- name: jwt-auth
	tls:
	certResolver: default
	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: Middleware
	metadata:
	name: oidc-auth
	namespace: app
	spec:
	plugin:
	oidcAuth:
	source: oidcSource
	scopes:
	- openid
	redirectUrl: "/callback"
	session:
	name: "%s-session"
	path: "/"
	secret: powpowpowpowpowpowpowpow
	expiry: 86400
	forwardHeaders:
	X-Traefik-Group: groups
	claims: Contains(`groups`, `admin`)

	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: Middleware
	metadata:
	name: jwt-auth
	namespace: app
	spec:
	plugin:
	jwtAuth:
	source: jwtSource
	forwardHeaders:
	X-User: id