homelab/infra/controllers/authentik/middlewares.yaml

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
    name: authentik
    namespace: authentik-system
spec:
    forwardAuth:
        # This address should point to the cluster endpoint provided by the kubernetes service, not the Ingress.
        address: http://authentik-server.authentik-system/outpost.goauthentik.io/auth/traefik
        trustForwardHeader: true
        authResponseHeaders:
            - X-authentik-username
            - X-authentik-groups
            - X-authentik-email
            - X-authentik-name
            - X-authentik-uid
            - X-authentik-jwt
            - X-authentik-meta-jwks
            - X-authentik-meta-outpost
            - X-authentik-meta-provider
            - X-authentik-meta-app
            - X-authentik-meta-version