From 2b29dc8794cc0bc61b99842a270ee9c0cdcbe630 Mon Sep 17 00:00:00 2001 From: Ethan Leisinger <770373+packruler@users.noreply.github.com> Date: Wed, 2 Nov 2022 16:39:33 -0600 Subject: [PATCH] feat(traefik): add support for insecureForwardAuth (#4247) * add support for insecureSkipVerify for forwardAuth * Fix handling of empty tls * try something else * simplify with with * improve question layout and make proper version * use piping for default * Add some warning language for new feature Signed-off-by: Ethan Leisinger <770373+packruler@users.noreply.github.com> --- charts/stable/traefik/Chart.yaml | 2 +- .../traefik/templates/middlewares/forwardauth.yaml | 4 ++++ .../questions/traefik/forwardAuthMiddleware.yaml | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/charts/stable/traefik/Chart.yaml b/charts/stable/traefik/Chart.yaml index a57c9a8d632..7e20749103d 100644 --- a/charts/stable/traefik/Chart.yaml +++ b/charts/stable/traefik/Chart.yaml @@ -23,7 +23,7 @@ sources: - https://github.com/traefik/traefik-helm-chart - https://traefik.io/ type: application -version: 13.4.16 +version: 13.5.0 annotations: truecharts.org/catagories: | - network diff --git a/charts/stable/traefik/templates/middlewares/forwardauth.yaml b/charts/stable/traefik/templates/middlewares/forwardauth.yaml index 7a3e32fdbf7..4bdefbd5c01 100644 --- a/charts/stable/traefik/templates/middlewares/forwardauth.yaml +++ b/charts/stable/traefik/templates/middlewares/forwardauth.yaml @@ -27,4 +27,8 @@ spec: {{- if $middlewareData.trustForwardHeader }} trustForwardHeader: true {{- end }} + {{- with $middlewareData.tls }} + tls: + insecureSkipVerify: {{ .insecureSkipVerify | default false }} + {{- end }} {{ end }} diff --git a/templates/questions/traefik/forwardAuthMiddleware.yaml b/templates/questions/traefik/forwardAuthMiddleware.yaml index 98d37838ef2..13159552750 100644 --- a/templates/questions/traefik/forwardAuthMiddleware.yaml +++ b/templates/questions/traefik/forwardAuthMiddleware.yaml @@ -27,6 +27,20 @@ schema: type: boolean default: false + - variable: tls + label: TLS + schema: + additional_attrs: true + type: dict + attrs: + - variable: insecureSkipVerify + label: insecureSkipVerify (expert) + description: >- + This disables all TLS certificate validation on communications with the authentication endpoint. + This could be a security risk and should only be used if you know what you are doing. + schema: + type: boolean + default: false - variable: authResponseHeadersRegex label: authResponseHeadersRegex schema: