Manually define forward auth middleware

apps/prod/authelia/forward-auth-middleware.yaml

@@ -0,0 +1,15 @@
+# /apps/prod/authelia/forward-auth-middleware.yaml
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authelia
+  namespace: auth
+spec:
+  forwardAuth:
+    address: 'http://authelia.auth.svc.cluster.local/api/authz/forward-auth?authelia_url=https%3A%2F%2Fauth.example.com'
+    trustForwardHeader: true
+    authResponseHeaders:
+    - "Remote-User"
+    - "Remote-Groups"
+    - "Remote-Email"
+    - "Remote-Name"

apps/prod/authelia/kustomization.yaml

@@ -5,8 +5,9 @@ namespace: auth
 
 resources:
   - ../../base/authelia
-  - release.yaml
   - users-database.enc.yaml
+  - release.yaml
+  - forward-auth-middleware.yaml
 
 configMapGenerator:
   - name: authelia-prod-values

apps/prod/authelia/values.yaml

@@ -51,14 +51,6 @@ ingress:
   ingressClassName: "traefik"
   traefikCRD:
     enabled: true
-    middlewares:
-      auth:
-        nameOverride: "authelia"
-        authResponseHeaders:
-          - "Remote-User"
-          - "Remote-Groups"
-          - "Remote-Email"
-          - "Remote-Name"
     matchOverride: Host(`auth.example.com`)
     entryPoints:
       - "websecure"