Setup authelia ingress with helm values

apps/prod/authelia/forward-auth-middleware.yaml

@@ -1,15 +0,0 @@
-# /apps/prod/authelia/forward-auth-middleware.yaml
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: authelia
-  namespace: auth
-spec:
-  forwardAuth:
-    address: 'http://authelia.auth.svc.cluster.local/api/verify?rd=https://auth.example.com'
-    trustForwardHeader: true
-    authResponseHeaders:
-    - "Remote-User"
-    - "Remote-Groups"
-    - "Remote-Email"
-    - "Remote-Name"

apps/prod/authelia/ingress.yaml

@@ -1,15 +0,0 @@
-# /apps/prod/authelia/ingress.yaml
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: authelia-ingress
-  namespace: auth
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`auth.example.com`)
-    kind: Rule
-    services:
-    - name: authelia
-      port: 80

apps/prod/authelia/kustomization.yaml

@@ -6,8 +6,6 @@ namespace: auth
 resources:
   - ../../base/authelia
   - release.yaml
-  - ingress.yaml
-  - forward-auth-middleware.yaml
   - users-database.enc.yaml
 
 configMapGenerator:

apps/prod/authelia/values.yaml

@@ -40,3 +40,20 @@ pod:
   - name: authelia-users-vol
     secret:
       secretName: authelia-users-secret
+
+ingress:
+  enabled: true
+  ingressClassName: "traefik"
+  traefikCRD:
+    enabled: true
+    middlewares:
+      auth:
+        nameOverride: "authelia"
+        authResponseHeaders:
+          - "Remote-User"
+          - "Remote-Groups"
+          - "Remote-Email"
+          - "Remote-Name"
+    matchOverride: Host(`auth.example.com`)
+    entryPoints:
+      - "websecure"

infrastructure/controllers/traefik/values.yaml

@@ -7,9 +7,8 @@ ingressRoute:
     enabled: true
     matchRule: Host(`traefik.example.com`)
     entryPoints: ["websecure"]
-    # middlewares:
-    #   - name: "authelia@kubernetescrd"
-    #   - namespace: "auth"
+    middlewares:
+      - name: "auth-authelia@kubernetescrd"
 providers:
   kubernetesCRD:
     allowCrossNamespace: true