apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: authentik-proxy-provider
  namespace: traefik
spec:
  forwardAuth:
    address: http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
    trustForwardHeader: true
    authResponseHeaders:
      - X-authentik-username
      - X-authentik-groups
      - X-authentik-email
      - X-authentik-name
      - X-authentik-uid
      - X-authentik-jwt
      - X-authentik-meta-jwks
      - X-authentik-meta-outpost
      - X-authentik-meta-provider
      - X-authentik-meta-app
      - X-authentik-meta-version

---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: whitelist
  namespace: traefik
spec:
  ipWhiteList:
    sourceRange:
      - 192.168.0.0/16
      - 172.16.0.0/12
      - 10.0.0.0/8

---
#apiVersion: traefik.io/v1alpha1
#kind: Middleware
#metadata:
#  name: bouncer
#  namespace: traefik
#spec:
#  plugin:
#    bouncer:
#      enabled: true
#      crowdsecMode: stream
#      crowdsecLapiScheme: https
#      crowdsecLapiTLSInsecureVerify: true
#      crowdsecLapiHost: crowdsec-service.crowdsec:8080
#      crowdsecLapiKey:
#        valueFrom:
#          secretKeyRef:
#            name: crowdsec-lapi-key
#            key: lapi-key