feat: support for forward auth locally (#1069)

devantler · web-flow · commit d99a6941b02d · 2025-07-25T15:12:54.000Z
* fix(deps): update oauth2-proxy redirect URL and forward-auth address

Signed-off-by: Nikolai Emil Damm &lt;nikolaiemildamm@icloud.com&gt;

* Update k8s/distributions/kind/infrastructure/controllers/coredns/deployment.yaml

Signed-off-by: Nikolai Emil Damm &lt;ned@devantler.tech&gt;

---------

Signed-off-by: Nikolai Emil Damm &lt;nikolaiemildamm@icloud.com&gt;
Signed-off-by: Nikolai Emil Damm &lt;ned@devantler.tech&gt;
diff --git a/k8s/bases/infrastructure/controllers/oauth2-proxy/helm-release.yaml b/k8s/bases/infrastructure/controllers/oauth2-proxy/helm-release.yaml
@@ -30,6 +30,7 @@ spec:
         github_users = ["devantler"]
         email_domains = [ "*" ]
         cookie_domains=[".${domain}"]
+        redirect_url = "https://oauth2-proxy.${domain}/oauth2/callback"
         upstreams = [ "static://202" ]
         skip_provider_button = true
         reverse_proxy = true
diff --git a/k8s/bases/infrastructure/middlewares/forward-auth/forward-auth.yaml b/k8s/bases/infrastructure/middlewares/forward-auth/forward-auth.yaml
@@ -5,7 +5,7 @@ metadata:
   namespace: traefik
 spec:
   forwardAuth:
-    address: https://oauth2-proxy.${domain}/
+    address: http://oauth2-proxy.oauth2-proxy.svc.cluster.local/
     trustForwardHeader: true
     authResponseHeaders:
       - X-Auth-Request-Access-Token
diff --git a/k8s/distributions/kind/infrastructure/controllers/coredns/corefile-config-map.yaml b/k8s/distributions/kind/infrastructure/controllers/coredns/corefile-config-map.yaml
@@ -1,4 +1,3 @@
-# TODO: Fix dns to rewrite external domain names to internal service names
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -12,7 +11,7 @@ data:
         lameduck 5s
       }
       ready
-      rewrite name regex (.*)\.${domain_regex} {2}.{2}.svc.cluster.local answer auto
+      rewrite name regex (.*)\.${domain_regex} traefik.traefik.svc.cluster.local answer auto
       kubernetes cluster.local in-addr.arpa ip6.arpa {
         pods insecure
         fallthrough in-addr.arpa ip6.arpa
diff --git a/k8s/distributions/kind/infrastructure/controllers/coredns/deployment.yaml b/k8s/distributions/kind/infrastructure/controllers/coredns/deployment.yaml
@@ -1,3 +1,4 @@
+# TODO: Rework CoreDNS deployment into a helm-release
 apiVersion: apps/v1
 kind: Deployment
 metadata:
diff --git a/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml b/k8s/distributions/kind/infrastructure/controllers/kustomization.yaml
@@ -3,8 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../../../../bases/infrastructure/controllers/
-  # TODO: Add coredns to the kind distribution once the rewrite issue is resolved
-  #- coredns/
+  - coredns/
 patches:
   - target:
       kind: HelmRelease

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+# TODO: Rework CoreDNS deployment into a helm-release`
`1`	`2`	`apiVersion: apps/v1`
`2`	`3`	`kind: Deployment`
`3`	`4`	`metadata:`