17 lines
653 B
YAML
17 lines
653 B
YAML
# Traefik terminates TLS; the hop Traefik → Headlamp is often HTTP, so Headlamp may see
|
|
# X-Forwarded-Proto=http and build OAuth redirect/callback as http — Authentik then rejects
|
|
# the flow (redirect URI / PKCE / cookie issues). Force the external scheme for Headlamp.
|
|
# Reference from Ingress: headlamp-https-proto@kubernetescrd (same namespace as the Ingress).
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: headlamp-https-proto
|
|
namespace: headlamp
|
|
labels:
|
|
app.kubernetes.io/name: headlamp
|
|
app.kubernetes.io/component: ingress-middleware
|
|
spec:
|
|
headers:
|
|
customRequestHeaders:
|
|
X-Forwarded-Proto: "https"
|