I use traefic 1.7 for services authentication via Keycloak in kubernate. (I already have Bearer token and need just to validate it via Keycloak)
My ingress controller looks like this:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-conf
namespace: kube-system
data:
traefik.toml: |
# traefik.toml
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.my-api]
address = ":9999"
[entryPoints.my-api.auth.forward]
address = "https://keycloak-host/auth/realms/R-1/protocol/openid-connect/userinfo"
trustForwardHeader = true
[kubernetes]
namespaces = ["n1", "n2","n3","n4"]
[respondingTimeouts]
readTimeout = "120s"
writeTimeout = "5s"
idleTimeout = "360s"
The problem is that I have different realms for different organisation in Keycoak. In a request header I have Org-Id
and I need to place instead of R-1:
address = "https://keycloak-host/auth/realms/R-${Org-Id}/protocol/openid-connect/userinfo"
Is there a way to extract the header from request and place it to the address path?