How to use Request header as a pathvariable of entryPoint address for Traefik ingress controller

12/4/2019

I use traefic 1.7 for services authentication via Keycloak in kubernate. (I already have Bearer token and need just to validate it via Keycloak)

My ingress controller looks like this:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-conf
  namespace: kube-system
data:
  traefik.toml: |
    # traefik.toml
    defaultEntryPoints = ["http"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
      [entryPoints.my-api]
        address = ":9999"
        [entryPoints.my-api.auth.forward]
          address = "https://keycloak-host/auth/realms/R-1/protocol/openid-connect/userinfo"
          trustForwardHeader = true
    [kubernetes]
    namespaces = ["n1", "n2","n3","n4"]
    [respondingTimeouts]
    readTimeout = "120s"
    writeTimeout = "5s"
    idleTimeout = "360s"

The problem is that I have different realms for different organisation in Keycoak. In a request header I have Org-Id and I need to place instead of R-1:

address = "https://keycloak-host/auth/realms/R-${Org-Id}/protocol/openid-connect/userinfo"

Is there a way to extract the header from request and place it to the address path?

-- eGoLai
keycloak
kubernetes
kubernetes-ingress
traefik
traefik-ingress

0 Answers