Header rewrite Traefik plugin
April 18, 2023 ยท View on GitHub
Traefik plugin that can modify http headers.
Configuration
Traefik static configuration for local plugin:
...
experimental:
localPlugins:
header-rewrite:
moduleName: github.com/che-incubator/header-rewrite-traefik-plugin
Plugin is then configured as a route middleware
http:
routers:
route1:
middlewares: ["headerRewrite"]
middlewares:
headerRewrite:
plugin:
header-rewrite:
from: X-Forwarded-Access-Token
to: Authorization
prefix: 'Bearer '
keepOriginal: false
keepOriginalTarget: true
In this example, when there is X-Forwarded-Access-Token header, it's values will be moved
into Authorization header with Bearer as a value prefix. The X-Forwarded-Access-Token header
will be removed (keepOriginal: false) and if there were any values in Authorization header, they
will stay there (keepOriginalTarget: true).
Motivation
This project was created because openshift/oauth-proxy
can't put OpenShift token into Authorization header for the upstream application, where we need it
for kube-rbac-proxy to work properly. It can only
put it into X-Forwarded-Access-Token header and thus we need this plugin to take the token
from X-Forwarded-Access-Token and set it into Authorization header with Bearer prefix.
Note: Upstream oauth2-proxy can do what we need, so we don't need this component on Kubernetes. Some guys has made an effort to port this feature into OpenShift fork, but it was rejected.
Trademark
"Che" is a trademark of the Eclipse Foundation.