titan-iac/services/vault/middleware.yaml

# services/vault/middleware.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: vault-forward-auth
  namespace: vault
spec:
  forwardAuth:
    address: http://oauth2-proxy.sso.svc.cluster.local:4180/oauth2/auth
    trustForwardHeader: true
    authResponseHeaders:
      - Authorization
      - X-Auth-Request-Email
      - X-Auth-Request-User
      - X-Auth-Request-Groups