Rename selective auth + fix selective auth examples (thomseddon#130)

README.md

@@ -29,8 +29,8 @@ A minimal forward authentication service that provides OAuth/SSO login and authe
   - [User Restriction](#user-restriction)
   - [Applying Authentication](#applying-authentication)
     - [Global Authentication](#global-authentication)
-    - [Individual Ingress Authentication in Kubernetes](#individual-ingress-authentication-in-kubernetes)
-    - [Individual Container Authentication in Swarm](#individual-container-authentication-in-swarm)
+    - [Selective Ingress Authentication in Kubernetes](#selective-ingress-authentication-in-kubernetes)
+    - [Selective Container Authentication in Swarm](#selective-container-authentication-in-swarm)
     - [Rules Based Authentication](#rules-based-authentication)
   - [Operation Modes](#operation-modes)
     - [Overlay Mode](#overlay-mode)
@@ -320,7 +320,7 @@ The authenticated user is set in the `X-Forwarded-User` header, to pass this on
 
 ### Applying Authentication
 
-Authentication can be applied in a variety of ways, either globally across all requests, or to individual containers/ingresses.
+Authentication can be applied in a variety of ways, either globally across all requests, or selectively to specific containers/ingresses.
 
 #### Global Authentication
 
@@ -343,7 +343,7 @@ Or https:
 
 Note: Traefik prepends the namespace to the name of middleware defined via a kubernetes resource. This is handled automatically when referencing the middleware from another resource in the same namespace (so the namespace does not need to be prepended when referenced). However the full name, including the namespace, must be used when referenced from static configuration (e.g. command arguments or config file), hence you must prepend the namespace to your traefik-forward-auth middleware reference, as shown in the comments above (e.g. `default-traefik-forward-auth` if your middleware is named `traefik-forward-auth` and is defined in the `default` namespace).
 
-#### Individual Ingress Authentication in Kubernetes
+#### Selective Ingress Authentication in Kubernetes
 
 If you choose not to enable forward authentication for a specific entrypoint, you can apply the middleware to selected ingressroutes:
 
@@ -369,7 +369,7 @@ spec:
 
 See the examples directory for more examples.
 
-#### Individual Container Authentication in Swarm
+#### Selective Container Authentication in Swarm
 
 You can apply labels to selected containers:
 

examples/traefik-v1.7/kubernetes/advanced-separate-pod/README.md

@@ -3,7 +3,7 @@
 
 This is an advanced example of how to deploy traefik-forward-auth in it's own pod. This example is a good starting point for those who already have traefik deployed (e.g. using helm).
 
-This example uses [Individual Authentication](https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md#individual-ingress-authentication-in-kubernetes) to selectively apply forward authentication to each individual ingress, a simple example "whoami" application (deployment, service and ingress) is included for completeness.
+This example uses [Selective Authentication](https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md#selective-ingress-authentication-in-kubernetes) to selectively apply forward authentication to each selective ingress, a simple example "whoami" application (deployment, service and ingress) is included for completeness.
 
 This example leverages kustomise to define Secrets and ConfigMaps, example deployment:
 

examples/traefik-v1.7/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml

@@ -7,6 +7,11 @@ metadata:
   name: traefik-forward-auth
   labels:
     app: traefik-forward-auth
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    ingress.kubernetes.io/auth-type: forward
+    ingress.kubernetes.io/auth-url: http://traefik-forward-auth:4181
+    ingress.kubernetes.io/auth-response-headers: X-Forwarded-User
 spec:
   rules:
   - host: auth.example.com

examples/traefik-v1.7/kubernetes/advanced-separate-pod/whoami/ingress.yaml

@@ -6,6 +6,9 @@ metadata:
     app: whoami
   annotations:
     kubernetes.io/ingress.class: traefik
+    ingress.kubernetes.io/auth-type: forward
+    ingress.kubernetes.io/auth-url: http://traefik-forward-auth:4181
+    ingress.kubernetes.io/auth-response-headers: X-Forwarded-User
 spec:
   rules:
   - host: whoami.example.com

examples/traefik-v2/kubernetes/advanced-separate-pod/README.md

@@ -2,7 +2,7 @@
 
 This is an advanced example of how to deploy traefik-forward-auth in it's own pod. This example is a good starting point for those who already have traefik deployed (e.g. using helm).
 
-This example uses [Individual Authentication](https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md#individual-ingress-authentication-in-kubernetes) to selectively apply forward authentication to each individual ingresses, for example:
+This example uses [Selective Authentication](https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md#selective-ingress-authentication-in-kubernetes) to selectively apply forward authentication to each selective ingresses, for example:
 
 ```
 apiVersion: traefik.containo.us/v1alpha1

examples/traefik-v2/kubernetes/advanced-separate-pod/traefik-forward-auth/ingress.yaml

@@ -16,5 +16,7 @@ spec:
     services:
     - name: traefik-forward-auth
       port: 4181
+    middlewares:
+      - name: traefik-forward-auth
   tls:
     certresolver: default

examples/traefik-v2/kubernetes/advanced-separate-pod/whoami/ingress.yaml

@@ -16,4 +16,4 @@ spec:
     middlewares:
       - name: traefik-forward-auth
   tls:
-    certresolver: default
+    certresolver: default

examples/traefik-v2/kubernetes/advanced-single-pod/whoami/ingress.yaml

@@ -14,4 +14,4 @@ spec:
     - name: whoami
       port: 80
   tls:
-    certresolver: default
+    certresolver: default

examples/traefik-v2/kubernetes/simple-separate-pod/README.md

@@ -3,7 +3,7 @@
 
 This is a simple example of how to deploy traefik-forward-auth in it's own pod with minimal configuration. This example is a good starting point for those who already have traefik deployed (e.g. using helm).
 
-This example uses [Individual Authentication](https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md#individual-ingress-authentication-in-kubernetes) to apply forward authentication to selected ingresses. This means ingresses will not be protected by default. Authentication can be applied by adding the `traefik-forward-auth` middleware, for example:
+This example uses [Selective Authentication](https://github.com/thomseddon/traefik-forward-auth/blob/master/README.md#selective-ingress-authentication-in-kubernetes) to apply forward authentication to selected ingresses. This means ingresses will not be protected by default. Authentication can be applied by adding the `traefik-forward-auth` middleware, for example:
 
 ```
 apiVersion: traefik.containo.us/v1alpha1

examples/traefik-v2/kubernetes/simple-separate-pod/k8s-app.yml

@@ -57,4 +57,4 @@ spec:
       - name: whoami
         port: 80
     middlewares:
-      - name: traefik-forward-auth
+      - name: traefik-forward-auth

examples/traefik-v2/swarm/docker-compose.yml

@@ -14,7 +14,7 @@ services:
     image: containous/whoami
     labels:
       - "traefik.http.routers.whoami.rule=Host(`whoami.localhost.com`)"
-      # This example uses "Individual Authentication"
+      # This example uses "Selective Authentication"
       - "traefik.http.routers.whoami.middlewares=traefik-forward-auth"
 
   traefik-forward-auth: