How is urn link working ? #171

rltbg · 2025-06-26T10:33:45Z

rltbg
Jun 26, 2025

Hello,

I am encountering an issue while implementing the plugin on my Kubernetes cluster, which includes multiple namespaces. Since Traefik is deployed in its own namespace, it cannot access secrets located in other namespaces. When I deploy my applications in a specific namespace, I declare the middleware with the plugin secret using the syntax recommended in the getting started guide, urn:k8s:secret:oidc-secret:pluginSecret to reference the plugin secret. Despite this configuration, the middleware works correctly and OIDC authentication is performed without any issues.
I am therefore wondering how URN links work in this context, because in theory, Traefik should not be able to load a secret located in a different namespace unless the secret is actually being loaded from the application's own namespace. This raises the question of whether, when I declare the middleware with a URN such as urn:k8s:secret:oidc-secret:pluginSecret, the secret is indeed retrieved from the current namespace of the application, or if there is a specific mechanism that allows Traefik to access it despite namespace isolation.

sevensolutions · 2025-06-26T20:21:34Z

sevensolutions
Jun 26, 2025
Maintainer

Hi @rltbg
The plugin itself does nothing special here about handling Kubernetes secrets. So the replcement of the urn key by the actual secret must be handled in Kubermetes or by traefik itself.
Unfortunately i have almost no experience with Kubernetes so i hope maybe someone else from the community can support here 🙏

1 reply

rltbg Jun 28, 2025
Author

After doing a lot of research online, it seems that Kubernetes is responsible for resolving the secret. However, I still don’t understand how you support a URN link, since Kubernetes doesn’t natively support this feature and Traefik only offers it in their enterprise versions and if it is actually Traefik that handles the resolution of the URN link, that would contradict what I have found so far in my research. But I've also tested by removing secret access from Traefik, and it still functions correctly despite that. I'm a bit lost...

cdanis · 2025-06-26T20:26:20Z

cdanis
Jun 26, 2025

I should be able to provide some help tomorrow

…

Message ID: <sevensolutions/traefik-oidc-auth/repo-discussions/171/comments/13590010@ github.com>

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

How is urn link working ? #171

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

How is urn link working ? #171

Uh oh!

Uh oh!

rltbg Jun 26, 2025

Replies: 2 comments · 1 reply

Uh oh!

Uh oh!

sevensolutions Jun 26, 2025 Maintainer

Uh oh!

Uh oh!

rltbg Jun 28, 2025 Author

Uh oh!

cdanis Jun 26, 2025

rltbg
Jun 26, 2025

Replies: 2 comments 1 reply

sevensolutions
Jun 26, 2025
Maintainer

rltbg Jun 28, 2025
Author

cdanis
Jun 26, 2025