Update docu for 2.9.1 (louketo#393)

README.md

@@ -21,7 +21,7 @@ Please remember to provide a good summary, description as well as steps to repro
 
 To run Gatekeeper, you can build it using `static` target in Makefile (`make static`) or you can use the Docker image by running:
 
-    docker run -it --rm quay.io/gogatekeeper/gatekeeper:2.9.0 \
+    docker run -it --rm quay.io/gogatekeeper/gatekeeper:2.9.1 \
       --listen 127.0.0.1:8080 \
       --upstream-url http://127.0.0.1:80 \
       --discovery-url https://keycloak.example.com/realms/<REALM_NAME> \
@@ -36,16 +36,16 @@ Beside links to archives of binaries we provide also checksum file containing ch
 for archives. You can download file gatekeeper-checksum.txt, it contains sha512 checksums e.g.:
 
 ```
-324b34ece86b6214f835ba9fd79e185864a9005f514458796c22c053de63f428235d2d2a04864065a49c090ad81d2daeb45546544fdd9531a8dea1a43145b8f0  gatekeeper_2.9.0_windows_amd64.zip
-38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.9.0_linux_amd64.tar.gz
-f5322e41b3d78017191246bdd54f99e9b3dd8d5ff9d224e7e81b678a952c1d5aae125ea4c251928969b0a0ea0dc59724308c918993c8227f384f61896f58cbd0  gatekeeper_2.9.0_macOS_amd64.tar.gz
+324b34ece86b6214f835ba9fd79e185864a9005f514458796c22c053de63f428235d2d2a04864065a49c090ad81d2daeb45546544fdd9531a8dea1a43145b8f0  gatekeeper_2.9.1_windows_amd64.zip
+38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.9.1_linux_amd64.tar.gz
+f5322e41b3d78017191246bdd54f99e9b3dd8d5ff9d224e7e81b678a952c1d5aae125ea4c251928969b0a0ea0dc59724308c918993c8227f384f61896f58cbd0  gatekeeper_2.9.1_macOS_amd64.tar.gz
 ```
 
 After you download archive of binary you can calculate it's checksum by using e.g. sha512sum Linux utility:
 
 ```
-sha512sum /my/path/gatekeeper_2.9.0_linux_amd64.tar.gz
-38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.9.0_linux_amd64.tar.g
+sha512sum /my/path/gatekeeper_2.9.1_linux_amd64.tar.gz
+38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.9.1_linux_amd64.tar.g
 ```
 
 As you can see output of command is checksum, you can compare it with the one in gatekeeper-checksum.txt.

docs/content/userguide/_index.md

@@ -405,7 +405,7 @@ in Keycloak, providing granular role controls over issue tokens.
 
 ``` yaml
 - name: gatekeeper
-  image: quay.io/gogatekeeper/gatekeeper:2.9.0
+  image: quay.io/gogatekeeper/gatekeeper:2.9.1
   args:
   - --enable-forwarding=true
   - --forwarding-username=projecta
@@ -432,7 +432,7 @@ Example setup client credentials grant:
 
 ``` yaml
 - name: gatekeeper
-  image: quay.io/gogatekeeper/gatekeeper:2.9.0
+  image: quay.io/gogatekeeper/gatekeeper:2.9.1
   args:
   - --enable-forwarding=true
   - --forwarding-domains=projecta.svc.cluster.local
@@ -745,6 +745,10 @@ traefik forward-auth configuration when you WANT to redirect user to authenticat
 server by gatekeeper (useful for e.g. frontend application authentication). Please be
 aware that in this mode you need to forward headers X-Forwarded-Host, X-Forwarded-Uri, X-Forwarded-Proto, from
 front proxy to gatekeeper. You can find more complete example [here](https://github.com/gogatekeeper/gatekeeper/blob/master/e2e/k8s/manifest_test_forwardauth.yml). 
+
+*NOTE*: Please very important is to forward `prefix` (means all paths with prefix) ```/oauth```
+directly to gatekeeper service as you can see in manifest, otherwise you will see redirect loop.
+
 *IMPORTANT*: Please ensure that you are receiving headers only from trusted proxy
 and gatekeeper is not exposed directly to internet, otherwise attacker might misuse this!
 

e2e/k8s/manifest_test_forwardauth.yml

@@ -2626,7 +2626,7 @@ spec:
             - -c
             - "while true;do sleep 10;done"
         - name: proxy
-          image: quay.io/gogatekeeper/gatekeeper:2.9.0
+          image: quay.io/gogatekeeper/gatekeeper:2.9.1
           imagePullPolicy: Never
           args:
             - --client-id=test-client

kube/reverse.yml

@@ -21,7 +21,7 @@ spec:
           secretName: tls
       containers:
         - name: proxy
-          image: quay.io/gogatekeeper/gatekeeper:2.9.0
+          image: quay.io/gogatekeeper/gatekeeper:2.9.1
           imagePullPolicy: Always
           args:
             - --client-id=broker