[Helm] Put x-ditto-pre-authenticated and X-Forwarded-User to ingress.api.annotations

[mladBlum]

I would suggest to add

proxy_set_header X-Forwarded-User $remote_user;
proxy_set_header x-ditto-pre-authenticated "nginx:$remote_user";

directly in the default values.yaml at ingress.api.annotations.

Currently they are configured within the ingress.controller. I think the majority of the Kubernetes clusters out there have already set up a working nginx ingress controller for multiple different applications. If an additional application will be installed its normally a straight forward process of editing the values.yaml and make some minor configurations at the ingress section. But with ditto it is currently not as straight forward as it could be because you have to figure out that these two headers have to be added.

I am not a full-time Kubernetes admin and it is possible that I make incorrect assumptions, please correct me if that is the case.

[thjaeckle]

Sure, we can do that.

The nginx based authentication is simple and easy and was originally intended for local development and demo setups, I honestly did never see it being used in real productive scenarios. But maybe I have higher security requirements than others.

Remember: the "s" in "IoT" stands for security 😉

So please provide a PR if that helps you using the Helm chart. 👍