update

dmz/authentik/templates/cert.yaml

@@ -1,67 +1,67 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: authentik-outpost-tls
-spec:
-  issuerRef:
-    name: letsencrypt-production
-    kind: ClusterIssuer
-  secretName: authentik-outpost-tls
-  commonName: "authentik.durp.info"
-  dnsNames:
-    - "authentik.durp.info"
-
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: authentik-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: infra-cluster
-          port: 443
-  #    - match: Host(`authentik.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
-  #      kind: Rule
-  #      services:
-  #        - name: ak-outpost-dmz-embedded-outpost
-  #          port: 9000
-  tls:
-    secretName: authentik-outpost-tls
-
----
-kind: Service
-apiVersion: v1
-metadata:
-  name: authentik-external-dns
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
-spec:
-  type: ExternalName
-  externalName: durp.info
-
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: infra-cluster
-subsets:
-  - addresses:
-      - ip: 192.168.12.130
-    ports:
-      - port: 443
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: infra-cluster
-spec:
-  ports:
-    - protocol: TCP
-      port: 443
-      targetPort: 443
+#apiVersion: cert-manager.io/v1
+#kind: Certificate
+#metadata:
+#  name: authentik-outpost-tls
+#spec:
+#  issuerRef:
+#    name: letsencrypt-production
+#    kind: ClusterIssuer
+#  secretName: authentik-outpost-tls
+#  commonName: "authentik.durp.info"
+#  dnsNames:
+#    - "authentik.durp.info"
+#
+#---
+#apiVersion: traefik.io/v1alpha1
+#kind: IngressRoute
+#metadata:
+#  name: authentik-ingress
+#spec:
+#  entryPoints:
+#    - websecure
+#  routes:
+#    - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
+#      kind: Rule
+#      services:
+#        - name: infra-cluster
+#          port: 443
+#  #    - match: Host(`authentik.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+#  #      kind: Rule
+#  #      services:
+#  #        - name: ak-outpost-dmz-embedded-outpost
+#  #          port: 9000
+#  tls:
+#    secretName: authentik-outpost-tls
+#
+#---
+#kind: Service
+#apiVersion: v1
+#metadata:
+#  name: authentik-external-dns
+#  annotations:
+#    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
+#spec:
+#  type: ExternalName
+#  externalName: durp.info
+#
+#---
+#apiVersion: v1
+#kind: Endpoints
+#metadata:
+#  name: infra-cluster
+#subsets:
+#  - addresses:
+#      - ip: 192.168.12.130
+#    ports:
+#      - port: 443
+#
+#---
+#apiVersion: v1
+#kind: Service
+#metadata:
+#  name: infra-cluster
+#spec:
+#  ports:
+#    - protocol: TCP
+#      port: 443
+#      targetPort: 443

dmz/traefik/templates/middleware.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: traefik
 spec:
   forwardAuth:
-    address: https://authentik.durp.info/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
+    address: http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
     trustForwardHeader: true
     authResponseHeaders:
       - X-authentik-username

infra/argocd/templates/authentik.yaml

@@ -23,25 +23,23 @@ spec:
       - CreateNamespace=true
 
 ---
-#
-#apiVersion: argoproj.io/v1alpha1
-#kind: Application
-#metadata:
-#  name: authentik-dmz
-#  namespace: argocd
-#spec:
-#  project: default
-#  source:
-#    repoURL: https://gitlab.com/developerdurp/homelab.git
-#    targetRevision: main
-#    path: dmz/authentik
-#  destination:
-#    namespace: authentik
-#    name: dmz
-#  syncPolicy:
-#    automated:
-#      prune: true
-#      selfHeal: true
-#    syncOptions:
-#      - CreateNamespace=true
-#
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: authentik-dmz
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: dmz/authentik
+  destination:
+    namespace: authentik
+    name: dmz
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true