update

dmz/authentik/templates/cert.yaml

@@ -1,67 +1,67 @@
-apiVersion: cert-manager.io/v1
+#apiVersion: cert-manager.io/v1
-kind: Certificate
+#kind: Certificate
-metadata:
+#metadata:
-  name: authentik-outpost-tls
+#  name: authentik-outpost-tls
-spec:
+#spec:
-  issuerRef:
+#  issuerRef:
-    name: letsencrypt-production
+#    name: letsencrypt-production
-    kind: ClusterIssuer
+#    kind: ClusterIssuer
-  secretName: authentik-outpost-tls
+#  secretName: authentik-outpost-tls
-  commonName: "authentik.durp.info"
+#  commonName: "authentik.durp.info"
-  dnsNames:
+#  dnsNames:
-    - "authentik.durp.info"
+#    - "authentik.durp.info"
-
+#
----
+#---
-apiVersion: traefik.io/v1alpha1
+#apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
+#kind: IngressRoute
-metadata:
+#metadata:
-  name: authentik-ingress
+#  name: authentik-ingress
-spec:
+#spec:
-  entryPoints:
+#  entryPoints:
-    - websecure
+#    - websecure
-  routes:
+#  routes:
-    - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
+#    - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
-      kind: Rule
-      services:
-        - name: infra-cluster
-          port: 443
-  #    - match: Host(`authentik.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
 #      kind: Rule
 #      services:
-  #        - name: ak-outpost-dmz-embedded-outpost
+#        - name: infra-cluster
-  #          port: 9000
+#          port: 443
-  tls:
+#  #    - match: Host(`authentik.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
-    secretName: authentik-outpost-tls
+#  #      kind: Rule
-
+#  #      services:
----
+#  #        - name: ak-outpost-dmz-embedded-outpost
-kind: Service
+#  #          port: 9000
-apiVersion: v1
+#  tls:
-metadata:
+#    secretName: authentik-outpost-tls
-  name: authentik-external-dns
+#
-  annotations:
+#---
-    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
+#kind: Service
-spec:
+#apiVersion: v1
-  type: ExternalName
+#metadata:
-  externalName: durp.info
+#  name: authentik-external-dns
-
+#  annotations:
----
+#    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
-apiVersion: v1
+#spec:
-kind: Endpoints
+#  type: ExternalName
-metadata:
+#  externalName: durp.info
-  name: infra-cluster
+#
-subsets:
+#---
-  - addresses:
+#apiVersion: v1
-      - ip: 192.168.12.130
+#kind: Endpoints
-    ports:
+#metadata:
-      - port: 443
+#  name: infra-cluster
-
+#subsets:
----
+#  - addresses:
-apiVersion: v1
+#      - ip: 192.168.12.130
-kind: Service
+#    ports:
-metadata:
+#      - port: 443
-  name: infra-cluster
+#
-spec:
+#---
-  ports:
+#apiVersion: v1
-    - protocol: TCP
+#kind: Service
-      port: 443
+#metadata:
-      targetPort: 443
+#  name: infra-cluster
+#spec:
+#  ports:
+#    - protocol: TCP
+#      port: 443
+#      targetPort: 443

dmz/traefik/templates/middleware.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: traefik
 spec:
   forwardAuth:
-    address: https://authentik.durp.info/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
+    address: http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
     trustForwardHeader: true
     authResponseHeaders:
       - X-authentik-username

infra/argocd/templates/authentik.yaml

@@ -23,25 +23,23 @@ spec:
       - CreateNamespace=true
 
 ---
-#
+apiVersion: argoproj.io/v1alpha1
-#apiVersion: argoproj.io/v1alpha1
+kind: Application
-#kind: Application
+metadata:
-#metadata:
+  name: authentik-dmz
-#  name: authentik-dmz
+  namespace: argocd
-#  namespace: argocd
+spec:
-#spec:
+  project: default
-#  project: default
+  source:
-#  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
-#    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
-#    targetRevision: main
+    path: dmz/authentik
-#    path: dmz/authentik
+  destination:
-#  destination:
+    namespace: authentik
-#    namespace: authentik
+    name: dmz
-#    name: dmz
+  syncPolicy:
-#  syncPolicy:
+    automated:
-#    automated:
+      prune: true
-#      prune: true
+      selfHeal: true
-#      selfHeal: true
+    syncOptions:
-#    syncOptions:
+      - CreateNamespace=true
-#      - CreateNamespace=true
-#