update

2025-05-11 10:48:28 -05:00
parent 95be6528f2
commit cdd34130aa
3 changed files with 88 additions and 90 deletions
--- a/dmz/authentik/templates/cert.yaml
+++ b/dmz/authentik/templates/cert.yaml
@@ -1,67 +1,67 @@
-apiVersion: cert-manager.io/v1
+#apiVersion: cert-manager.io/v1
-kind: Certificate
+#kind: Certificate
-metadata:
+#metadata:
-  name: authentik-outpost-tls
+#  name: authentik-outpost-tls
-spec:
+#spec:
-  issuerRef:
+#  issuerRef:
-    name: letsencrypt-production
+#    name: letsencrypt-production
-    kind: ClusterIssuer
+#    kind: ClusterIssuer
-  secretName: authentik-outpost-tls
+#  secretName: authentik-outpost-tls
-  commonName: "authentik.durp.info"
+#  commonName: "authentik.durp.info"
-  dnsNames:
+#  dnsNames:
-    - "authentik.durp.info"
+#    - "authentik.durp.info"
-
+#
---
+#---
-apiVersion: traefik.io/v1alpha1
+#apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
+#kind: IngressRoute
-metadata:
+#metadata:
-  name: authentik-ingress
+#  name: authentik-ingress
-spec:
+#spec:
-  entryPoints:
+#  entryPoints:
-    - websecure
+#    - websecure
-  routes:
+#  routes:
-    - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
+#    - match: Host(`authentik.durp.info`) && PathPrefix(`/`)
-      kind: Rule
+#      kind: Rule
-      services:
+#      services:
-        - name: infra-cluster
+#        - name: infra-cluster
-          port: 443
+#          port: 443
-  #    - match: Host(`authentik.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+#  #    - match: Host(`authentik.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
-  #      kind: Rule
+#  #      kind: Rule
-  #      services:
+#  #      services:
-  #        - name: ak-outpost-dmz-embedded-outpost
+#  #        - name: ak-outpost-dmz-embedded-outpost
-  #          port: 9000
+#  #          port: 9000
-  tls:
+#  tls:
-    secretName: authentik-outpost-tls
+#    secretName: authentik-outpost-tls
-
+#
---
+#---
-kind: Service
+#kind: Service
-apiVersion: v1
+#apiVersion: v1
-metadata:
+#metadata:
-  name: authentik-external-dns
+#  name: authentik-external-dns
-  annotations:
+#  annotations:
-    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
+#    external-dns.alpha.kubernetes.io/hostname: authentik.durp.info
-spec:
+#spec:
-  type: ExternalName
+#  type: ExternalName
-  externalName: durp.info
+#  externalName: durp.info
-
+#
---
+#---
-apiVersion: v1
+#apiVersion: v1
-kind: Endpoints
+#kind: Endpoints
-metadata:
+#metadata:
-  name: infra-cluster
+#  name: infra-cluster
-subsets:
+#subsets:
-  - addresses:
+#  - addresses:
-      - ip: 192.168.12.130
+#      - ip: 192.168.12.130
-    ports:
+#    ports:
-      - port: 443
+#      - port: 443
-
+#
---
+#---
-apiVersion: v1
+#apiVersion: v1
-kind: Service
+#kind: Service
-metadata:
+#metadata:
-  name: infra-cluster
+#  name: infra-cluster
-spec:
+#spec:
-  ports:
+#  ports:
-    - protocol: TCP
+#    - protocol: TCP
-      port: 443
+#      port: 443
-      targetPort: 443
+#      targetPort: 443
--- a/dmz/traefik/templates/middleware.yaml
+++ b/dmz/traefik/templates/middleware.yaml
@@ -5,7 +5,7 @@ metadata:
  namespace: traefik
 spec:
  forwardAuth:
-    address: https://authentik.durp.info/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
+    address: http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
    trustForwardHeader: true
    authResponseHeaders:
      - X-authentik-username
--- a/infra/argocd/templates/authentik.yaml
+++ b/infra/argocd/templates/authentik.yaml
@@ -23,25 +23,23 @@ spec:
      - CreateNamespace=true
 ---
-#
+apiVersion: argoproj.io/v1alpha1
-#apiVersion: argoproj.io/v1alpha1
+kind: Application
-#kind: Application
+metadata:
-#metadata:
+  name: authentik-dmz
-#  name: authentik-dmz
+  namespace: argocd
-#  namespace: argocd
+spec:
-#spec:
+  project: default
-#  project: default
+  source:
-#  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
-#    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
-#    targetRevision: main
+    path: dmz/authentik
-#    path: dmz/authentik
+  destination:
-#  destination:
+    namespace: authentik
-#    namespace: authentik
+    name: dmz
-#    name: dmz
+  syncPolicy:
-#  syncPolicy:
+    automated:
-#    automated:
+      prune: true
-#      prune: true
+      selfHeal: true
-#      selfHeal: true
+    syncOptions:
-#    syncOptions:
+      - CreateNamespace=true
 #      - CreateNamespace=true
 #