From 4cf257afab393dfb4148cbbca365697d068edff8 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Tue, 18 Jul 2023 03:21:21 +0800
Subject: [PATCH] fix(netpols): authentik outposts to ingress-nginx

---
 kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml b/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
index fd8f7198..98e3d558 100644
--- a/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
+++ b/kube/deploy/core/ingress/ingress-nginx/app/netpol.yaml
@@ -40,7 +40,6 @@ spec:
               protocol: TCP
             - port: "443"
               protocol: UDP
-
     # allow traffic from external-proxy-x
     - fromEndpoints:
         - matchLabels:
@@ -67,6 +66,14 @@ spec:
             - key: egress.home.arpa/ingress-nginx
               operator: In
               values: ["allow"]
+    # allow authentik-managed components to connect to main authentik server
+    - fromEndpoints:
+        - matchExpressions:
+            - key: io.kubernetes.pod.namespace
+              operator: Exists
+            - key: app.kubernetes.io/managed-by
+              operator: In
+              values: ["goauthentik.io"]
   egress:
     # allow access to kube-apiserver to get Ingress/etc resources and push updates
     - toEntities: