From 57c35f3455152397d148e16aec12d8e9a57da9b2 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Wed, 11 Dec 2024 07:18:38 +0800
Subject: [PATCH] feat(authentik): allow router to access LDAP

---
 kube/deploy/apps/authentik/app/netpol.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kube/deploy/apps/authentik/app/netpol.yaml b/kube/deploy/apps/authentik/app/netpol.yaml
index 305cf1bc..d240a3a7 100644
--- a/kube/deploy/apps/authentik/app/netpol.yaml
+++ b/kube/deploy/apps/authentik/app/netpol.yaml
@@ -90,9 +90,12 @@ spec:
           matchExpressions:
             - key: io.kubernetes.pod.namespace
               operator: Exists
-      toPorts:
+      toPorts: &port
         - ports:
             - port: "6636"
+    - fromCIDRSet:
+        - cidr: "${IP_ROUTER_VLAN_K8S}/32"
+      toPorts: *port
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumclusterwidenetworkpolicy_v2.json
 apiVersion: cilium.io/v2