From 93dbd69ea1fe6faa996b56f0b99efe4e0b0fc741 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Mon, 10 Nov 2025 10:30:20 +0800
Subject: [PATCH] fix(authentik): netpols for Plex source

---
 kube/deploy/apps/authentik/app/netpol.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kube/deploy/apps/authentik/app/netpol.yaml b/kube/deploy/apps/authentik/app/netpol.yaml
index f551dc83..ecba52b0 100644
--- a/kube/deploy/apps/authentik/app/netpol.yaml
+++ b/kube/deploy/apps/authentik/app/netpol.yaml
@@ -33,9 +33,10 @@ spec:
     - toEndpoints:
         - matchLabels:
             io.kubernetes.pod.namespace: *app
-    # allow Duo
+    # allow external auth services (Duo & Plex)
     - toFQDNs:
         - &duo { matchPattern: "api-*.duosecurity.com" }
+        - &plex { matchName: "plex.tv" }
       toPorts:
         - ports:
             - port: "443"
@@ -61,6 +62,7 @@ spec:
             dns:
               - *duo
               - *smtp
+              - *plex
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumclusterwidenetworkpolicy_v2.json
 apiVersion: cilium.io/v2