scottk/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-03-21 06:39:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(flux): switch forward-auth patches to domain-level

Browse Source 
Signed-off-by: JJGadgets <git@jjgadgets.tech>
This commit is contained in:
JJGadgets
2023-04-21 09:11:17 +08:00
parent f764e49398
commit 2e2876fb62
2 changed files with 13 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
kube/1-clusters/Biohazard/2-config/2-flux-repo.yaml
View File

@@ -232,30 +232,19 @@ spec:
nginx.ingress.kubernetes.io/whitelist-source-range: |
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/10
nginx.ingress.kubernetes.io/auth-url: |-
https://${APP_DNS_AUTH}/outpost.goauthentik.io/auth/nginx
http://authentik-outpost-remote.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
# If you're using domain-level auth, use the authentication URL instead of the application URL
nginx.ingress.kubernetes.io/auth-signin: |-
https://${APP_DNS_AUTHENTIK_OUTPOST}//outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
target:
group: helm.toolkit.fluxcd.io
version: v2beta1
kind: HelmRelease
labelSelector: nginx.ingress.home.arpa/type=auth-external-only
- patch: |
- op: add
path: /spec/values/ingress/main/hosts/0/paths/-
value:
path: /outpost.goauthentik.io
pathType: Prefix
service:
name: authentik
port: 443
target:
group: helm.toolkit.fluxcd.io
version: v2beta1
kind: HelmRelease
labelSelector: nginx.ingress.home.arpa/type=auth-external-only
labelSelector: ingress.home.arpa/type=auth-external-only
target:
group: kustomize.toolkit.fluxcd.io
version: v1beta2

23
kube/1-clusters/Biohazard/2-config/kustomization.yaml
View File

@@ -200,25 +200,14 @@ patches:
nginx.ingress.kubernetes.io/whitelist-source-range: |
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/10
nginx.ingress.kubernetes.io/auth-url: |-
https://${APP_DNS_AUTH}/outpost.goauthentik.io/auth/nginx
http://authentik-outpost-remote.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
# If you're using domain-level auth, use the authentication URL instead of the application URL
nginx.ingress.kubernetes.io/auth-signin: |-
https://${APP_DNS_AUTHENTIK_OUTPOST}//outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
target:
group: helm.toolkit.fluxcd.io
version: v2beta1
kind: HelmRelease
labelSelector: ingress.home.arpa/type=auth-external-only
- patch: |
- op: add
path: /spec/values/ingress/main/hosts/0/paths/-
value:
path: /outpost.goauthentik.io
pathType: Prefix
service:
name: authentik
port: 443
proxy_set_header X-Forwarded-Host $http_host;
target:
group: helm.toolkit.fluxcd.io
version: v2beta1