feat(authentik): tls cert

Signed-off-by: JJGadgets <git@jjgadgets.tech>

kube/3-deploy/2-apps/authentik/app/hr.yaml

@@ -22,6 +22,8 @@ spec:
       tag: 2023.4.1
       digest: "sha256:96c9f29247a270524056aff59f1bcb7118ef51d14b334b67ab2b75e8df30e829"
       pullPolicy: IfNotPresent
+    service:
+      port: 9000
     ingress:
       enabled: true
       ingressClassName: "nginx"
@@ -36,6 +38,7 @@ spec:
       tls:
         - hosts:
             - *host
+          secretName: authentik-tls
     authentik:
       log_level: debug
       secret_key: "${SECRET_AUTHENTIK_SECRET_KEY}"

kube/3-deploy/2-apps/authentik/app/tls.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: &app authentik
+  namespace: *app
+spec:
+  secretName: authentik-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  privateKey:
+    algorithm: ECDSA
+    size: 384
+  commonName: ${DNS_MAIN}
+  dnsNames:
+    - ${DNS_MAIN}
+    - '*.${DNS_MAIN}'
+    - '*.tinfoil.${DNS_MAIN}'