diff --git a/actual/ingress.yaml b/actual/ingress.yaml index 7a1a8d7..f1274f7 100644 --- a/actual/ingress.yaml +++ b/actual/ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: actual annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/authentik/clusterrolebinding-oidc-group-admin-kube-apiserver.yaml b/authentik/clusterrolebinding-oidc-group-admin-kube-apiserver.yaml deleted file mode 100644 index 51f2322..0000000 --- a/authentik/clusterrolebinding-oidc-group-admin-kube-apiserver.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: oidc-group-admin-kube-apiserver -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: Group - name: admin-kube-apiserver - apiGroup: rbac.authorization.k8s.io diff --git a/authentik/dns-endpoint-authentik.yaml b/authentik/dns-endpoint-authentik.yaml deleted file mode 100644 index 4b2f79f..0000000 --- a/authentik/dns-endpoint-authentik.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: authentik.michaelthomson.dev - namespace: authentik -spec: - endpoints: - - dnsName: authentik.michaelthomson.dev - recordTTL: 180 - recordType: CNAME - targets: - - michaelthomson.ddns.net - providerSpecific: - - name: external-dns.alpha.kubernetes.io/cloudflare-proxied - value: "true" diff --git a/authentik/helmrelease-authentik.yaml b/authentik/helmrelease-authentik.yaml deleted file mode 100644 index cda8220..0000000 --- a/authentik/helmrelease-authentik.yaml +++ /dev/null @@ -1,327 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: authentik - namespace: authentik -spec: - chart: - spec: - chart: authentik - version: 2023.10.7 - sourceRef: - kind: HelmRepository - name: authentik - namespace: flux-system - interval: 15m - timeout: 5m - releaseName: authentik - values: - # -- Server replicas - replicas: 1 - # -- Custom priority class for different treatment by the scheduler - priorityClassName: - # -- server securityContext - securityContext: {} - # -- server containerSecurityContext - containerSecurityContext: {} - # -- server deployment strategy - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - - worker: - # -- worker replicas - replicas: 1 - # -- Custom priority class for different treatment by the scheduler - priorityClassName: - # -- worker securityContext - securityContext: {} - # -- worker containerSecurityContext - containerSecurityContext: {} - # -- worker strategy - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - - image: - repository: ghcr.io/goauthentik/server - tag: 2023.10.7 - # -- optional container image digest - digest: "" - pullPolicy: IfNotPresent - pullSecrets: [] - - # -- Specify any initContainers here as dictionary items. Each initContainer should have its own key. The dictionary item key will determine the order. Helm templates can be used - initContainers: {} - - # -- Specify any additional containers here as dictionary items. Each additional container should have its own key. Helm templates can be used. - additionalContainers: {} - - ingress: - enabled: true - ingressClassName: "traefik" - annotations: - traefik.ingress.kubernetes.io/router.tls: "true" - traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd - labels: {} - hosts: - - host: authentik.michaelthomson.dev - paths: - - path: "/" - pathType: Prefix - tls: - - secretName: letsencrypt-wildcard-cert-michaelthomson.dev - hosts: - - authentik.michaelthomson.dev - - # -- Annotations to add to the server and worker deployments - annotations: {} - - # -- Annotations to add to the server and worker pods - podAnnotations: {} - - authentik: - # -- Log level for server and worker - log_level: debug - # -- Secret key used for cookie singing and unique user IDs, - # don't change this after the first install - # secret_key: "${AUTHENTIK_SECRET_KEY}" - # -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled. - geoip: /geoip/GeoLite2-City.mmdb - email: - # -- SMTP Server emails are sent from, fully optional - host: "" - port: 587 - # -- SMTP credentials, when left empty, not authentication will be done - username: "" - # -- SMTP credentials, when left empty, not authentication will be done - password: "" - # -- Enable either use_tls or use_ssl, they can't be enabled at the same time. - use_tls: false - # -- Enable either use_tls or use_ssl, they can't be enabled at the same time. - use_ssl: false - # -- Connection timeout - timeout: 30 - # -- Email from address, can either be in the format "foo@bar.baz" or "authentik " - from: "" - outposts: - # -- Template used for managed outposts. The following placeholders can be used - # %(type)s - the type of the outpost - # %(version)s - version of your authentik install - # %(build_hash)s - only for beta versions, the build hash of the image - container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s - error_reporting: - # -- This sends anonymous usage-data, stack traces on errors and - # performance data to sentry.beryju.org, and is fully opt-in - enabled: false - # -- This is a string that is sent to sentry with your error reports - environment: "k8s" - # -- Send PII (Personally identifiable information) data to sentry - send_pii: false - postgresql: - # -- set the postgresql hostname to talk to - # if unset and .Values.postgresql.enabled == true, will generate the default - # @default -- `{{ .Release.Name }}-postgresql` - host: "{{ .Release.Name }}-postgresql" - # -- postgresql Database name - # @default -- `authentik` - name: "authentik" - # -- postgresql Username - # @default -- `authentik` - user: "authentik" - # password: "${AUTHENTIK_POSTGRESQL__PASSWORD}" - port: 5432 - redis: - # -- set the redis hostname to talk to - # @default -- `{{ .Release.Name }}-redis-master` - host: "{{ .Release.Name }}-redis-master" - password: "" - - # -- List of config maps to mount blueprints from. Only keys in the - # configmap ending with ".yaml" wil be discovered and applied - blueprints: [] - - # -- see configuration options at https://goauthentik.io/docs/installation/configuration/ - env: {} - - envFrom: [] - # - configMapRef: - # name: special-config - - envValueFrom: - AUTHENTIK_SECRET_KEY: - secretKeyRef: - name: authentik-secret-key - key: secret-key - AUTHENTIK_BOOTSTRAP_PASSWORD: - secretKeyRef: - name: authentik-bootstrap-password - key: bootstrap-password - POSTGRES_PASSWORD: - secretKeyRef: - name: authentik-postgresql-password - key: postgresql-password - AUTHENTIK_POSTGRESQL__PASSWORD: - secretKeyRef: - name: authentik-postgresql-password - key: postgresql-password - - service: - # -- Service that is created to access authentik - enabled: true - type: ClusterIP - port: 80 - name: http - protocol: TCP - labels: {} - annotations: {} - - volumes: [] - - volumeMounts: [] - - # -- affinity applied to the deployments - affinity: {} - - # -- tolerations applied to the deployments - tolerations: [] - - # -- nodeSelector applied to the deployments - nodeSelector: {} - - resources: - server: {} - worker: {} - - autoscaling: - server: - # -- Create a HPA for the server deployment - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 50 - worker: - # -- Create a HPA for the worker deployment - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - - pdb: - server: - # -- Deploy a PodDistrubtionBudget for the server - enabled: false - # -- Labels to be added to the server pdb - labels: {} - # -- Annotations to be added to the server pdb - annotations: {} - # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) - # @default -- `""` (defaults to 0 if not specified) - minAvailable: "" - # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%) - ## Has higher precedence over `pdb.server.minAvailable` - maxUnavailable: "" - worker: - # -- Deploy a PodDistrubtionBudget for the worker - enabled: false - # -- Labels to be added to the worker pdb - labels: {} - # -- Annotations to be added to the worker pdb - annotations: {} - # -- Number of pods that are available after eviction as number or percentage (eg.: 50%) - # @default -- `""` (defaults to 0 if not specified) - minAvailable: "" - # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%) - ## Has higher precedence over `pdb.worker.minAvailable` - maxUnavailable: "" - - livenessProbe: - # -- enables or disables the livenessProbe - enabled: true - httpGet: - # -- liveness probe url path - path: /-/health/live/ - port: http - initialDelaySeconds: 5 - periodSeconds: 10 - - startupProbe: - # -- enables or disables the livenessProbe - enabled: true - httpGet: - # -- liveness probe url path - path: /-/health/live/ - port: http - failureThreshold: 60 - periodSeconds: 5 - - readinessProbe: - enabled: true - httpGet: - path: /-/health/ready/ - port: http - periodSeconds: 10 - - serviceAccount: - # -- Service account is needed for managed outposts - create: true - annotations: {} - serviceAccountSecret: - # -- As we use the authentik-remote-cluster chart as subchart, and that chart - # creates a service account secret by default which we don't need here, disable its creation - enabled: false - fullnameOverride: authentik - nameOverride: authentik - - prometheus: - serviceMonitor: - create: false - interval: 30s - scrapeTimeout: 3s - # -- labels additional on ServiceMonitor - labels: {} - rules: - create: false - # -- labels additional on PrometheusRule - labels: {} - - geoip: - # -- optional GeoIP, deploys a cronjob to download the maxmind database - enabled: false - # -- sign up under https://www.maxmind.com/en/geolite2/signup - accountId: "" - # -- sign up under https://www.maxmind.com/en/geolite2/signup - licenseKey: "" - editionIds: "GeoLite2-City" - image: maxmindinc/geoipupdate:v4.8 - # -- number of hours between update runs - updateInterval: 8 - # -- server containerSecurityContext - containerSecurityContext: {} - postgresql: - # -- enable the bundled bitnami postgresql chart - enabled: true - postgresqlMaxConnections: 500 - postgresqlUsername: "authentik" - postgresqlPassword: "2cX69Cf2QKkjugvuUaues7TupEd74s" - postgresqlDatabase: "authentik" - persistence: - enabled: true - storageClass: longhorn - # accessModes: - # - ReadWriteOnce - image: - tag: 15.4.0-debian-11-r0 - redis: - # -- enable the bundled bitnami redis chart - enabled: true - architecture: standalone - auth: - enabled: false - image: - tag: 6.2.10-debian-11-r13 diff --git a/authentik/sealedsecret-authentik-bootstrap-password.yaml b/authentik/sealedsecret-authentik-bootstrap-password.yaml deleted file mode 100644 index a8c97eb..0000000 --- a/authentik/sealedsecret-authentik-bootstrap-password.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{ - "kind": "SealedSecret", - "apiVersion": "bitnami.com/v1alpha1", - "metadata": { - "name": "authentik-bootstrap-password", - "namespace": "authentik", - "creationTimestamp": null - }, - "spec": { - "template": { - "metadata": { - "name": "authentik-bootstrap-password", - "namespace": "authentik", - "creationTimestamp": null - } - }, - "encryptedData": { - "bootstrap-password": "AgA9pO4QxCh6T+B1zfEt6CArLi8hlu6Fu1Usrwl3xzJS3K4DI7gvQ8mjgDRZUv+5pbtbdU0RuLT3MFLp2iFIFYs71YL0Pv9Sq1sbE8v1iZIJ2lA2BPSKGm6FrkJYNwQbpq9CXupZn4StZUmvkqBZ9K+H9t98bp04Uv3WbuZVC3aRUFgVv6bDKdIKL9MVY5yJrBbkdfCiBh/zocfWSKEe80/inqYH4VMgYJxHqETkQPtUrfbotwmmtp7+9ZXvgCQz0NmO9XF75XbCZLb2vieqcJV0UG92DI1SbcuZ6rdRH/B/TAcByf3dMQGlD/VNNA19qwpkIjWwmsilg9cjiRpW1rGNBDVfU9SwZkhVPrIbb6cHa8lhZcIXs22VV8QZ9pbQZnvjSW0QXqpIHm+YRC/qyn+XkYB1FMvTK61UN66yPiOIM/wBrUBNxbFN6LHXRCqQo3U4W8fEOMlbsmCU0gtXmrb361B83DfDkFxo3y7I6j9voHqhVLhW8awfSZ8pJcYBFRyG7HE9m+vdfYKHopb+s+9hDp0U0nYK8SlBXtb+Jbb/NKnJA2zu389dVh5bjnjM/J5pv6bo9Nsfm6GuomFTTXgoxwI5CE11730RmfuzeNoC2qtZ6pWcIQhD4O+VxzZikwh/wd04Y2nNRbRYBkcItWWB+uQvHd/IYX8HQPQV9gNAF/eXEOLpJa4ka9u05kx8/uygcuoXUa45nCz7MpP02gKOTx9kQyyDmvmi38Z3MD0=" - } - } -} diff --git a/authentik/sealedsecret-authentik-postgresql-password.yaml b/authentik/sealedsecret-authentik-postgresql-password.yaml deleted file mode 100644 index be6cf3b..0000000 --- a/authentik/sealedsecret-authentik-postgresql-password.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{ - "kind": "SealedSecret", - "apiVersion": "bitnami.com/v1alpha1", - "metadata": { - "name": "authentik-postgresql-password", - "namespace": "authentik", - "creationTimestamp": null - }, - "spec": { - "template": { - "metadata": { - "name": "authentik-postgresql-password", - "namespace": "authentik", - "creationTimestamp": null - } - }, - "encryptedData": { - "postgresql-password": "AgAu6ZcMSYcquAY1vI46E7HBfcC5UgnpUinBSZx6zUtCT/1ExxuMQd70vgFhoBiFDP83pzn1e7VvCq4uxp1bnRjYZYx+VjTvnmuk1w9rEiyzFSFpQaKLkH1PDrzIIMr1R/MKWyWIiOnyWagHL4Rw+S/+rub4vfvY0BvZF4zQIwfkZGTXdFn7jl+Uu0zRYhTSv4hNserK70dgiJAfdexqA2p4Gb3Ml1JNqvntbJmwSF6D4BpLw8CzilhNQPwHbamoZk+PrZ43qCjBrHehaxBg10nNyYuvJKDPB872tjyXeRKtTj8xqC/kXj30CK9XOf+mG7BtE2frmorz7ee4FeoYMx03XlriTedGs8lLLarD7iSXgGz35H+61iLcLOKZQDTcUez/RjT4JdZvEZEpNCb6pwzTafwcfo0Z8Wm/Q0vps07xrntG0oLqF8YtjYlWGBnTdOvdHBaP5f0wzdWOhQLOoPyHY5qy3vAnR50gTHEj4cekQ6g1Ghhu3m288mWDxQviUYH33qm26Gijin2jRTRr6TCE/JVrDkDAHHsEjAdB72W4PPIP7keaLh/auCQ0QwvHIq+4cEq67ZLiYnfhoOjq0PYGFGBuQF9DYabktIDXoBS9SVnd7pPqMQkOZ4FQfkajjjtdfH/WYzJDrxkFxfS8Rx1oD3hErk5IZvYoLiOXueH/nCaW3TD98trDZdyQNiRM0yU8H36o0oT5ta7JrLRSVBZcvI1KUj+r90jMm18H3nM=" - } - } -} diff --git a/authentik/sealedsecret-authentik-secret-key.yaml b/authentik/sealedsecret-authentik-secret-key.yaml deleted file mode 100644 index 6226966..0000000 --- a/authentik/sealedsecret-authentik-secret-key.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{ - "kind": "SealedSecret", - "apiVersion": "bitnami.com/v1alpha1", - "metadata": { - "name": "authentik-secret-key", - "namespace": "authentik", - "creationTimestamp": null - }, - "spec": { - "template": { - "metadata": { - "name": "authentik-secret-key", - "namespace": "authentik", - "creationTimestamp": null - } - }, - "encryptedData": { - "secret-key": "AgDZN7Hy3vnFapuJ/rqt3r2zEA3ctb/LZqDkGDd+2YnvT8ChWnAbQ4xMXcE1/3VoKD4GuCGpJ7Q0hfQSpDz701v+HoBcKo4oUxuowh4M3IfEixQhjVKHMuTIVnSgO3asFhap8Z1XcrzLc7HPA4AMtUuB7rJcQC11v2QFoyYVPVvvqFYpyQTD0zBZ43nm3SI891flRC6vdgpfNfHn8xaLWxyKaQkflrsGbnOolekZsO0N/2XFVsOtUqpRjjwlclr0CcTGW6EyFlzYK9q/94Yj0Ss0oS68zhjfZM9EPnXl7xDlKXyI33tCpGLtgrqecXwRfKsOU8sKoadeGNgDyTxRAPrr0QomsCu9Uflla7Os+EJ2SmSxDf/6tBsx8Zni9kQ7uuXpUPcD29CqakeTxKu4p77UlCWw9fgdeRmXCiXcYk0FvO1nmpLJRcUGWOrg8VkgSPumaURzyxuegmN2bm/HnJwrLEe5/DQPxSoJgepdc64Np6IRLv6yAvF5+Z4DMwSL4/lZ/4sfE6ZYwYZ8DkO3RJ8sWQ926Ka+tiMDV4xKAYISxlShp0K3bys7r4T8P4u1t89maLr4urjynWHREiIh6ICx5so0eOIXEB9gA89q97ZXG3blbF7IFg45nB2dpfctPkZBqMvSUdZGqAVkp1peRzd0+zpBgKbjeYkwAHEqWfNLRfW8wW9wICDORTLyJ6M+mq+mX3DhKfHe2FQI7x7eHmjoHz7I55/pp+QK05a1B/U=" - } - } -} diff --git a/baikal/baikal-ingress.yaml b/baikal/baikal-ingress.yaml index 1e31269..488f175 100644 --- a/baikal/baikal-ingress.yaml +++ b/baikal/baikal-ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: baikal annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/bootstrap/helmrepositories/helmrepository-authentik.yaml b/bootstrap/helmrepositories/helmrepository-authentik.yaml deleted file mode 100644 index c0708a2..0000000 --- a/bootstrap/helmrepositories/helmrepository-authentik.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - name: authentik - namespace: flux-system -spec: - interval: 15m - url: https://charts.goauthentik.io/ diff --git a/bootstrap/kustomizations/kustomization-authentik.yaml b/bootstrap/kustomizations/kustomization-authentik.yaml deleted file mode 100644 index e6eb087..0000000 --- a/bootstrap/kustomizations/kustomization-authentik.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: authentik - namespace: flux-system -spec: - interval: 30m - path: ./authentik - dependsOn: - - name: "sealed-secrets" - prune: true # remove any elements later removed from the above path - timeout: 2m # if not set, this defaults to interval duration, which is 1h - sourceRef: - kind: GitRepository - name: flux-system - healthChecks: - - apiVersion: apps/v1 - kind: Deployment - name: authentik-server - namespace: authentik diff --git a/bootstrap/namespaces/namespace-authentik.yaml b/bootstrap/namespaces/namespace-authentik.yaml deleted file mode 100644 index bb24d8d..0000000 --- a/bootstrap/namespaces/namespace-authentik.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: authentik diff --git a/heimdall/ingress.yaml b/heimdall/ingress.yaml index 1abf76b..89319b8 100644 --- a/heimdall/ingress.yaml +++ b/heimdall/ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: heimdall annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/immich/helmrelease-immich.yaml b/immich/helmrelease-immich.yaml index 1888214..878e5ce 100644 --- a/immich/helmrelease-immich.yaml +++ b/immich/helmrelease-immich.yaml @@ -36,7 +36,6 @@ spec: enabled: true annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" hosts: - host: immich.michaelthomson.dev diff --git a/media/jellyfin/ingress.yaml b/media/jellyfin/ingress.yaml index a7c0d35..387767f 100644 --- a/media/jellyfin/ingress.yaml +++ b/media/jellyfin/ingress.yaml @@ -6,7 +6,6 @@ metadata: annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd spec: rules: - host: jellyfin.michaelthomson.dev diff --git a/media/jellyseerr/ingress.yaml b/media/jellyseerr/ingress.yaml index 04a40cc..9971617 100644 --- a/media/jellyseerr/ingress.yaml +++ b/media/jellyseerr/ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: media annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/media/prowlarr/ingress.yaml b/media/prowlarr/ingress.yaml index 2a4cc96..19d517d 100644 --- a/media/prowlarr/ingress.yaml +++ b/media/prowlarr/ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: media annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/media/qbittorrent/ingress.yaml b/media/qbittorrent/ingress.yaml index f122d75..c835015 100644 --- a/media/qbittorrent/ingress.yaml +++ b/media/qbittorrent/ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: media annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/media/radarr/ingress.yaml b/media/radarr/ingress.yaml index b094beb..9a455ba 100644 --- a/media/radarr/ingress.yaml +++ b/media/radarr/ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: media annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/media/readarr/ingress.yaml b/media/readarr/ingress.yaml index 5b2c3b2..7f2e298 100644 --- a/media/readarr/ingress.yaml +++ b/media/readarr/ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: media annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/media/sonarr/ingress.yaml b/media/sonarr/ingress.yaml index 6e2ee85..e6f2a5d 100644 --- a/media/sonarr/ingress.yaml +++ b/media/sonarr/ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: media annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/roundcube/roundcubenginx-ingress.yaml b/roundcube/roundcubenginx-ingress.yaml index e170791..7569a0c 100644 --- a/roundcube/roundcubenginx-ingress.yaml +++ b/roundcube/roundcubenginx-ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: roundcube annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" labels: service: roundcubenginx diff --git a/soft-serve/soft-serve-ingress.yaml b/soft-serve/soft-serve-ingress.yaml index b88462e..39c8e56 100644 --- a/soft-serve/soft-serve-ingress.yaml +++ b/soft-serve/soft-serve-ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: soft-serve annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/traefik/helmrelease-traefik.yaml b/traefik/helmrelease-traefik.yaml index e7b4c48..0e19122 100644 --- a/traefik/helmrelease-traefik.yaml +++ b/traefik/helmrelease-traefik.yaml @@ -20,8 +20,6 @@ spec: dashboard: matchRule: Host(`server.michaelthomson.dev`) entryPoints: ["websecure"] - middlewares: - - name: authentik tls: secretName: letsencrypt-wildcard-cert-michaelthomson.dev domains: diff --git a/traefik/middleware-traefik-forward-auth.yaml b/traefik/middleware-traefik-forward-auth.yaml deleted file mode 100644 index 2b65716..0000000 --- a/traefik/middleware-traefik-forward-auth.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: authentik - namespace: traefik -spec: - forwardAuth: - address: "http://authentik.authentik/outpost.goauthentik.io/auth/traefik" - trustForwardHeader: true - authResponseHeaders: - - Authorization - - X-authentik-username - - X-authentik-groups - - X-authentik-email - - X-authentik-name - - X-authentik-uid - - X-authentik-jwt - - X-authentik-meta-jwks - - X-authentik-meta-outpost - - X-authentik-meta-provider - - X-authentik-meta-app - - X-authentik-meta-version - tls: - certSecret: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/wg-easy/ingress.yaml b/wg-easy/ingress.yaml index 827120b..0aed506 100644 --- a/wg-easy/ingress.yaml +++ b/wg-easy/ingress.yaml @@ -5,7 +5,6 @@ metadata: namespace: wg-easy annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" spec: rules: diff --git a/woodpecker/helmrelease-woodpecker.yaml b/woodpecker/helmrelease-woodpecker.yaml index 6deb9ed..d396290 100644 --- a/woodpecker/helmrelease-woodpecker.yaml +++ b/woodpecker/helmrelease-woodpecker.yaml @@ -63,7 +63,6 @@ spec: # -- Add annotations to the ingress annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" # -- Defines which ingress controller will implement the resource