remove authentik

Signed-off-by: Michael Thomson <michael@michaelthomson.dev>

actual/ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: actual
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

authentik/clusterrolebinding-oidc-group-admin-kube-apiserver.yaml

@@ -1,12 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: oidc-group-admin-kube-apiserver
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cluster-admin 
-subjects:
-- kind: Group
-  name: admin-kube-apiserver 
-  apiGroup: rbac.authorization.k8s.io

authentik/dns-endpoint-authentik.yaml

@@ -1,15 +0,0 @@
-apiVersion: externaldns.k8s.io/v1alpha1
-kind: DNSEndpoint
-metadata:
-  name: authentik.michaelthomson.dev
-  namespace: authentik
-spec:
-  endpoints:
-  - dnsName: authentik.michaelthomson.dev
-    recordTTL: 180
-    recordType: CNAME
-    targets:
-      - michaelthomson.ddns.net
-    providerSpecific:
-      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
-        value: "true"

authentik/helmrelease-authentik.yaml

@@ -1,327 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
-kind: HelmRelease
-metadata:
-  name: authentik
-  namespace: authentik
-spec:
-  chart:
-    spec:
-      chart: authentik
-      version: 2023.10.7
-      sourceRef:
-        kind: HelmRepository
-        name: authentik
-        namespace: flux-system
-  interval: 15m
-  timeout: 5m
-  releaseName: authentik
-  values:
-    # -- Server replicas
-    replicas: 1
-    # -- Custom priority class for different treatment by the scheduler
-    priorityClassName:
-    # -- server securityContext
-    securityContext: {}
-    # -- server containerSecurityContext
-    containerSecurityContext: {}
-    # -- server deployment strategy
-    strategy:
-      type: RollingUpdate
-      rollingUpdate:
-       maxSurge: 1
-       maxUnavailable: 1
-
-    worker:
-      # -- worker replicas
-      replicas: 1
-      # -- Custom priority class for different treatment by the scheduler
-      priorityClassName:
-      # -- worker securityContext
-      securityContext: {}
-      # -- worker containerSecurityContext
-      containerSecurityContext: {}
-      # -- worker strategy
-      strategy:
-        type: RollingUpdate
-        rollingUpdate:
-         maxSurge: 1
-         maxUnavailable: 1
-
-    image:
-      repository: ghcr.io/goauthentik/server
-      tag: 2023.10.7
-      # -- optional container image digest
-      digest: ""
-      pullPolicy: IfNotPresent
-      pullSecrets: []
-
-    # -- Specify any initContainers here as dictionary items. Each initContainer should have its own key. The dictionary item key will determine the order. Helm templates can be used
-    initContainers: {}
-
-    # -- Specify any additional containers here as dictionary items. Each additional container should have its own key. Helm templates can be used.
-    additionalContainers: {}
-
-    ingress:
-      enabled: true
-      ingressClassName: "traefik"
-      annotations:
-        traefik.ingress.kubernetes.io/router.tls: "true"
-        traefik.ingress.kubernetes.io/router.entrypoints: websecure
-        # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
-      labels: {}
-      hosts:
-        - host: authentik.michaelthomson.dev
-          paths:
-            - path: "/"
-              pathType: Prefix
-      tls:
-        - secretName: letsencrypt-wildcard-cert-michaelthomson.dev
-          hosts:
-            - authentik.michaelthomson.dev
-
-    # -- Annotations to add to the server and worker deployments
-    annotations: {}
-
-    # -- Annotations to add to the server and worker pods
-    podAnnotations: {}
-
-    authentik:
-      # -- Log level for server and worker
-      log_level: debug
-      # -- Secret key used for cookie singing and unique user IDs,
-      # don't change this after the first install
-      # secret_key: "${AUTHENTIK_SECRET_KEY}"
-      # -- Path for the geoip database. If the file doesn't exist, GeoIP features are disabled.
-      geoip: /geoip/GeoLite2-City.mmdb
-      email:
-        # -- SMTP Server emails are sent from, fully optional
-        host: ""
-        port: 587
-        # -- SMTP credentials, when left empty, not authentication will be done
-        username: ""
-        # -- SMTP credentials, when left empty, not authentication will be done
-        password: ""
-        # -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
-        use_tls: false
-        # -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
-        use_ssl: false
-        # -- Connection timeout
-        timeout: 30
-        # -- Email from address, can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"
-        from: ""
-      outposts:
-        # -- Template used for managed outposts. The following placeholders can be used
-        # %(type)s - the type of the outpost
-        # %(version)s - version of your authentik install
-        # %(build_hash)s - only for beta versions, the build hash of the image
-        container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s
-      error_reporting:
-        # -- This sends anonymous usage-data, stack traces on errors and
-        # performance data to sentry.beryju.org, and is fully opt-in
-        enabled: false
-        # -- This is a string that is sent to sentry with your error reports
-        environment: "k8s"
-        # -- Send PII (Personally identifiable information) data to sentry
-        send_pii: false
-      postgresql:
-        # -- set the postgresql hostname to talk to
-        # if unset and .Values.postgresql.enabled == true, will generate the default
-        # @default -- `{{ .Release.Name }}-postgresql`
-        host: "{{ .Release.Name }}-postgresql"
-        # -- postgresql Database name
-        # @default -- `authentik`
-        name: "authentik"
-        # -- postgresql Username
-        # @default -- `authentik`
-        user: "authentik"
-        # password: "${AUTHENTIK_POSTGRESQL__PASSWORD}"
-        port: 5432
-      redis:
-        # -- set the redis hostname to talk to
-        # @default -- `{{ .Release.Name }}-redis-master`
-        host: "{{ .Release.Name }}-redis-master"
-        password: ""
-
-    # -- List of config maps to mount blueprints from. Only keys in the
-    # configmap ending with ".yaml" wil be discovered and applied
-    blueprints: []
-
-    # -- see configuration options at https://goauthentik.io/docs/installation/configuration/
-    env: {}
-
-    envFrom: []
-    #  - configMapRef:
-    #      name: special-config
-
-    envValueFrom:
-      AUTHENTIK_SECRET_KEY:
-        secretKeyRef:
-          name: authentik-secret-key
-          key: secret-key
-      AUTHENTIK_BOOTSTRAP_PASSWORD:
-        secretKeyRef:
-          name: authentik-bootstrap-password
-          key: bootstrap-password
-      POSTGRES_PASSWORD:
-        secretKeyRef:
-          name: authentik-postgresql-password
-          key: postgresql-password
-      AUTHENTIK_POSTGRESQL__PASSWORD:
-        secretKeyRef:
-          name: authentik-postgresql-password
-          key: postgresql-password
-
-    service:
-      # -- Service that is created to access authentik
-      enabled: true
-      type: ClusterIP
-      port: 80
-      name: http
-      protocol: TCP
-      labels: {}
-      annotations: {}
-
-    volumes: []
-
-    volumeMounts: []
-
-    # -- affinity applied to the deployments
-    affinity: {}
-
-    #  -- tolerations applied to the deployments
-    tolerations: []
-
-    # -- nodeSelector applied to the deployments
-    nodeSelector: {}
-
-    resources:
-      server: {}
-      worker: {}
-
-    autoscaling:
-      server:
-        # -- Create a HPA for the server deployment
-        enabled: false
-        minReplicas: 1
-        maxReplicas: 5
-        targetCPUUtilizationPercentage: 50
-      worker:
-        # -- Create a HPA for the worker deployment
-        enabled: false
-        minReplicas: 1
-        maxReplicas: 5
-        targetCPUUtilizationPercentage: 80
-
-    pdb:
-      server:
-        # -- Deploy a PodDistrubtionBudget for the server
-        enabled: false
-        # -- Labels to be added to the server pdb
-        labels: {}
-        # -- Annotations to be added to the server pdb
-        annotations: {}
-        # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
-        # @default -- `""` (defaults to 0 if not specified)
-        minAvailable: ""
-        # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%)
-        ## Has higher precedence over `pdb.server.minAvailable`
-        maxUnavailable: ""
-      worker:
-        # -- Deploy a PodDistrubtionBudget for the worker
-        enabled: false
-        # -- Labels to be added to the worker pdb
-        labels: {}
-        # -- Annotations to be added to the worker pdb
-        annotations: {}
-        # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
-        # @default -- `""` (defaults to 0 if not specified)
-        minAvailable: ""
-        # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%)
-        ## Has higher precedence over `pdb.worker.minAvailable`
-        maxUnavailable: ""
-
-    livenessProbe:
-      # -- enables or disables the livenessProbe
-      enabled: true
-      httpGet:
-        # -- liveness probe url path
-        path: /-/health/live/
-        port: http
-      initialDelaySeconds: 5
-      periodSeconds: 10
-
-    startupProbe:
-      # -- enables or disables the livenessProbe
-      enabled: true
-      httpGet:
-        # -- liveness probe url path
-        path: /-/health/live/
-        port: http
-      failureThreshold: 60
-      periodSeconds: 5
-
-    readinessProbe:
-      enabled: true
-      httpGet:
-        path: /-/health/ready/
-        port: http
-      periodSeconds: 10
-
-    serviceAccount:
-      # -- Service account is needed for managed outposts
-      create: true
-      annotations: {}
-      serviceAccountSecret:
-        # -- As we use the authentik-remote-cluster chart as subchart, and that chart
-        # creates a service account secret by default which we don't need here, disable its creation
-        enabled: false
-      fullnameOverride: authentik
-      nameOverride: authentik
-
-    prometheus:
-      serviceMonitor:
-        create: false
-        interval: 30s
-        scrapeTimeout: 3s
-        # -- labels additional on ServiceMonitor
-        labels: {}
-      rules:
-        create: false
-        # -- labels additional on PrometheusRule
-        labels: {}
-
-    geoip:
-      # -- optional GeoIP, deploys a cronjob to download the maxmind database
-      enabled: false
-      # -- sign up under https://www.maxmind.com/en/geolite2/signup
-      accountId: ""
-      # -- sign up under https://www.maxmind.com/en/geolite2/signup
-      licenseKey: ""
-      editionIds: "GeoLite2-City"
-      image: maxmindinc/geoipupdate:v4.8
-      # -- number of hours between update runs
-      updateInterval: 8
-      # -- server containerSecurityContext
-      containerSecurityContext: {}
-    postgresql:
-      # -- enable the bundled bitnami postgresql chart
-      enabled: true
-      postgresqlMaxConnections: 500
-      postgresqlUsername: "authentik"
-      postgresqlPassword: "2cX69Cf2QKkjugvuUaues7TupEd74s"
-      postgresqlDatabase: "authentik"
-      persistence:
-        enabled: true
-        storageClass: longhorn
-      #   accessModes:
-      #     - ReadWriteOnce
-      image:
-        tag: 15.4.0-debian-11-r0
-    redis:
-      # -- enable the bundled bitnami redis chart
-      enabled: true
-      architecture: standalone
-      auth:
-        enabled: false
-      image:
-        tag: 6.2.10-debian-11-r13

authentik/sealedsecret-authentik-bootstrap-password.yaml

@@ -1,21 +0,0 @@
-{
-  "kind": "SealedSecret",
-  "apiVersion": "bitnami.com/v1alpha1",
-  "metadata": {
-    "name": "authentik-bootstrap-password",
-    "namespace": "authentik",
-    "creationTimestamp": null
-  },
-  "spec": {
-    "template": {
-      "metadata": {
-        "name": "authentik-bootstrap-password",
-        "namespace": "authentik",
-        "creationTimestamp": null
-      }
-    },
-    "encryptedData": {
-      "bootstrap-password": "AgA9pO4QxCh6T+B1zfEt6CArLi8hlu6Fu1Usrwl3xzJS3K4DI7gvQ8mjgDRZUv+5pbtbdU0RuLT3MFLp2iFIFYs71YL0Pv9Sq1sbE8v1iZIJ2lA2BPSKGm6FrkJYNwQbpq9CXupZn4StZUmvkqBZ9K+H9t98bp04Uv3WbuZVC3aRUFgVv6bDKdIKL9MVY5yJrBbkdfCiBh/zocfWSKEe80/inqYH4VMgYJxHqETkQPtUrfbotwmmtp7+9ZXvgCQz0NmO9XF75XbCZLb2vieqcJV0UG92DI1SbcuZ6rdRH/B/TAcByf3dMQGlD/VNNA19qwpkIjWwmsilg9cjiRpW1rGNBDVfU9SwZkhVPrIbb6cHa8lhZcIXs22VV8QZ9pbQZnvjSW0QXqpIHm+YRC/qyn+XkYB1FMvTK61UN66yPiOIM/wBrUBNxbFN6LHXRCqQo3U4W8fEOMlbsmCU0gtXmrb361B83DfDkFxo3y7I6j9voHqhVLhW8awfSZ8pJcYBFRyG7HE9m+vdfYKHopb+s+9hDp0U0nYK8SlBXtb+Jbb/NKnJA2zu389dVh5bjnjM/J5pv6bo9Nsfm6GuomFTTXgoxwI5CE11730RmfuzeNoC2qtZ6pWcIQhD4O+VxzZikwh/wd04Y2nNRbRYBkcItWWB+uQvHd/IYX8HQPQV9gNAF/eXEOLpJa4ka9u05kx8/uygcuoXUa45nCz7MpP02gKOTx9kQyyDmvmi38Z3MD0="
-    }
-  }
-}

authentik/sealedsecret-authentik-postgresql-password.yaml

@@ -1,21 +0,0 @@
-{
-  "kind": "SealedSecret",
-  "apiVersion": "bitnami.com/v1alpha1",
-  "metadata": {
-    "name": "authentik-postgresql-password",
-    "namespace": "authentik",
-    "creationTimestamp": null
-  },
-  "spec": {
-    "template": {
-      "metadata": {
-        "name": "authentik-postgresql-password",
-        "namespace": "authentik",
-        "creationTimestamp": null
-      }
-    },
-    "encryptedData": {
-      "postgresql-password": "AgAu6ZcMSYcquAY1vI46E7HBfcC5UgnpUinBSZx6zUtCT/1ExxuMQd70vgFhoBiFDP83pzn1e7VvCq4uxp1bnRjYZYx+VjTvnmuk1w9rEiyzFSFpQaKLkH1PDrzIIMr1R/MKWyWIiOnyWagHL4Rw+S/+rub4vfvY0BvZF4zQIwfkZGTXdFn7jl+Uu0zRYhTSv4hNserK70dgiJAfdexqA2p4Gb3Ml1JNqvntbJmwSF6D4BpLw8CzilhNQPwHbamoZk+PrZ43qCjBrHehaxBg10nNyYuvJKDPB872tjyXeRKtTj8xqC/kXj30CK9XOf+mG7BtE2frmorz7ee4FeoYMx03XlriTedGs8lLLarD7iSXgGz35H+61iLcLOKZQDTcUez/RjT4JdZvEZEpNCb6pwzTafwcfo0Z8Wm/Q0vps07xrntG0oLqF8YtjYlWGBnTdOvdHBaP5f0wzdWOhQLOoPyHY5qy3vAnR50gTHEj4cekQ6g1Ghhu3m288mWDxQviUYH33qm26Gijin2jRTRr6TCE/JVrDkDAHHsEjAdB72W4PPIP7keaLh/auCQ0QwvHIq+4cEq67ZLiYnfhoOjq0PYGFGBuQF9DYabktIDXoBS9SVnd7pPqMQkOZ4FQfkajjjtdfH/WYzJDrxkFxfS8Rx1oD3hErk5IZvYoLiOXueH/nCaW3TD98trDZdyQNiRM0yU8H36o0oT5ta7JrLRSVBZcvI1KUj+r90jMm18H3nM="
-    }
-  }
-}

authentik/sealedsecret-authentik-secret-key.yaml

@@ -1,21 +0,0 @@
-{
-  "kind": "SealedSecret",
-  "apiVersion": "bitnami.com/v1alpha1",
-  "metadata": {
-    "name": "authentik-secret-key",
-    "namespace": "authentik",
-    "creationTimestamp": null
-  },
-  "spec": {
-    "template": {
-      "metadata": {
-        "name": "authentik-secret-key",
-        "namespace": "authentik",
-        "creationTimestamp": null
-      }
-    },
-    "encryptedData": {
-      "secret-key": "AgDZN7Hy3vnFapuJ/rqt3r2zEA3ctb/LZqDkGDd+2YnvT8ChWnAbQ4xMXcE1/3VoKD4GuCGpJ7Q0hfQSpDz701v+HoBcKo4oUxuowh4M3IfEixQhjVKHMuTIVnSgO3asFhap8Z1XcrzLc7HPA4AMtUuB7rJcQC11v2QFoyYVPVvvqFYpyQTD0zBZ43nm3SI891flRC6vdgpfNfHn8xaLWxyKaQkflrsGbnOolekZsO0N/2XFVsOtUqpRjjwlclr0CcTGW6EyFlzYK9q/94Yj0Ss0oS68zhjfZM9EPnXl7xDlKXyI33tCpGLtgrqecXwRfKsOU8sKoadeGNgDyTxRAPrr0QomsCu9Uflla7Os+EJ2SmSxDf/6tBsx8Zni9kQ7uuXpUPcD29CqakeTxKu4p77UlCWw9fgdeRmXCiXcYk0FvO1nmpLJRcUGWOrg8VkgSPumaURzyxuegmN2bm/HnJwrLEe5/DQPxSoJgepdc64Np6IRLv6yAvF5+Z4DMwSL4/lZ/4sfE6ZYwYZ8DkO3RJ8sWQ926Ka+tiMDV4xKAYISxlShp0K3bys7r4T8P4u1t89maLr4urjynWHREiIh6ICx5so0eOIXEB9gA89q97ZXG3blbF7IFg45nB2dpfctPkZBqMvSUdZGqAVkp1peRzd0+zpBgKbjeYkwAHEqWfNLRfW8wW9wICDORTLyJ6M+mq+mX3DhKfHe2FQI7x7eHmjoHz7I55/pp+QK05a1B/U="
-    }
-  }
-}

baikal/baikal-ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: baikal
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

bootstrap/helmrepositories/helmrepository-authentik.yaml

@@ -1,8 +0,0 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name: authentik
-  namespace: flux-system
-spec:
-  interval: 15m
-  url: https://charts.goauthentik.io/

bootstrap/kustomizations/kustomization-authentik.yaml

@@ -1,20 +0,0 @@
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: authentik
-  namespace: flux-system
-spec:
-  interval: 30m
-  path: ./authentik
-  dependsOn:
-  - name: "sealed-secrets"
-  prune: true # remove any elements later removed from the above path
-  timeout: 2m # if not set, this defaults to interval duration, which is 1h
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  healthChecks:
-    - apiVersion: apps/v1
-      kind: Deployment
-      name: authentik-server
-      namespace: authentik

bootstrap/namespaces/namespace-authentik.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: authentik

heimdall/ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: heimdall
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

immich/helmrelease-immich.yaml

@@ -36,7 +36,6 @@ spec:
           enabled: true
           annotations:
             traefik.ingress.kubernetes.io/router.entrypoints: websecure
-            # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
             traefik.ingress.kubernetes.io/router.tls: "true"
           hosts:
             - host: immich.michaelthomson.dev

media/jellyfin/ingress.yaml

@@ -6,7 +6,6 @@ metadata:
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
     traefik.ingress.kubernetes.io/router.tls: "true"
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
 spec:
   rules:
   - host: jellyfin.michaelthomson.dev

media/jellyseerr/ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: media
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

media/prowlarr/ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: media
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

media/qbittorrent/ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: media
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

media/radarr/ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: media
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

media/readarr/ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: media
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

media/sonarr/ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: media
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

roundcube/roundcubenginx-ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: roundcube
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
   labels:
     service: roundcubenginx

soft-serve/soft-serve-ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: soft-serve
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

traefik/helmrelease-traefik.yaml

@@ -20,8 +20,6 @@ spec:
       dashboard:
         matchRule: Host(`server.michaelthomson.dev`)
         entryPoints: ["websecure"]
-        middlewares:
-          - name: authentik
         tls:
           secretName: letsencrypt-wildcard-cert-michaelthomson.dev
           domains:

traefik/middleware-traefik-forward-auth.yaml

@@ -1,24 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: authentik
-  namespace: traefik
-spec:
-    forwardAuth:
-        address: "http://authentik.authentik/outpost.goauthentik.io/auth/traefik"
-        trustForwardHeader: true
-        authResponseHeaders:
-            - Authorization
-            - X-authentik-username
-            - X-authentik-groups
-            - X-authentik-email
-            - X-authentik-name
-            - X-authentik-uid
-            - X-authentik-jwt
-            - X-authentik-meta-jwks
-            - X-authentik-meta-outpost
-            - X-authentik-meta-provider
-            - X-authentik-meta-app
-            - X-authentik-meta-version
-        tls:
-          certSecret: letsencrypt-wildcard-cert-michaelthomson.dev

wg-easy/ingress.yaml

@@ -5,7 +5,6 @@ metadata:
   namespace: wg-easy
   annotations:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
     traefik.ingress.kubernetes.io/router.tls: "true"
 spec:
   rules:

woodpecker/helmrelease-woodpecker.yaml

@@ -63,7 +63,6 @@ spec:
         # -- Add annotations to the ingress
         annotations:
           traefik.ingress.kubernetes.io/router.entrypoints: websecure
-          # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
           traefik.ingress.kubernetes.io/router.tls: "true"
 
         # -- Defines which ingress controller will implement the resource