From 0a57435f43e7f2bb6ffc5caa004f78362346f6a4 Mon Sep 17 00:00:00 2001 From: gitea-bot Date: Wed, 25 Feb 2026 23:52:48 +0000 Subject: [PATCH] Automated Manifest Update (#4244) This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4244 Co-authored-by: gitea-bot Co-committed-by: gitea-bot --- ...-allow-outpost-cross-namespace-access.yaml | 21 +++++++++++++++ .../manifests/lidarr/HTTPRoute-lidarr.yaml | 17 ++++++++++++ .../lidarr/Middleware-oidc-forward-auth.yaml | 26 +++++++++++++++++++ .../radarr-4k/HTTPRoute-radarr-4k.yaml | 17 ++++++++++++ .../Middleware-oidc-forward-auth.yaml | 26 +++++++++++++++++++ .../radarr-anime/HTTPRoute-radarr-anime.yaml | 17 ++++++++++++ .../Middleware-oidc-forward-auth.yaml | 26 +++++++++++++++++++ .../HTTPRoute-radarr-standup.yaml | 17 ++++++++++++ .../Middleware-oidc-forward-auth.yaml | 26 +++++++++++++++++++ .../manifests/radarr/HTTPRoute-radarr.yaml | 17 ++++++++++++ .../radarr/Middleware-oidc-forward-auth.yaml | 26 +++++++++++++++++++ .../sonarr-anime/HTTPRoute-sonarr-anime.yaml | 17 ++++++++++++ .../Middleware-oidc-forward-auth.yaml | 26 +++++++++++++++++++ .../manifests/sonarr/HTTPRoute-sonarr.yaml | 17 ++++++++++++ .../sonarr/Middleware-oidc-forward-auth.yaml | 26 +++++++++++++++++++ 15 files changed, 322 insertions(+) create mode 100644 clusters/cl01tl/manifests/lidarr/Middleware-oidc-forward-auth.yaml create mode 100644 clusters/cl01tl/manifests/radarr-4k/Middleware-oidc-forward-auth.yaml create mode 100644 clusters/cl01tl/manifests/radarr-anime/Middleware-oidc-forward-auth.yaml create mode 100644 clusters/cl01tl/manifests/radarr-standup/Middleware-oidc-forward-auth.yaml create mode 100644 clusters/cl01tl/manifests/radarr/Middleware-oidc-forward-auth.yaml create mode 100644 clusters/cl01tl/manifests/sonarr-anime/Middleware-oidc-forward-auth.yaml create mode 100644 clusters/cl01tl/manifests/sonarr/Middleware-oidc-forward-auth.yaml diff --git a/clusters/cl01tl/manifests/authentik/ReferenceGrant-allow-outpost-cross-namespace-access.yaml b/clusters/cl01tl/manifests/authentik/ReferenceGrant-allow-outpost-cross-namespace-access.yaml index 3f9044c21..d394a4150 100644 --- a/clusters/cl01tl/manifests/authentik/ReferenceGrant-allow-outpost-cross-namespace-access.yaml +++ b/clusters/cl01tl/manifests/authentik/ReferenceGrant-allow-outpost-cross-namespace-access.yaml @@ -9,9 +9,30 @@ metadata: app.kubernetes.io/part-of: authentik spec: from: + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: lidarr + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: radarr + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: radarr-4k + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: radarr-anime + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: radarr-standup + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: sonarr - group: gateway.networking.k8s.io kind: HTTPRoute namespace: sonarr-4k + - group: gateway.networking.k8s.io + kind: HTTPRoute + namespace: sonarr-anime to: - group: "" kind: Service diff --git a/clusters/cl01tl/manifests/lidarr/HTTPRoute-lidarr.yaml b/clusters/cl01tl/manifests/lidarr/HTTPRoute-lidarr.yaml index c58c7092d..e88308a38 100644 --- a/clusters/cl01tl/manifests/lidarr/HTTPRoute-lidarr.yaml +++ b/clusters/cl01tl/manifests/lidarr/HTTPRoute-lidarr.yaml @@ -17,6 +17,17 @@ spec: hostnames: - "lidarr.alexlebens.net" rules: + - backendRefs: + - group: "" + kind: Service + name: ak-outpost-traefik-proxy-auth + namespace: authentik + port: 9000 + weight: 100 + matches: + - path: + type: PathPrefix + value: /outpost.goauthentik.io - backendRefs: - group: "" kind: Service @@ -28,3 +39,9 @@ spec: - path: type: PathPrefix value: / + filters: + - extensionRef: + group: traefik.io + kind: Middleware + name: oidc-forward-auth + type: ExtensionRef diff --git a/clusters/cl01tl/manifests/lidarr/Middleware-oidc-forward-auth.yaml b/clusters/cl01tl/manifests/lidarr/Middleware-oidc-forward-auth.yaml new file mode 100644 index 000000000..e2a77e191 --- /dev/null +++ b/clusters/cl01tl/manifests/lidarr/Middleware-oidc-forward-auth.yaml @@ -0,0 +1,26 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: oidc-forward-auth + namespace: lidarr + labels: + app.kubernetes.io/name: oidc-forward-auth + app.kubernetes.io/instance: lidarr + app.kubernetes.io/part-of: lidarr +spec: + forwardAuth: + address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/clusters/cl01tl/manifests/radarr-4k/HTTPRoute-radarr-4k.yaml b/clusters/cl01tl/manifests/radarr-4k/HTTPRoute-radarr-4k.yaml index b2584a1e4..7ff8d9820 100644 --- a/clusters/cl01tl/manifests/radarr-4k/HTTPRoute-radarr-4k.yaml +++ b/clusters/cl01tl/manifests/radarr-4k/HTTPRoute-radarr-4k.yaml @@ -17,6 +17,17 @@ spec: hostnames: - "radarr-4k.alexlebens.net" rules: + - backendRefs: + - group: "" + kind: Service + name: ak-outpost-traefik-proxy-auth + namespace: authentik + port: 9000 + weight: 100 + matches: + - path: + type: PathPrefix + value: /outpost.goauthentik.io - backendRefs: - group: "" kind: Service @@ -28,3 +39,9 @@ spec: - path: type: PathPrefix value: / + filters: + - extensionRef: + group: traefik.io + kind: Middleware + name: oidc-forward-auth + type: ExtensionRef diff --git a/clusters/cl01tl/manifests/radarr-4k/Middleware-oidc-forward-auth.yaml b/clusters/cl01tl/manifests/radarr-4k/Middleware-oidc-forward-auth.yaml new file mode 100644 index 000000000..3b8f3d594 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-4k/Middleware-oidc-forward-auth.yaml @@ -0,0 +1,26 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: oidc-forward-auth + namespace: radarr-4k + labels: + app.kubernetes.io/name: oidc-forward-auth + app.kubernetes.io/instance: radarr-4k + app.kubernetes.io/part-of: radarr-4k +spec: + forwardAuth: + address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/clusters/cl01tl/manifests/radarr-anime/HTTPRoute-radarr-anime.yaml b/clusters/cl01tl/manifests/radarr-anime/HTTPRoute-radarr-anime.yaml index 3a841aa1d..3d98099ef 100644 --- a/clusters/cl01tl/manifests/radarr-anime/HTTPRoute-radarr-anime.yaml +++ b/clusters/cl01tl/manifests/radarr-anime/HTTPRoute-radarr-anime.yaml @@ -17,6 +17,17 @@ spec: hostnames: - "radarr-anime.alexlebens.net" rules: + - backendRefs: + - group: "" + kind: Service + name: ak-outpost-traefik-proxy-auth + namespace: authentik + port: 9000 + weight: 100 + matches: + - path: + type: PathPrefix + value: /outpost.goauthentik.io - backendRefs: - group: "" kind: Service @@ -28,3 +39,9 @@ spec: - path: type: PathPrefix value: / + filters: + - extensionRef: + group: traefik.io + kind: Middleware + name: oidc-forward-auth + type: ExtensionRef diff --git a/clusters/cl01tl/manifests/radarr-anime/Middleware-oidc-forward-auth.yaml b/clusters/cl01tl/manifests/radarr-anime/Middleware-oidc-forward-auth.yaml new file mode 100644 index 000000000..984461317 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-anime/Middleware-oidc-forward-auth.yaml @@ -0,0 +1,26 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: oidc-forward-auth + namespace: radarr-anime + labels: + app.kubernetes.io/name: oidc-forward-auth + app.kubernetes.io/instance: radarr-anime + app.kubernetes.io/part-of: radarr-anime +spec: + forwardAuth: + address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/clusters/cl01tl/manifests/radarr-standup/HTTPRoute-radarr-standup.yaml b/clusters/cl01tl/manifests/radarr-standup/HTTPRoute-radarr-standup.yaml index 8ce1313c1..0151b8f1b 100644 --- a/clusters/cl01tl/manifests/radarr-standup/HTTPRoute-radarr-standup.yaml +++ b/clusters/cl01tl/manifests/radarr-standup/HTTPRoute-radarr-standup.yaml @@ -17,6 +17,17 @@ spec: hostnames: - "radarr-standup.alexlebens.net" rules: + - backendRefs: + - group: "" + kind: Service + name: ak-outpost-traefik-proxy-auth + namespace: authentik + port: 9000 + weight: 100 + matches: + - path: + type: PathPrefix + value: /outpost.goauthentik.io - backendRefs: - group: "" kind: Service @@ -28,3 +39,9 @@ spec: - path: type: PathPrefix value: / + filters: + - extensionRef: + group: traefik.io + kind: Middleware + name: oidc-forward-auth + type: ExtensionRef diff --git a/clusters/cl01tl/manifests/radarr-standup/Middleware-oidc-forward-auth.yaml b/clusters/cl01tl/manifests/radarr-standup/Middleware-oidc-forward-auth.yaml new file mode 100644 index 000000000..c50544703 --- /dev/null +++ b/clusters/cl01tl/manifests/radarr-standup/Middleware-oidc-forward-auth.yaml @@ -0,0 +1,26 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: oidc-forward-auth + namespace: radarr-standup + labels: + app.kubernetes.io/name: oidc-forward-auth + app.kubernetes.io/instance: radarr-standup + app.kubernetes.io/part-of: radarr-standup +spec: + forwardAuth: + address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/clusters/cl01tl/manifests/radarr/HTTPRoute-radarr.yaml b/clusters/cl01tl/manifests/radarr/HTTPRoute-radarr.yaml index c35b94476..9a5116891 100644 --- a/clusters/cl01tl/manifests/radarr/HTTPRoute-radarr.yaml +++ b/clusters/cl01tl/manifests/radarr/HTTPRoute-radarr.yaml @@ -17,6 +17,17 @@ spec: hostnames: - "radarr.alexlebens.net" rules: + - backendRefs: + - group: "" + kind: Service + name: ak-outpost-traefik-proxy-auth + namespace: authentik + port: 9000 + weight: 100 + matches: + - path: + type: PathPrefix + value: /outpost.goauthentik.io - backendRefs: - group: "" kind: Service @@ -28,3 +39,9 @@ spec: - path: type: PathPrefix value: / + filters: + - extensionRef: + group: traefik.io + kind: Middleware + name: oidc-forward-auth + type: ExtensionRef diff --git a/clusters/cl01tl/manifests/radarr/Middleware-oidc-forward-auth.yaml b/clusters/cl01tl/manifests/radarr/Middleware-oidc-forward-auth.yaml new file mode 100644 index 000000000..5888c373d --- /dev/null +++ b/clusters/cl01tl/manifests/radarr/Middleware-oidc-forward-auth.yaml @@ -0,0 +1,26 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: oidc-forward-auth + namespace: radarr + labels: + app.kubernetes.io/name: oidc-forward-auth + app.kubernetes.io/instance: radarr + app.kubernetes.io/part-of: radarr +spec: + forwardAuth: + address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/clusters/cl01tl/manifests/sonarr-anime/HTTPRoute-sonarr-anime.yaml b/clusters/cl01tl/manifests/sonarr-anime/HTTPRoute-sonarr-anime.yaml index 0b8a56183..1ac5724e4 100644 --- a/clusters/cl01tl/manifests/sonarr-anime/HTTPRoute-sonarr-anime.yaml +++ b/clusters/cl01tl/manifests/sonarr-anime/HTTPRoute-sonarr-anime.yaml @@ -17,6 +17,17 @@ spec: hostnames: - "sonarr-anime.alexlebens.net" rules: + - backendRefs: + - group: "" + kind: Service + name: ak-outpost-traefik-proxy-auth + namespace: authentik + port: 9000 + weight: 100 + matches: + - path: + type: PathPrefix + value: /outpost.goauthentik.io - backendRefs: - group: "" kind: Service @@ -28,3 +39,9 @@ spec: - path: type: PathPrefix value: / + filters: + - extensionRef: + group: traefik.io + kind: Middleware + name: oidc-forward-auth + type: ExtensionRef diff --git a/clusters/cl01tl/manifests/sonarr-anime/Middleware-oidc-forward-auth.yaml b/clusters/cl01tl/manifests/sonarr-anime/Middleware-oidc-forward-auth.yaml new file mode 100644 index 000000000..0aa164b03 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr-anime/Middleware-oidc-forward-auth.yaml @@ -0,0 +1,26 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: oidc-forward-auth + namespace: sonarr-anime + labels: + app.kubernetes.io/name: oidc-forward-auth + app.kubernetes.io/instance: sonarr-anime + app.kubernetes.io/part-of: sonarr-anime +spec: + forwardAuth: + address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/clusters/cl01tl/manifests/sonarr/HTTPRoute-sonarr.yaml b/clusters/cl01tl/manifests/sonarr/HTTPRoute-sonarr.yaml index 455dd77fc..85969cf82 100644 --- a/clusters/cl01tl/manifests/sonarr/HTTPRoute-sonarr.yaml +++ b/clusters/cl01tl/manifests/sonarr/HTTPRoute-sonarr.yaml @@ -17,6 +17,17 @@ spec: hostnames: - "sonarr.alexlebens.net" rules: + - backendRefs: + - group: "" + kind: Service + name: ak-outpost-traefik-proxy-auth + namespace: authentik + port: 9000 + weight: 100 + matches: + - path: + type: PathPrefix + value: /outpost.goauthentik.io - backendRefs: - group: "" kind: Service @@ -28,3 +39,9 @@ spec: - path: type: PathPrefix value: / + filters: + - extensionRef: + group: traefik.io + kind: Middleware + name: oidc-forward-auth + type: ExtensionRef diff --git a/clusters/cl01tl/manifests/sonarr/Middleware-oidc-forward-auth.yaml b/clusters/cl01tl/manifests/sonarr/Middleware-oidc-forward-auth.yaml new file mode 100644 index 000000000..748c857b6 --- /dev/null +++ b/clusters/cl01tl/manifests/sonarr/Middleware-oidc-forward-auth.yaml @@ -0,0 +1,26 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: oidc-forward-auth + namespace: sonarr + labels: + app.kubernetes.io/name: oidc-forward-auth + app.kubernetes.io/instance: sonarr + app.kubernetes.io/part-of: sonarr +spec: + forwardAuth: + address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version