From 6ecfd519b5b92ad7fa2af163129c55fda760c91b Mon Sep 17 00:00:00 2001 From: alexlebens Date: Wed, 31 Jul 2024 19:21:17 -0500 Subject: [PATCH] add app key --- .../koel/templates/ingress-route.yaml | 33 +++++++++++++++++++ .../koel/templates/middleware.yaml | 27 +++++++++++++++ clusters/cl01tl/applications/koel/values.yaml | 25 +++----------- 3 files changed, 65 insertions(+), 20 deletions(-) create mode 100644 clusters/cl01tl/applications/koel/templates/ingress-route.yaml create mode 100644 clusters/cl01tl/applications/koel/templates/middleware.yaml diff --git a/clusters/cl01tl/applications/koel/templates/ingress-route.yaml b/clusters/cl01tl/applications/koel/templates/ingress-route.yaml new file mode 100644 index 000000000..771e85bac --- /dev/null +++ b/clusters/cl01tl/applications/koel/templates/ingress-route.yaml @@ -0,0 +1,33 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: koel + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: koel + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`koel.alexlebens.net`) + middlewares: + - name: authentik-koel + namespace: {{ .Release.Namespace }} + priority: 10 + services: + - kind: Service + name: koel + port: 80 + - kind: Rule + match: Host(`koel.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + services: + - kind: Service + name: authentik-outpost-proxy + port: 9000 + namespace: authentik diff --git a/clusters/cl01tl/applications/koel/templates/middleware.yaml b/clusters/cl01tl/applications/koel/templates/middleware.yaml new file mode 100644 index 000000000..c26ff9410 --- /dev/null +++ b/clusters/cl01tl/applications/koel/templates/middleware.yaml @@ -0,0 +1,27 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: authentik-koel + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: authentik-koel + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: auth + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + forwardAuth: + address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/clusters/cl01tl/applications/koel/values.yaml b/clusters/cl01tl/applications/koel/values.yaml index d0bcc157b..7a88d2550 100644 --- a/clusters/cl01tl/applications/koel/values.yaml +++ b/clusters/cl01tl/applications/koel/values.yaml @@ -20,6 +20,11 @@ koel: value: true - name: APP_URL value: https://koel.alexlebens.dev + - name: APP_KEY + valueFrom: + secretKeyRef: + name: koel-config-secret + key: app-key - name: STREAMING_METHOD value: x-accel-redirect - name: OUTPUT_BIT_RATE @@ -92,26 +97,6 @@ koel: port: 80 targetPort: 80 protocol: HTTP - ingress: - main: - enabled: true - className: traefik - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: letsencrypt-issuer - hosts: - - host: koel.alexlebens.net - paths: - - path: / - pathType: Prefix - service: - name: koel - port: 80 - tls: - - secretName: koel-secret-tls - hosts: - - koel.alexlebens.net persistence: covers: storageClass: ceph-block