alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:e013c34cd25593a8e0727d1715420f36ea1add44
Branches Tags
alexlebens:main alexlebens:manifests alexlebens:renovate/cilium-1.x
...
compare: alexlebens:main
Branches Tags
alexlebens:manifests alexlebens:renovate/cilium-1.x alexlebens:main

15 Commits
e013c34cd2 ... main

Author SHA1 Message Date
Renovate Bot
4fde64a6a1 chore(deps): update harbor.alexlebens.net/images/site-documentation docker tag to v0.1.6 (#4247)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 21s
Details
renovate / renovate (push) Successful in 2m4s
Details
2026-02-26 04:14:15 +00:00
Renovate Bot
45159022c9 chore(deps): update harbor.alexlebens.net/images/site-profile docker tag to v2.16.0 (#4246)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 1m37s
Details
renovate / renovate (push) Has been cancelled
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [harbor.alexlebens.net/images/site-profile](https://gitea.alexlebens.dev/alexlebens/site-profile) | minor | `2.15.1` → `2.16.0` |

---

### Release Notes

<details>
<summary>alexlebens/site-profile (harbor.alexlebens.net/images/site-profile)</summary>

### [`v2.16.0`](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/2.15.1...2.16.0)

[Compare Source](https://gitea.alexlebens.dev/alexlebens/site-profile/compare/2.15.1...2.16.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS43IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuNyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: #4246
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-02-26 04:12:25 +00:00
Renovate Bot
fbc8b4014f chore(deps): update kube-prometheus-stack docker tag to v82.4.0 (#4232)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 1m37s
Details
render-manifests-dispatch / render-manifests-dispatch (push) Successful in 43m25s
Details
renovate / renovate (push) Successful in 3m11s
Details 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [kube-prometheus-stack](https://github.com/prometheus-operator/kube-prometheus) ([source](https://github.com/prometheus-community/helm-charts)) | minor | `82.3.0` → `82.4.0` |

---

### Release Notes

<details>
<summary>prometheus-community/helm-charts (kube-prometheus-stack)</summary>

### [`v82.4.0`](https://github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-82.4.0)

[Compare Source](https://github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-82.3.0...kube-prometheus-stack-82.4.0)

kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.

#### What's Changed

- \[kube-prometheus-stack] unify PodDisruptionBudget configuration by [@&#8203;mkmet](https://github.com/mkmet) in [#&#8203;6669](https://github.com/prometheus-community/helm-charts/pull/6669)

#### New Contributors

- [@&#8203;mkmet](https://github.com/mkmet) made their first contribution in [#&#8203;6669](https://github.com/prometheus-community/helm-charts/pull/6669)

**Full Changelog**: <https://github.com/prometheus-community/helm-charts/compare/prometheus-nginx-exporter-1.19.1...kube-prometheus-stack-82.4.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS43IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuNyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: #4232
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-02-26 00:02:47 +00:00
Alex Lebens
7411f391e8 feat: add proxy auth
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m21s
Details
render-manifests-push / render-manifests-push (push) Successful in 4m17s
Details
renovate / renovate (push) Successful in 5m3s
Details
2026-02-25 17:42:52 -06:00
Alex Lebens
536e164b03 fix: change headers
All checks were successful
lint-test-helm / lint-helm (push) Successful in 40s
Details
render-manifests-push / render-manifests-push (push) Successful in 2m26s
Details
renovate / renovate (push) Successful in 3m3s
Details
2026-02-25 17:25:18 -06:00
Alex Lebens
ade761cc85 feat: add reference grant
All checks were successful
lint-test-helm / lint-helm (push) Successful in 47s
Details
render-manifests-push / render-manifests-push (push) Successful in 2m2s
Details
renovate / renovate (push) Successful in 3m24s
Details
2026-02-25 17:08:38 -06:00
Alex Lebens
218cb6c9de fix: apply rule for routing
All checks were successful
lint-test-helm / lint-helm (push) Successful in 40s
Details
render-manifests-push / render-manifests-push (push) Successful in 1m52s
Details
renovate / renovate (push) Successful in 3m30s
Details
2026-02-25 17:03:38 -06:00
Alex Lebens
9ba91dd00b fix: fix headers
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m18s
Details
render-manifests-push / render-manifests-push (push) Successful in 2m38s
Details
renovate / renovate (push) Successful in 3m9s
Details
2026-02-25 16:44:58 -06:00
Alex Lebens
4c02107d95 fix: fix placement
All checks were successful
lint-test-helm / lint-helm (push) Successful in 31s
Details
render-manifests-push / render-manifests-push (push) Successful in 1m26s
Details
renovate / renovate (push) Successful in 4m13s
Details
2026-02-25 16:27:01 -06:00
Alex Lebens
4faecf7888 feat: add proxy auth
Some checks failed
lint-test-helm / lint-helm (push) Successful in 30s
Details
render-manifests-push / render-manifests-push (push) Failing after 1m3s
Details
renovate / renovate (push) Has been cancelled
Details
2026-02-25 16:24:43 -06:00
Renovate Bot
b0e7da062a chore(deps): update dependency elastic/cloud-on-k8s to v3.3.1 (#4237)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 1m1s
Details
renovate / renovate (push) Successful in 2m32s
Details
2026-02-25 21:47:42 +00:00
Renovate Bot
91540f1955 chore(deps): update booklore-app/booklore to v2.0.2 (#4236)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Has been cancelled
Details
renovate / renovate (push) Has been cancelled
Details
2026-02-25 21:47:16 +00:00
Renovate Bot
cd35da4bed chore(deps): update helm release eck-operator to v3.3.1 (#4234)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 44s
Details
renovate / renovate (push) Successful in 3m7s
Details
2026-02-25 18:49:22 +00:00
Renovate Bot
752c9fc47d chore(deps): update dependency tailscale/tailscale to v1.94.2 (#4233)
Some checks failed
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Failing after 6s
Details
renovate / renovate (push) Has been cancelled
Details
2026-02-25 18:48:42 +00:00
Renovate Bot
826558ae44 chore(deps): update helm release authentik to v2026 (#4227)
All checks were successful
render-manifests-push / render-manifests-push (push) Has been skipped
Details
lint-test-helm / lint-helm (push) Successful in 24s
Details
renovate / renovate (push) Successful in 1m52s
Details 
Reviewed-on: #4227
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
 2026-02-25 04:46:25 +00:00
28 changed files with 393 additions and 18 deletions
Expand all files Collapse all files

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: authentik - name: authentik
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
version: 2025.12.4 version: 2026.2.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.3.0 version: 2.3.0
@@ -11,5 +11,5 @@ dependencies:
- name: redis-replication - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.0.4 version: 1.0.4
digest: sha256:9e8f037f9d581ad83edde8d4a68672860cbe9d0192b10c37708710315a017469 digest: sha256:c8602f093e78af87eac0c99d622f0815ec89ebc1305e097ca4d6f72b003ae57c
generated: "2026-02-24T17:34:02.304009-06:00" generated: "2026-02-25T03:06:14.95787836Z"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -21,7 +21,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: authentik - name: authentik
version: 2025.12.4 version: 2026.2.0
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts

39
clusters/cl01tl/helm/authentik/templates/reference-grant.yaml Normal file
View File

@@ -0,0 +1,39 @@
apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
name: allow-outpost-cross-namespace-access
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: allow-outpost-cross-namespace-access
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
from:
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: lidarr
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: radarr
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: radarr-4k
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: radarr-anime
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: radarr-standup
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: sonarr
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: sonarr-4k
- group: gateway.networking.k8s.io
kind: HTTPRoute
namespace: sonarr-anime
to:
- group: ""
kind: Service
name: ak-outpost-traefik-proxy-auth

2
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -30,4 +30,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=booklore-app/BookLore # renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.0.1 appVersion: v2.0.2

2
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main: main:
image: image:
repository: ghcr.io/booklore-app/booklore repository: ghcr.io/booklore-app/booklore
tag: v2.0.1 tag: v2.0.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ

6
clusters/cl01tl/helm/elastic-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: eck-operator - name: eck-operator
repository: https://helm.elastic.co repository: https://helm.elastic.co
version: 3.3.0 version: 3.3.1
digest: sha256:d2b00de6c03bf7624fdf496b326262149a2d2635012f14e900ed0724545c95d9 digest: sha256:8585f3ea3e4cafc4ff2969ea7e797017b7cfe4becb3385f0b080725908c02f09
generated: "2026-02-03T18:05:00.461644575Z" generated: "2026-02-25T18:48:55.77034549Z"

4
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: eck-operator - name: eck-operator
version: 3.3.0 version: 3.3.1
repository: https://helm.elastic.co repository: https://helm.elastic.co
icon: https://helm.elastic.co/icons/eck.png icon: https://helm.elastic.co/icons/eck.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s # renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.0 appVersion: v3.3.1

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 82.3.0 version: 82.4.0
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: redis-replication - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 1.0.4 version: 1.0.4
digest: sha256:41de0559e2f4e85a33ca006520cf67c85abaf5691f3cd0aacf7b66ba0d95ce50 digest: sha256:24214c0bc1e6aed9954385aa61b403a7fa4b4e92bac09777504635cba98735ba
generated: "2026-02-24T20:10:32.588038295Z" generated: "2026-02-25T23:46:14.059155578Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 82.3.0 version: 82.4.0
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: app-template - name: app-template
alias: ntfy-alertmanager alias: ntfy-alertmanager

26
clusters/cl01tl/helm/lidarr/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -84,12 +84,28 @@ lidarr:
hostnames: hostnames:
- lidarr.alexlebens.net - lidarr.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: lidarr name: lidarr
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/radarr-4k/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/radarr-4k/values.yaml
View File

@@ -84,12 +84,28 @@ radarr-4k:
hostnames: hostnames:
- radarr-4k.alexlebens.net - radarr-4k.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: radarr-4k name: radarr-4k
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/radarr-anime/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/radarr-anime/values.yaml
View File

@@ -82,12 +82,28 @@ radarr-anime:
hostnames: hostnames:
- radarr-anime.alexlebens.net - radarr-anime.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: radarr-anime name: radarr-anime
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/radarr-standup/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/radarr-standup/values.yaml
View File

@@ -82,12 +82,28 @@ radarr-standup:
hostnames: hostnames:
- radarr-standup.alexlebens.net - radarr-standup.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: radarr-standup name: radarr-standup
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/radarr/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/radarr/values.yaml
View File

@@ -84,12 +84,28 @@ radarr:
hostnames: hostnames:
- radarr.alexlebens.net - radarr.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: radarr name: radarr
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -11,7 +11,7 @@ site-documentation:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-documentation repository: harbor.alexlebens.net/images/site-documentation
tag: 0.1.5 tag: 0.1.6
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: resources:
requests: requests:

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -11,7 +11,7 @@ site-profile:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-profile repository: harbor.alexlebens.net/images/site-profile
tag: 2.15.1 tag: 2.16.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
resources: resources:
requests: requests:

26
clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/sonarr-4k/values.yaml
View File

@@ -82,12 +82,28 @@ sonarr-4k:
hostnames: hostnames:
- sonarr-4k.alexlebens.net - sonarr-4k.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: sonarr-4k name: sonarr-4k
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/sonarr-anime/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/sonarr-anime/values.yaml
View File

@@ -82,12 +82,28 @@ sonarr-anime:
hostnames: hostnames:
- sonarr-anime.alexlebens.net - sonarr-anime.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: sonarr-anime name: sonarr-anime
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

26
clusters/cl01tl/helm/sonarr/templates/middleware.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: oidc-forward-auth
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: oidc-forward-auth
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

16
clusters/cl01tl/helm/sonarr/values.yaml
View File

@@ -82,12 +82,28 @@ sonarr:
hostnames: hostnames:
- sonarr.alexlebens.net - sonarr.alexlebens.net
rules: rules:
- backendRefs:
- name: ak-outpost-traefik-proxy-auth
namespace: authentik
port: 9000
weight: 100
filters: []
matches:
- path:
type: PathPrefix
value: /outpost.goauthentik.io
- backendRefs: - backendRefs:
- group: '' - group: ''
kind: Service kind: Service
name: sonarr name: sonarr
port: 80 port: 80
weight: 100 weight: 100
filters:
- type: ExtensionRef
extensionRef:
group: traefik.io
kind: Middleware
name: oidc-forward-auth
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

2
clusters/cl01tl/helm/tailscale-operator/Chart.yaml
View File

@@ -21,4 +21,4 @@ dependencies:
repository: https://pkgs.tailscale.com/helmcharts repository: https://pkgs.tailscale.com/helmcharts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tailscale-light.png
# renovate: datasource=github-releases depName=tailscale/tailscale # renovate: datasource=github-releases depName=tailscale/tailscale
appVersion: v1.94.1 appVersion: v1.94.2