apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: authentik-tailscale
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: authentik-tailscale
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/part-of: {{ .Release.Name }}
    tailscale.com/proxy-class: no-metrics
  annotations:
    tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
spec:
  ingressClassName: tailscale
  tls:
    - hosts:
        - auth-cl01tl
      secretName: auth-cl01tl
  rules:
    - host: auth-cl01tl
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: authentik-server
                port:
                  number: 80