diff --git a/modules/kubernetes/k8s-dashboard/main.tf b/modules/kubernetes/k8s-dashboard/main.tf index b554e9b0..ca98f94c 100644 --- a/modules/kubernetes/k8s-dashboard/main.tf +++ b/modules/kubernetes/k8s-dashboard/main.tf @@ -87,8 +87,13 @@ resource "kubernetes_ingress_v1" "kubernetes-dashboard" { # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" # "nginx.ingress.kubernetes.io/auth-tls-secret" = var.client_certificate_secret_name - "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" + "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" + + "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" + "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" } } diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index e7e46370..bda18f3b 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -521,3 +521,8 @@ module "authentik" { secret_key = var.authentik_secret_key postgres_password = var.authentik_postgres_password } + +# module "qbittorrent" { +# source = "./qbittorrent" +# tls_secret_name = var.tls_secret_name +# } diff --git a/modules/kubernetes/monitoring/grafana_chart_values.yaml b/modules/kubernetes/monitoring/grafana_chart_values.yaml index 01b8af07..706ca48a 100644 --- a/modules/kubernetes/monitoring/grafana_chart_values.yaml +++ b/modules/kubernetes/monitoring/grafana_chart_values.yaml @@ -11,8 +11,12 @@ ingress: # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" # nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" # nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret" - nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth" - nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + # nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth" + # nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + nginx.ingress.kubernetes.io/auth-url: "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" + nginx.ingress.kubernetes.io/auth-signin: "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" + nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" + nginx.ingress.kubernetes.io/auth-snippet: "proxy_set_header X-Forwarded-Host $http_host;" tls: - secretName: "tls-secret" hosts: diff --git a/terraform.tfstate b/terraform.tfstate index 5c312a5d..146a9853 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ