From 04b745d0d62455ab896ecfda6617a4cc57715358 Mon Sep 17 00:00:00 2001
From: Aaron Riedel <git@ar21.de>
Date: Sun, 29 Sep 2024 14:10:34 +0200
Subject: [PATCH] add SSO to prometheus, longhorn, alertmanager

---
 examples/example-deployment.yaml | 2 ++
 longhorn/values.yaml             | 2 +-
 prometheus/values.yaml           | 8 ++++----
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml
index 6af57ee..3cf0995 100644
--- a/examples/example-deployment.yaml
+++ b/examples/example-deployment.yaml
@@ -69,6 +69,8 @@ metadata:
     kubernetes.io/tls-acme: "true"
     # Use for Basic auth:
     # traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+    # Use for authentik SSO:
+    # traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
   name: example-ingress
   namespace: example
 spec:
diff --git a/longhorn/values.yaml b/longhorn/values.yaml
index 3024b2a..9fdce3c 100644
--- a/longhorn/values.yaml
+++ b/longhorn/values.yaml
@@ -25,7 +25,7 @@ ingress:
   host: longhorn.services.yolokube.de
   annotations:
     kubernetes.io/tls-acme: "true"
-    traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+    traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
   tls: true
   tlsSecret: longhorn-tls-key
 metrics:
diff --git a/prometheus/values.yaml b/prometheus/values.yaml
index 957374d..b3dc812 100644
--- a/prometheus/values.yaml
+++ b/prometheus/values.yaml
@@ -59,7 +59,7 @@ alertmanager:
     hosts:
       - alertmanager.services.yolokube.de
     annotations:
-      traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+      traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
       kubernetes.io/tls-acme: "true"
     tls:
       - secretName: alertmanager-tls-key
@@ -73,7 +73,7 @@ alertmanager:
     hostPrefix: alertmanager
     hostDomain: services.yolokube.de
     annotations:
-      traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+      traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
       kubernetes.io/tls-acme: "true"
     tlsSecretPerReplica:
       enabled: true
@@ -120,7 +120,7 @@ prometheus:
     hosts:
       - prometheus.services.yolokube.de
     annotations:
-      traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+      traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
       kubernetes.io/tls-acme: "true"
     tls:
       - secretName: prometheus-tls-key
@@ -134,7 +134,7 @@ prometheus:
     hostPrefix: prometheus
     hostDomain: services.yolokube.de
     annotations:
-      traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
+      traefik.ingress.kubernetes.io/router.middlewares: authentik-authentik@kubernetescrd
       kubernetes.io/tls-acme: "true"
     tlsSecretPerReplica:
       enabled: true