From 74f1695d71a7e311c1a8eb9be9f772e55948764d Mon Sep 17 00:00:00 2001
From: Aaron Riedel <git@ar21.de>
Date: Wed, 4 Sep 2024 22:11:06 +0200
Subject: [PATCH] add authentik outpost and middlewear

---
 authentik/manifest.yaml | 100 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 authentik/manifest.yaml

diff --git a/authentik/manifest.yaml b/authentik/manifest.yaml
new file mode 100644
index 0000000..ab2b888
--- /dev/null
+++ b/authentik/manifest.yaml
@@ -0,0 +1,100 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: authentik
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: authentik-outpost
+  namespace: authentik
+  labels:
+    app.kubernetes.io/instance: yolokube-proxy
+    app.kubernetes.io/managed-by: goauthentik.io
+    app.kubernetes.io/name: authentik-proxy
+spec:
+  ports:
+    - name: http
+      port: 9000
+      protocol: TCP
+      targetPort: http
+    - name: https
+      port: 9443
+      protocol: TCP
+      targetPort: https
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/managed-by: goauthentik.io
+    app.kubernetes.io/instance: yolokube-proxy
+    app.kubernetes.io/name: authentik-proxy
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: authentik-outpost
+  namespace: authentik
+  labels:
+    app.kubernetes.io/instance: yolokube-proxy
+    app.kubernetes.io/managed-by: goauthentik.io
+    app.kubernetes.io/name: authentik-proxy
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: yolokube-proxy
+      app.kubernetes.io/managed-by: goauthentik.io
+      app.kubernetes.io/name: authentik-proxy
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: yolokube-proxy
+        app.kubernetes.io/managed-by: goauthentik.io
+        app.kubernetes.io/name: authentik-proxy
+    spec:
+      containers:
+        - env:
+          - name: AUTHENTIK_HOST
+            valueFrom:
+              secretKeyRef:
+                key: authentik_host
+                name: authentik-outpost-api
+          - name: AUTHENTIK_TOKEN
+            valueFrom:
+              secretKeyRef:
+                key: token
+                name: authentik-outpost-api
+          - name: AUTHENTIK_INSECURE
+            valueFrom:
+              secretKeyRef:
+                key: authentik_host_insecure
+                name: authentik-outpost-api
+          image: ghcr.io/goauthentik/proxy
+          name: proxy
+          ports:
+            - containerPort: 9000
+              name: http
+              protocol: TCP
+            - containerPort: 9443
+              name: https
+              protocol: TCP
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+    name: authentik
+    namespace: authentik
+spec:
+    forwardAuth:
+        address: http://authentik-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik
+        trustForwardHeader: true
+        authResponseHeaders:
+            - X-authentik-username
+            - X-authentik-groups
+            - X-authentik-email
+            - X-authentik-name
+            - X-authentik-uid
+            - X-authentik-jwt
+            - X-authentik-meta-jwks
+            - X-authentik-meta-outpost
+            - X-authentik-meta-provider
+            - X-authentik-meta-app
+            - X-authentik-meta-version