From 1b9b8cb03345acba5479e3aaaff25f9cc8ee51b7 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 28 Jun 2026 12:11:50 +1000 Subject: [PATCH] Add identity.k8s.syd1.au.unkin.net as internal hostname for Authentik --- apps/base/authentik/gateway.yaml | 22 +++++++++++++++++++++- apps/base/authentik/httproute.yaml | 10 ++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/apps/base/authentik/gateway.yaml b/apps/base/authentik/gateway.yaml index 09c0b01..bc13062 100644 --- a/apps/base/authentik/gateway.yaml +++ b/apps/base/authentik/gateway.yaml @@ -8,7 +8,7 @@ metadata: cert-manager.io/cluster-issuer: vault-issuer cert-manager.io/common-name: identity.unkin.net cert-manager.io/private-key-size: "4096" - external-dns.alpha.kubernetes.io/hostname: identity.unkin.net + external-dns.alpha.kubernetes.io/hostname: identity.unkin.net,identity.k8s.syd1.au.unkin.net external-dns.alpha.kubernetes.io/target: 198.18.200.4 name: authentik namespace: authentik @@ -35,3 +35,23 @@ spec: kind: Secret name: authentik-tls mode: Terminate + - allowedRoutes: + namespaces: + from: Same + hostname: identity.k8s.syd1.au.unkin.net + name: http-internal + port: 80 + protocol: HTTP + - allowedRoutes: + namespaces: + from: Same + hostname: identity.k8s.syd1.au.unkin.net + name: https-internal + port: 443 + protocol: HTTPS + tls: + certificateRefs: + - group: "" + kind: Secret + name: authentik-tls + mode: Terminate diff --git a/apps/base/authentik/httproute.yaml b/apps/base/authentik/httproute.yaml index 227c017..bd4892e 100644 --- a/apps/base/authentik/httproute.yaml +++ b/apps/base/authentik/httproute.yaml @@ -7,11 +7,16 @@ metadata: spec: hostnames: - identity.unkin.net + - identity.k8s.syd1.au.unkin.net parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: authentik sectionName: http + - group: gateway.networking.k8s.io + kind: Gateway + name: authentik + sectionName: http-internal rules: - filters: - type: RequestRedirect @@ -31,11 +36,16 @@ metadata: spec: hostnames: - identity.unkin.net + - identity.k8s.syd1.au.unkin.net parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: authentik sectionName: https + - group: gateway.networking.k8s.io + kind: Gateway + name: authentik + sectionName: https-internal rules: - backendRefs: - group: ""