From 5ef26e5eef33ee2ee849f46b4b682184dccd8ead Mon Sep 17 00:00:00 2001
From: Matt Reeves <admin@mafyuh.io>
Date: Sun, 16 Feb 2025 03:57:10 -0500
Subject: [PATCH] test authentik proxy

---
 kubernetes/apps/production/arr/radarr/ingress.yaml | 9 +++++++++
 kubernetes/apps/production/nginx/helmrelease.yaml  | 8 ++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/kubernetes/apps/production/arr/radarr/ingress.yaml b/kubernetes/apps/production/arr/radarr/ingress.yaml
index b3c398d..435e884 100644
--- a/kubernetes/apps/production/arr/radarr/ingress.yaml
+++ b/kubernetes/apps/production/arr/radarr/ingress.yaml
@@ -3,6 +3,15 @@ kind: Ingress
 metadata:
   name: radarr
   namespace: arr
+  annotations:
+    nginx.ingress.kubernetes.io/auth-url: |-
+       http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
+    nginx.ingress.kubernetes.io/auth-signin: |-
+       https://radarr.local.mafyuh.dev/outpost.goauthentik.io/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-response-headers: |-
+       Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+    nginx.ingress.kubernetes.io/auth-snippet: |
+            proxy_set_header X-Forwarded-Host $http_host;
 spec:
   ingressClassName: nginx
   rules:
diff --git a/kubernetes/apps/production/nginx/helmrelease.yaml b/kubernetes/apps/production/nginx/helmrelease.yaml
index 7bfee86..2889362 100644
--- a/kubernetes/apps/production/nginx/helmrelease.yaml
+++ b/kubernetes/apps/production/nginx/helmrelease.yaml
@@ -16,5 +16,9 @@ spec:
         namespace: flux-system
   values:
     controller:
-      service:
-        type: LoadBalancer
+      allowSnippetAnnotations: "true"
+      config:
+        annotations-risk-level: "Critical"
+        enable-annotation-validation: false
+        service:
+          type: LoadBalancer