From de32a175565d012413d4df42b5bf716322e11ff8 Mon Sep 17 00:00:00 2001
From: WrenIX <dev@wrenix.eu>
Date: Sat, 6 Jul 2024 20:52:02 +0200
Subject: [PATCH] fix(infra-monitoring): auth authentik with tls

---
 .../alertmanager/authentik-application.yaml      | 16 ++++++++++++++++
 .../templates/karma/authentik-application.yaml   | 14 ++++++++++++++
 .../prometheus/authentik-application.yaml        | 14 ++++++++++++++
 3 files changed, 44 insertions(+)

diff --git a/infra-monitoring/templates/alertmanager/authentik-application.yaml b/infra-monitoring/templates/alertmanager/authentik-application.yaml
index dcdcd94..50514c3 100644
--- a/infra-monitoring/templates/alertmanager/authentik-application.yaml
+++ b/infra-monitoring/templates/alertmanager/authentik-application.yaml
@@ -35,6 +35,7 @@ spec:
         domain: "https://{{ .Values.commons.auth.authentik.domain }}"
       provider:
         enabled: {{ not .Values.alertmanager.auth.anonymous.enabled }}
+        type: "proxy"
         proxy:
           externalHost: {{ $url | quote }}
           skipPathRegex: |
@@ -42,6 +43,21 @@ spec:
           ingress:
             enabled: true
             domain: {{ $domain | quote }}
+            backend: {{ .Values.commons.auth.authentik.backend }}
+            {{- with $.Values.commons.ingress.annotations }}
+            annotations:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            {{- if $.Values.commons.ingress.tls.enabled }}
+            tls:
+              {{- with $.Values.commons.ingress.tls.override }}
+              {{- toYaml . | nindent 14 }}
+              {{- else }}
+              - secretName: "infra-monitoring-alertmanager-cert"
+                hosts:
+                  - {{ $domain | quote }}
+              {{- end }}
+            {{- end }}
 
       groups:
         - slug: "app: infra"
diff --git a/infra-monitoring/templates/karma/authentik-application.yaml b/infra-monitoring/templates/karma/authentik-application.yaml
index e443e13..3fe502b 100644
--- a/infra-monitoring/templates/karma/authentik-application.yaml
+++ b/infra-monitoring/templates/karma/authentik-application.yaml
@@ -44,6 +44,20 @@ spec:
             enabled: true
             domain: {{ $domain | quote }}
             backend: {{ .Values.commons.auth.authentik.backend }}
+            {{- with $.Values.commons.ingress.annotations }}
+            annotations:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            {{- if $.Values.commons.ingress.tls.enabled }}
+            tls:
+              {{- with $.Values.commons.ingress.tls.override }}
+              {{- toYaml . | nindent 14 }}
+              {{- else }}
+              - secretName: "infra-monitoring-karma-cert"
+                hosts:
+                  - {{ $domain | quote }}
+              {{- end }}
+            {{- end }}
 
       groups:
         - slug: "app: infra"
diff --git a/infra-monitoring/templates/prometheus/authentik-application.yaml b/infra-monitoring/templates/prometheus/authentik-application.yaml
index c663435..901dab0 100644
--- a/infra-monitoring/templates/prometheus/authentik-application.yaml
+++ b/infra-monitoring/templates/prometheus/authentik-application.yaml
@@ -44,6 +44,20 @@ spec:
             enabled: true
             domain: {{ $domain | quote }}
             backend: {{ .Values.commons.auth.authentik.backend }}
+            {{- with $.Values.commons.ingress.annotations }}
+            annotations:
+              {{- toYaml . | nindent 14 }}
+            {{- end }}
+            {{- if $.Values.commons.ingress.tls.enabled }}
+            tls:
+              {{- with $.Values.commons.ingress.tls.override }}
+              {{- toYaml . | nindent 14 }}
+              {{- else }}
+              - secretName: "infra-monitoring-prometheus-cert"
+                hosts:
+                  - {{ $domain | quote }}
+              {{- end }}
+            {{- end }}
 
       groups:
         - slug: "app: infra"