terraform/authentik/outposts.tf

resource "authentik_outpost" "embedded_outpost" {
  name = "authentik Embedded Outpost"
  protocol_providers = [
    authentik_provider_proxy.esphome.id,
    authentik_provider_proxy.pinchflat.id,
    authentik_provider_proxy.paperless-gpt.id,
    #authentik_provider_proxy.tubearchivist.id,
    #authentik_provider_proxy.spotizerr.id,
  ]
  service_connection = authentik_service_connection_kubernetes.local.id


  #  config = jsonencode({
  #    authentik_host                 = "https://auth.lab.cowley.tech"
  #    authentik_host_browser         = ""
  #    authentik_host_insecure        = false
  #    docker_map_ports               = true
  #    kubernetes_disabled_components = []
  #    kubernetes_image_pull_secrets  = []
  #    kubernetes_ingress_class_name  = "nginx"
  #    kubernetes_ingress_annotations = {
  #      "cert-manager.io/cluster-issuer" = "letsencrypt"
  #    }
  #    kubernetes_ingress_secret_name = "authentik-outpost-tls"
  #    kubernetes_json_patches        = null
  #    kubernetes_namespace           = "authentik"
  #    kubernetes_replicas            = 1
  #    kubernetes_service_type        = "ClusterIP"
  #    log_level                      = "info"
  #    object_naming_template         = "ak-outpost-%(name)s"
  #    refresh_interval               = "minutes=5"
  #  })
}

resource "authentik_outpost" "internal" {
  name = "Internal Outpost"

  protocol_providers = [
    authentik_provider_proxy.longhorn.id,
  ]
  service_connection = authentik_service_connection_kubernetes.local.id

  config = jsonencode({
    authentik_host                = "https://auth.lab.cowley.tech"
    docker_map_ports              = true
    kubernetes_ingress_class_name = "traefik"
    kubernetes_ingress_annotations = {
      "cert-manager.io/cluster-issuer" = "letsencrypt"
    }
    kubernetes_ingress_secret_name = "authentk_internal_outpost_tls"
    kubernetes_json_patches        = null
    kubernetes_namespace           = "authentik"
    kubernetes_replicas            = 1
    kubernetes_service_type        = "ClusterIP"
    log_level                      = "info"
    object_naming_template         = "ak-outpost-%(name)s"
    refresh_interval               = "minutes=5"
  })
}

resource "authentik_service_connection_kubernetes" "local" {
  name  = "Local Kubernetes Cluster"
  local = true
}

#resource "authentik_service_connection_kubernetes" "k3s" {
#  name  = "Homelab K3s Cluster"
#  local = true
#}