terraform/authentik/outposts.tf

resource "authentik_outpost" "embedded_outpost" {
  name = "authentik Embedded Outpost"
  protocol_providers = [
    #authentik_provider_proxy.chat.id,
    authentik_provider_proxy.esphome.id,
    authentik_provider_proxy.pinchflat.id,
    authentik_provider_proxy.paperless-gpt.id,
    #authentik_provider_proxy.proxy-test.id,
    #authentik_provider_proxy.spotizerr.id,
  ]
  service_connection = authentik_service_connection_kubernetes.local.id


  #  config = jsonencode({
  #    authentik_host                 = "https://auth.lab.cowley.tech"
  #    authentik_host_browser         = ""
  #    authentik_host_insecure        = false
  #    docker_map_ports               = true
  #    kubernetes_disabled_components = []
  #    kubernetes_image_pull_secrets  = []
  #    kubernetes_ingress_class_name  = "nginx"
  #    kubernetes_ingress_annotations = {
  #      "cert-manager.io/cluster-issuer" = "letsencrypt"
  #    }
  #    kubernetes_ingress_secret_name = "authentik-outpost-tls"
  #    kubernetes_json_patches        = null
  #    kubernetes_namespace           = "authentik"
  #    kubernetes_replicas            = 1
  #    kubernetes_service_type        = "ClusterIP"
  #    log_level                      = "info"
  #    object_naming_template         = "ak-outpost-%(name)s"
  #    refresh_interval               = "minutes=5"
  #  })
}

# resource "authentik_outpost" "internal" {
#   name = "Internal Outpost"
# 
#   protocol_providers = [
#     authentik_provider_proxy.longhorn.id,
#   ]
#   service_connection = authentik_service_connection_kubernetes.local.id
# 
#   config = jsonencode({
#     authentik_host                = "https://auth.lab.cowley.tech"
#     docker_map_ports              = true
#     kubernetes_ingress_class_name = "traefik"
#     kubernetes_ingress_annotations = {
#       "cert-manager.io/cluster-issuer" = "letsencrypt"
#     }
#     kubernetes_ingress_secret_name = "authentk_internal_outpost_tls"
#     kubernetes_json_patches        = null
#     kubernetes_namespace           = "authentik"
#     kubernetes_replicas            = 1
#     kubernetes_service_type        = "ClusterIP"
#     log_level                      = "info"
#     object_naming_template         = "ak-outpost-%(name)s"
#     refresh_interval               = "minutes=5"
#   })
# }

resource "authentik_service_connection_kubernetes" "local" {
  name  = "Local Kubernetes Cluster"
  local = true
}

#resource "authentik_service_connection_kubernetes" "k3s" {
#  name  = "Homelab K3s Cluster"
#  local = true
#}