fix: add http service to authentik

charts/operator/values.yaml

@@ -6,7 +6,7 @@ image:
   repository: ghcr.io/morten-olsen/homelab-operator
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: main@sha256:6ccd49971ca0c230f42c9c7b52197c853c87b77a89f66dc7791335191fb79054
+  tag: main@sha256:df20d7e4f48bd886cef63ab882de9c6df76b0b297724d1cdf3a79aba8de6f896
 
 imagePullSecrets: []
 nameOverride: ""

images/backup/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine/git:latest@sha256:63d6641dc22922b38b8c19780d2308879ef29a8fb9766ddb90f7e4c9ddeefad3
+FROM alpine/git:latest@sha256:bd54f921f6d803dfa3a4fe14b7defe36df1b71349a3e416547e333aa960f86e3
 # or a more specific image like a Debian slim or Ubuntu base image.
 RUN apk add --no-cache restic fuse-overlayfs
 WORKDIR /app

images/operator/src/bootstrap/bootstrap.ts

@@ -31,11 +31,11 @@ class BootstrapService {
 
   public ensure = async () => {
     await this.namespaces.ensure();
-    // await this.repos.ensure();
-    // await this.releases.ensure();
-    // await this.cloudflareTunnel.ensure({
-    //  spec: {},
-    //});
+    await this.repos.ensure();
+    await this.releases.ensure();
+    await this.cloudflareTunnel.ensure({
+      spec: {},
+    });
   };
 }
 

images/operator/src/index.ts

@@ -8,7 +8,7 @@ import { homelab } from '#resources/homelab/homelab.ts';
 const services = new Services();
 const resourceService = services.get(ResourceService);
 
-// await resourceService.install(...Object.values(homelab));
+await resourceService.install(...Object.values(homelab));
 await resourceService.register(...Object.values(resources));
 
 const bootstrapService = services.get(BootstrapService);

images/operator/src/resources/homelab/authentik-server/authentik-server.ts

@@ -18,6 +18,7 @@ import { RepoService } from '#bootstrap/repos/repos.ts';
 import { DestinationRule } from '#resources/istio/destination-rule/destination-rule.ts';
 import { NotReadyError } from '#utils/errors.ts';
 import { ExternalHttpService } from '../external-http-service.ts/external-http-service.ts';
+import { HttpService } from '../http-service/http-service.ts';
 
 const specSchema = z.object({
   environment: z.string(),
@@ -44,6 +45,7 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
   #initSecret: Secret<InitSecretData>;
   #service: Service;
   #helmRelease: HelmRelease;
+  #httpService: HttpService;
   #externalHttpService: ExternalHttpService;
   #destinationRule: DestinationRule;
 
@@ -72,6 +74,8 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
     this.#destinationRule.on('changed', this.queueReconcile);
 
     this.#externalHttpService = resourceService.get(ExternalHttpService, this.name, this.namespace);
+
+    this.#httpService = resourceService.get(HttpService, this.name, this.namespace);
   }
 
   public get service() {
@@ -168,7 +172,7 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
         chart: {
           spec: {
             chart: 'authentik',
-            version: '2025.10.3',
+            version: '2025.6.4',
             sourceRef: {
               apiVersion: 'source.toolkit.fluxcd.io/v1',
               kind: 'HelmRepository',
@@ -253,6 +257,22 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
       },
     });
 
+    await this.#httpService.ensure({
+      metadata: {
+        ownerReferences: [this.ref],
+      },
+      spec: {
+        environment: this.spec.environment,
+        subdomain: this.spec.subdomain || 'authentik',
+        destination: {
+          host: this.#service.hostname,
+          port: {
+            number: 80,
+          },
+        },
+      },
+    });
+
     await this.#externalHttpService.ensure({
       metadata: {
         ownerReferences: [this.ref],

images/operator/src/resources/resources.ts

@@ -11,7 +11,7 @@ const resources = {
   ...flux,
   ...certManager,
   ...istio,
-  // ...homelab,
+  ...homelab,
 } satisfies Record<string, ResourceClass<ExpectedAny>>;
 
 export { resources };