fix: add http service to authentik

images/operator/pnpm-lock.yaml

@@ -33,7 +33,7 @@ importers:
         version: 2.2.3
       dotenv:
         specifier: ^17.2.1
-        version: 17.2.3
+        version: 17.2.2
       eventemitter3:
         specifier: ^5.0.1
         version: 5.0.1
@@ -622,8 +622,8 @@ packages:
     resolution: {integrity: sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==}
     engines: {node: '>=0.10.0'}
 
-  dotenv@17.2.3:
-    resolution: {integrity: sha512-JVUnt+DUIzu87TABbhPmNfVdBDt18BLOWjMUFJMSi/Qqg7NTYtabbvSNJGOJ7afbRuv9D/lngizHtP7QyLQ+9w==}
+  dotenv@17.2.2:
+    resolution: {integrity: sha512-Sf2LSQP+bOlhKWWyhFsn0UsfdK/kCWRv1iuA2gXAwt3dyNabr6QSj00I2V10pidqz69soatm9ZwZvpQMTIOd5Q==}
     engines: {node: '>=12'}
 
   dunder-proto@1.0.1:
@@ -2658,7 +2658,7 @@ snapshots:
     dependencies:
       esutils: 2.0.3
 
-  dotenv@17.2.3: {}
+  dotenv@17.2.2: {}
 
   dunder-proto@1.0.1:
     dependencies:

images/operator/src/bootstrap/bootstrap.ts

@@ -32,7 +32,7 @@ class BootstrapService {
   public ensure = async () => {
     await this.namespaces.ensure();
     await this.repos.ensure();
-    // await this.releases.ensure();
+    await this.releases.ensure();
     await this.cloudflareTunnel.ensure({
       spec: {},
     });

images/operator/src/resources/homelab/authentik-server/authentik-server.ts

@@ -18,6 +18,7 @@ import { RepoService } from '#bootstrap/repos/repos.ts';
 import { DestinationRule } from '#resources/istio/destination-rule/destination-rule.ts';
 import { NotReadyError } from '#utils/errors.ts';
 import { ExternalHttpService } from '../external-http-service.ts/external-http-service.ts';
+import { HttpService } from '../http-service/http-service.ts';
 
 const specSchema = z.object({
   environment: z.string(),
@@ -44,6 +45,7 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
   #initSecret: Secret<InitSecretData>;
   #service: Service;
   #helmRelease: HelmRelease;
+  #httpService: HttpService;
   #externalHttpService: ExternalHttpService;
   #destinationRule: DestinationRule;
 
@@ -72,6 +74,8 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
     this.#destinationRule.on('changed', this.queueReconcile);
 
     this.#externalHttpService = resourceService.get(ExternalHttpService, this.name, this.namespace);
+
+    this.#httpService = resourceService.get(HttpService, this.name, this.namespace);
   }
 
   public get service() {
@@ -168,7 +172,7 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
         chart: {
           spec: {
             chart: 'authentik',
-            version: '2025.10.3',
+            version: '2025.6.4',
             sourceRef: {
               apiVersion: 'source.toolkit.fluxcd.io/v1',
               kind: 'HelmRepository',
@@ -253,6 +257,22 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
       },
     });
 
+    await this.#httpService.ensure({
+      metadata: {
+        ownerReferences: [this.ref],
+      },
+      spec: {
+        environment: this.spec.environment,
+        subdomain: this.spec.subdomain || 'authentik',
+        destination: {
+          host: this.#service.hostname,
+          port: {
+            number: 80,
+          },
+        },
+      },
+    });
+
     await this.#externalHttpService.ensure({
       metadata: {
         ownerReferences: [this.ref],