fix: add http service to authentik

The Renovate config in this repository needs migrating. Typically this
is because one or more configuration options you are using have been
renamed.

You don't need to merge this PR right away, because Renovate will
continue to migrate these fields internally each time it runs. But later
some of these fields may be fully deprecated and the migrations removed.
So it's a good idea to merge this migration PR soon.



#### [PLEASE
NOTE](https://docs.renovatebot.com/configuration-options#configmigration):
JSON5 config file migrated! All comments & trailing commas were removed.

🔕 **Ignore**: Close this PR and you won't be reminded about config
migration again, but one day your current config may no longer be valid.

❓ Got questions? Does something look wrong to you? Please don't hesitate
to [request help
here](https://redirect.github.com/renovatebot/renovate/discussions).


---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

Co-authored-by: Renovate Bot <renovate@whitesourcesoftware.com>

charts/operator/templates/clusterrolebinding.yaml

@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "homelab-operator.fullname" . }}
+  name: '{{ include "homelab-operator.fullname" . }}'
 subjects:
-- kind: ServiceAccount
+  - kind: ServiceAccount
-  name: {{ include "homelab-operator.serviceAccountName" . }}
+    name: '{{ include "homelab-operator.serviceAccountName" . }}'
-  namespace: {{ .Release.Namespace }}
+    namespace: "{{ .Release.Namespace }}"
 roleRef:
   kind: ClusterRole
-  name: {{ include "homelab-operator.fullname" . }}
+  name: '{{ include "homelab-operator.fullname" . }}'
   apiGroup: rbac.authorization.k8s.io

charts/operator/templates/deployment.yaml

@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "homelab-operator.fullname" . }}
+  namespace: "{{ .Release.Namespace }}"
   labels:
     {{- include "homelab-operator.labels" . | nindent 4 }}
 spec:

charts/operator/templates/serviceaccount.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ include "homelab-operator.serviceAccountName" . }}
+  namespace: "{{ .Release.Namespace }}"
   labels:
     {{- include "homelab-operator.labels" . | nindent 4 }}
   {{- with .Values.serviceAccount.annotations }}

images/operator/Dockerfile

@@ -1,6 +1,8 @@
 FROM node:23-slim@sha256:86191b94d2a163be41f3dc7fe5e5fcaca8ba2f1be7275d98a06343483c17414a
 RUN corepack enable
+WORKDIR /app
 COPY package.json pnpm-lock.yaml ./
+COPY patches ./patches
 RUN pnpm install --frozen-lockfile --prod
 COPY . .
 CMD ["node", "src/index.ts"]

images/operator/package.json

@@ -49,7 +49,7 @@
       "sqlite3"
     ],
     "patchedDependencies": {
-      "@kubernetes/client-node": "patches/@kubernetes__client-node.patch"
+      "@kubernetes/client-node": "./patches/@kubernetes__client-node.patch"
     }
   },
   "scripts": {

images/operator/src/resources/homelab/authentik-server/authentik-server.ts

@@ -18,6 +18,7 @@ import { RepoService } from '#bootstrap/repos/repos.ts';
 import { DestinationRule } from '#resources/istio/destination-rule/destination-rule.ts';
 import { NotReadyError } from '#utils/errors.ts';
 import { ExternalHttpService } from '../external-http-service.ts/external-http-service.ts';
+import { HttpService } from '../http-service/http-service.ts';
 
 const specSchema = z.object({
   environment: z.string(),
@@ -44,6 +45,7 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
   #initSecret: Secret<InitSecretData>;
   #service: Service;
   #helmRelease: HelmRelease;
+  #httpService: HttpService;
   #externalHttpService: ExternalHttpService;
   #destinationRule: DestinationRule;
 
@@ -72,6 +74,8 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
     this.#destinationRule.on('changed', this.queueReconcile);
 
     this.#externalHttpService = resourceService.get(ExternalHttpService, this.name, this.namespace);
+
+    this.#httpService = resourceService.get(HttpService, this.name, this.namespace);
   }
 
   public get service() {
@@ -253,6 +257,22 @@ class AuthentikServer extends CustomResource<typeof specSchema> {
       },
     });
 
+    await this.#httpService.ensure({
+      metadata: {
+        ownerReferences: [this.ref],
+      },
+      spec: {
+        environment: this.spec.environment,
+        subdomain: this.spec.subdomain || 'authentik',
+        destination: {
+          host: this.#service.hostname,
+          port: {
+            number: 80,
+          },
+        },
+      },
+    });
+
     await this.#externalHttpService.ensure({
       metadata: {
         ownerReferences: [this.ref],

images/operator/src/resources/homelab/oidc-client/oidc-client.ts

@@ -79,7 +79,7 @@ class OIDCClient extends CustomResource<typeof specSchema> {
       clientId: this.name,
       configuration: new URL(`/application/o/${this.appName}/.well-known/openid-configuration`, url).toString(),
       configurationIssuer: new URL(`/application/o/${this.appName}/`, url).toString(),
-      authorization: new URL(`/application/o/${this.appName}/authorize/`, url).toString(),
+      authorization: new URL(`/application/o/authorize/`, url).toString(),
       token: new URL(`/application/o/${this.appName}/token/`, url).toString(),
       userinfo: new URL(`/application/o/${this.appName}/userinfo/`, url).toString(),
       endSession: new URL(`/application/o/${this.appName}/end-session/`, url).toString(),

images/operator/src/resources/homelab/postgres-cluster/postgres-cluster.ts

@@ -108,7 +108,7 @@ class PostgresCluster extends CustomResource<typeof specSchema> {
             containers: [
               {
                 name: this.name,
-                image: 'postgres:17',
+                image: 'pgvector/pgvector:pg17-trixie',
                 ports: [{ containerPort: 5432, name: 'postgres' }],
                 env: [
                   { name: 'POSTGRES_PASSWORD', valueFrom: { secretKeyRef: { name: secretName, key: 'password' } } },

renovate.json5

@@ -1,28 +1,35 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  $schema: 'https://docs.renovatebot.com/renovate-schema.json',
-  "extends": [
+  extends: [
-    "config:base"
+    'config:recommended',
   ],
-  "packageRules": [
+  packageRules: [
     {
-      "groupName": "Docker images",
+      groupName: 'Docker images',
-      "groupSlug": "dockerimages",
+      groupSlug: 'dockerimages',
-      "matchDatasources": ["docker"],
+      matchDatasources: [
-      "pinDigests": true
+        'docker',
-    }
-  ],
-  "helm-values": {
-    "fileMatch": ["^charts/.*/values\\.yaml$"]
-  },
-  "regexManagers": [
-    {
-      "fileMatch": ["^charts/.*/values\\.yaml$"],
-      "matchStrings": [
-        "repository:\s*'(?<depName>.*?)'\n\s*tag:\s*'(?<currentValue>.*?)'",
-        "repository:\s*\"(?<depName>.*?)\"\n\s*tag:\s*\"(?<currentValue>.*?)\"",
-        "repository:\s*(?<depName>.*?)\n\s*tag:\s*(?<currentValue>.*)"
       ],
-      "datasourceTemplate": "docker"
+      pinDigests: true,
-    }
+    },
-  ]
+  ],
+  'helm-values': {
+    managerFilePatterns: [
+      '/^charts/.*/values\\.yaml$/',
+    ],
+  },
+  customManagers: [
+    {
+      customType: 'regex',
+      managerFilePatterns: [
+        '/^charts/.*/values\\.yaml$/',
+      ],
+      matchStrings: [
+        "repository:s*'(?<depName>.*?)'\ns*tag:s*'(?<currentValue>.*?)'",
+        'repository:s*"(?<depName>.*?)"\ns*tag:s*"(?<currentValue>.*?)"',
+        'repository:s*(?<depName>.*?)\ns*tag:s*(?<currentValue>.*)',
+      ],
+      datasourceTemplate: 'docker',
+    },
+  ],
 }

skaffold.yaml

@@ -4,10 +4,9 @@ metadata:
   name: homelab-operator
 
 build:
-  cluster: {}
   artifacts:
-    - image: homelaboperator
+    - image: zot.olsen.cloud/homelaboperator
-      context: .
+      context: ./images/operator
       docker:
         dockerfile: Dockerfile
 
@@ -16,9 +15,10 @@ manifests:
     releases:
       - name: homelab-operator
         chartPath: charts/operator
+        namespace: homelab
         setValueTemplates:
-          image.repository: '{{.IMAGE_REPO_homelaboperator}}'
+          image.repository: "zot.local/homelaboperator"
-          image.tag: '{{.IMAGE_TAG_homelaboperator}}'
+          image.tag: "{{.IMAGE_TAG_zot_olsen_cloud_homelaboperator}}"
 
 deploy:
   # Use kubectl to apply the manifests.