From 8577c09b5beb5fbc2860140a47295dd52ebcdb6c Mon Sep 17 00:00:00 2001
From: Dreaded_X <tim@huizinga.dev>
Date: Wed, 23 Apr 2025 18:44:46 +0200
Subject: [PATCH] Added flux-webhook ingress

---
 .../flux-system/sops-overlay.yaml             |  4 ++++
 clusters/titan.lan.huizinga.dev/ingress.yaml  | 24 +++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 clusters/titan.lan.huizinga.dev/ingress.yaml

diff --git a/clusters/titan.lan.huizinga.dev/flux-system/sops-overlay.yaml b/clusters/titan.lan.huizinga.dev/flux-system/sops-overlay.yaml
index 27c0426..5f7ab94 100644
--- a/clusters/titan.lan.huizinga.dev/flux-system/sops-overlay.yaml
+++ b/clusters/titan.lan.huizinga.dev/flux-system/sops-overlay.yaml
@@ -10,3 +10,7 @@ spec:
     provider: sops
     secretRef:
       name: sops-gpg
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: domain-vars
diff --git a/clusters/titan.lan.huizinga.dev/ingress.yaml b/clusters/titan.lan.huizinga.dev/ingress.yaml
new file mode 100644
index 0000000..1e137ed
--- /dev/null
+++ b/clusters/titan.lan.huizinga.dev/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: flux-webhook
+  namespace: flux-system
+  annotations:
+    traefik.ingress.kubernetes.io/router.entryPoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: flux.staging-huizinga-dev-tls
+      http:
+        paths:
+          - backend:
+              service:
+                name: webhook-receiver
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+  tls:
+    - secretName: staging-huizinga-dev-tls