apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization transformers: - |- apiVersion: builtin kind: NamespaceTransformer metadata: name: notImportantHere namespace: auth unsetOnly: true namePrefix: authentik- resources: - ../../../kustomize/helmchart patches: - path: patches/chart.yaml target: kind: HelmChart name: chart # - path: patches/httproute.yaml # target: # kind: HTTPRoute labels: - includeSelectors: true pairs: app.kubernetes.io/appName: authentik - pairs: app.kubernetes.io/appNamespace: auth - pairs: app.kubernetes.io/chartServiceName: authentik-chart-server - pairs: app.kubernetes.io/routePrefix: auth replacements: # Update secrets - source: kind: HelmChart name: chart fieldPath: metadata.labels.[app.kubernetes.io/appName] targets: - select: kind: InfisicalSecret options: create: true delimiter: "-" index: 0 fieldPaths: - spec.managedSecretReference.secretName - select: kind: InfisicalSecret options: create: true delimiter: "/" index: 2 fieldPaths: - spec.authentication.universalAuth.secretsScope.secretsPath - source: kind: HelmChart name: chart fieldPath: metadata.labels.[app.kubernetes.io/appNamespace] targets: - select: kind: InfisicalSecret options: create: true delimiter: "/" index: 1 fieldPaths: - spec.authentication.universalAuth.secretsScope.secretsPath - select: kind: InfisicalSecret fieldPaths: - spec.managedSecretReference.secretNamespace # HTTPRoute - source: kind: HelmChart name: chart fieldPath: metadata.labels.[app.kubernetes.io/appName] targets: - select: kind: HTTPRoute options: create: true delimiter: "." index: 0 fieldPaths: - spec.hostnames.0 - source: kind: HelmChart name: chart fieldPath: metadata.labels.[app.kubernetes.io/chartServiceName] targets: - select: kind: HTTPRoute fieldPaths: - spec.rules.0.backendRefs.0.name - source: kind: HTTPRoute name: http fieldPath: metadata.labels.[app.kubernetes.io/routePrefix] targets: - select: kind: HTTPRoute options: create: true delimiter: "." index: 0 fieldPaths: - spec.hostnames.0