From 4f7477ee944f4d8f94d71639d12b7bef99c771e4 Mon Sep 17 00:00:00 2001
From: AB-UK <ab@hexor.cy>
Date: Wed, 18 Mar 2026 11:39:11 +0000
Subject: [PATCH] Fixed IDM outpust

---
 terraform/authentik/main.tf                | 55 +++++++++++++++++++++-
 terraform/authentik/proxy-apps.auto.tfvars |  2 +-
 2 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/terraform/authentik/main.tf b/terraform/authentik/main.tf
index 678db83..2b7fc5c 100644
--- a/terraform/authentik/main.tf
+++ b/terraform/authentik/main.tf
@@ -292,7 +292,60 @@ resource "authentik_outpost" "outposts" {
     authentik_host_browser         = ""
     object_naming_template         = "ak-outpost-%(name)s"
     authentik_host_insecure        = false
-    kubernetes_json_patches        = null
+    kubernetes_json_patches = {
+      deployment = [
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name  = "AUTHENTIK_POSTGRESQL__HOST"
+            value = "psql.psql.svc"
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name  = "AUTHENTIK_POSTGRESQL__PORT"
+            value = "5432"
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name  = "AUTHENTIK_POSTGRESQL__NAME"
+            value = "authentik"
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name = "AUTHENTIK_POSTGRESQL__USER"
+            valueFrom = {
+              secretKeyRef = {
+                name = "authentik-creds"
+                key  = "AUTHENTIK_POSTGRESQL__USER"
+              }
+            }
+          }
+        },
+        {
+          op   = "add"
+          path = "/spec/template/spec/containers/0/env/-"
+          value = {
+            name = "AUTHENTIK_POSTGRESQL__PASSWORD"
+            valueFrom = {
+              secretKeyRef = {
+                name = "authentik-creds"
+                key  = "AUTHENTIK_POSTGRESQL__PASSWORD"
+              }
+            }
+          }
+        }
+      ]
+    }
     kubernetes_service_type        = "ClusterIP"
     kubernetes_image_pull_secrets  = []
     kubernetes_ingress_class_name  = null
diff --git a/terraform/authentik/proxy-apps.auto.tfvars b/terraform/authentik/proxy-apps.auto.tfvars
index e155781..0d633ca 100644
--- a/terraform/authentik/proxy-apps.auto.tfvars
+++ b/terraform/authentik/proxy-apps.auto.tfvars
@@ -202,7 +202,7 @@ EOT
     meta_icon                    = "https://img.icons8.com/external-icongeek26-outline-icongeek26/64/external-llama-animal-head-icongeek26-outline-icongeek26.png"
     mode                         = "proxy"
     outpost                      = "kubernetes-outpost"
-    access_groups                = ["admins"]
+    intercept_header_auth        = true
     create_group                 = true
     access_groups                = ["admins"]
   }