♻️ renove kyverno annotations

2025-09-17 18:24:14 +02:00 · 2023-11-30 22:17:46 +01:00
parent d4edfcea49
commit e8df666789
37 changed files with 129 additions and 118 deletions
--- a/archive/kubernetes/attic/apiserver/helmrelease.yaml
+++ b/archive/kubernetes/attic/apiserver/helmrelease.yaml
@@ -70,7 +70,7 @@ spec:
        enabled: true
        ingressClassName: nginx
        annotations:
-          # external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/enable: "false"
        hosts:
          - host: &host nix-cache.${SECRET_CLUSTER_DOMAIN}
--- a/kubernetes/apps/default/authelia/app/helmrelease.yaml
+++ b/kubernetes/apps/default/authelia/app/helmrelease.yaml
@@ -145,7 +145,7 @@ spec:
        enabled: true
        className: nginx
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          nginx.ingress.kubernetes.io/configuration-snippet: |
            add_header Cache-Control "no-store";
            add_header Pragma "no-cache";
--- a/kubernetes/apps/default/bazarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/bazarr/app/helmrelease.yaml
@@ -94,7 +94,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:subtitles-outline
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/calibre/app/helmrelease.yaml
+++ b/kubernetes/apps/default/calibre/app/helmrelease.yaml
@@ -63,7 +63,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:bookshelf
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/flood/app/helmrelease.yaml
+++ b/kubernetes/apps/default/flood/app/helmrelease.yaml
@@ -74,7 +74,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:download
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/frigate/app/helmrelease.yaml
+++ b/kubernetes/apps/default/frigate/app/helmrelease.yaml
@@ -103,7 +103,11 @@ spec:
      main:
        enabled: true
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:cctv
        className: nginx
        hosts:
--- a/kubernetes/apps/default/immich/app/server/helmrelease.yaml
+++ b/kubernetes/apps/default/immich/app/server/helmrelease.yaml
@@ -89,7 +89,7 @@ spec:
        enabled: true
        className: nginx
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/appName: Immich
          nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
          nginx.ingress.kubernetes.io/proxy-body-size: "0"
--- a/kubernetes/apps/default/invidious/app/helmrelease.yaml
+++ b/kubernetes/apps/default/invidious/app/helmrelease.yaml
@@ -61,8 +61,12 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
-          external-dns.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:youtube
          hajimari.io/name: invidious
        hosts:
--- a/kubernetes/apps/default/joplin/app/helmrelease.yaml
+++ b/kubernetes/apps/default/joplin/app/helmrelease.yaml
@@ -71,7 +71,7 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:text
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/kresus/app/helmrelease.yaml
+++ b/kubernetes/apps/default/kresus/app/helmrelease.yaml
@@ -90,7 +90,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:cash
        hosts:
          - host: &host "cash.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/kubernetes-schemas/app/helmrelease.yaml
+++ b/kubernetes/apps/default/kubernetes-schemas/app/helmrelease.yaml
@@ -51,7 +51,7 @@ spec:
        enabled: true
        className: nginx
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/enable: "false"
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/libmedium/app/helmrelease.yaml
+++ b/kubernetes/apps/default/libmedium/app/helmrelease.yaml
@@ -51,8 +51,12 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
-          external-dns.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:file-document-arrow-right-outline
        hosts:
          - host: &host "libmedium.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/libreddit/app/helmrelease.yaml
+++ b/kubernetes/apps/default/libreddit/app/helmrelease.yaml
@@ -64,8 +64,12 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
-          external-dns.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:web
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/lidarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/lidarr/app/helmrelease.yaml
@@ -78,7 +78,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:headphones
        hosts:
          - host: *host
--- a/kubernetes/apps/default/lychee/app/helmrelease.yaml
+++ b/kubernetes/apps/default/lychee/app/helmrelease.yaml
@@ -77,7 +77,7 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:camera
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/media-browser/app/helmrelease.yaml
+++ b/kubernetes/apps/default/media-browser/app/helmrelease.yaml
@@ -82,7 +82,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:folder-play-outline
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/navidrome/app/helmrelease.yaml
+++ b/kubernetes/apps/default/navidrome/app/helmrelease.yaml
@@ -79,8 +79,12 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
-          external-dns.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:music
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/paperless/app/helmrelease.yaml
+++ b/kubernetes/apps/default/paperless/app/helmrelease.yaml
@@ -80,7 +80,7 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:barcode-scan
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml
@@ -69,7 +69,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:movie-search
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/pyload/app/helmrelease.yaml
+++ b/kubernetes/apps/default/pyload/app/helmrelease.yaml
@@ -81,7 +81,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:download
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/radarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml
@@ -80,7 +80,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:filmstrip
        hosts:
          - host: *host
--- a/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
+++ b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
@@ -99,7 +99,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:download
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/sharry/app/helmrelease.yaml
+++ b/kubernetes/apps/default/sharry/app/helmrelease.yaml
@@ -63,7 +63,7 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          nginx.ingress.kubernetes.io/proxy-body-size: "0"
          hajimari.io/icon: mdi:account-arrow-up
        hosts:
--- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml
+++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml
@@ -96,7 +96,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:television-classic
        hosts:
          - host: *host
--- a/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml
+++ b/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml
@@ -86,7 +86,7 @@ spec:
        enabled: true
        className: "nginx"
        anotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:lock
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/vikunja/app/helmrelease.yaml
+++ b/kubernetes/apps/default/vikunja/app/helmrelease.yaml
@@ -84,7 +84,7 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:format-list-checks
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/wallabag/app/helmrelease.yaml
+++ b/kubernetes/apps/default/wallabag/app/helmrelease.yaml
@@ -99,7 +99,7 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:newspaper-variant
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/whoogle/app/helmrelease.yaml
+++ b/kubernetes/apps/default/whoogle/app/helmrelease.yaml
@@ -67,8 +67,12 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
-          external-dns.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:google
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml
+++ b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml
@@ -107,7 +107,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:zigbee
        hosts:
          - host: &host "zigbee.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml
+++ b/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml
@@ -88,7 +88,11 @@ spec:
        enabled: true
        className: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/icon: mdi:z-wave
        hosts:
          - host: &host "zwave.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml
+++ b/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml
@@ -5,7 +5,7 @@ metadata:
  name: webhook-receiver
  namespace: flux-system
  annotations:
-    external-dns.home.arpa/enabled: "true"
+    external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
    hajimari.io/enable: "false"
 spec:
  ingressClassName: "nginx"
--- a/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml
@@ -100,7 +100,7 @@ spec:
        enabled: true
        className: nginx
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
          hajimari.io/icon: mdi:list-status
        hosts:
          - host: &host "status.${SECRET_CLUSTER_DOMAIN}"
--- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
@@ -117,7 +117,11 @@ spec:
        pathType: Prefix
        ingressClassName: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/appName: "Prometheus"
          hajimari.io/icon: simple-icons:prometheus
        hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
@@ -261,7 +265,11 @@ spec:
        pathType: Prefix
        ingressClassName: "nginx"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/appName: "Alert Manager"
          hajimari.io/icon: mdi:alert-decagram-outline
        hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
--- a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
+++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
@@ -53,7 +53,11 @@ spec:
        enabled: true
        hostname: &host "thanos-query.${SECRET_CLUSTER_DOMAIN}"
        annotations:
-          auth.home.arpa/enabled: "true"
+          nginx.ingress.kubernetes.io/auth-method: GET
+          nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
+          nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+          nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
+          nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
          hajimari.io/enable: "false"
        ingressClassName: "nginx"
        tls: true
--- a/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml
+++ b/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml
@@ -1,76 +0,0 @@
---
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: ingress-auth-annotations
-  annotations:
-    policies.kyverno.io/title: Ingress Auth Annotations
-    policies.kyverno.io/subject: Ingress
-    policies.kyverno.io/description: >-
-      This policy creates auth annotations on ingresses. When
-      the `auth.home.arpa/enabled` annotation is `true` it
-      applies the nginx auth annotations for use with Authelia.
-spec:
-  mutateExistingOnPolicyUpdate: true
-  generateExistingOnPolicyUpdate: true
-  rules:
-    - name: auth
-      match:
-        any:
-          - resources:
-              kinds: ["Ingress"]
-              annotations:
-                auth.home.arpa/enabled: "true"
-      mutate:
-        targets:
-          - apiVersion: networking.k8s.io/v1
-            kind: Ingress
-            name: "{{request.object.metadata.name}}"
-            namespace: "{{ request.object.metadata.namespace }}"
-        patchStrategicMerge:
-          metadata:
-            annotations:
-              +(nginx.ingress.kubernetes.io/auth-method): GET
-              +(nginx.ingress.kubernetes.io/auth-url): |-
-                http://authelia.default.svc.cluster.local.:8888/api/verify
-              +(nginx.ingress.kubernetes.io/auth-signin): |-
-                https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
-              +(nginx.ingress.kubernetes.io/auth-response-headers): |-
-                Remote-User,Remote-Name,Remote-Groups,Remote-Email
-              +(nginx.ingress.kubernetes.io/auth-snippet): |
-                proxy_set_header X-Forwarded-Method $request_method;
---
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: ingress-external-dns-annotations
-  annotations:
-    policies.kyverno.io/title: Ingress External-DNS Annotations
-    policies.kyverno.io/subject: Ingress
-    policies.kyverno.io/description: >-
-      This policy creates external-dns annotations on ingresses.
-      When the `external-dns.home.arpa/enabled` annotation is `true`
-      it applies the external-dns annotations for use with external
-      application access.
-spec:
-  mutateExistingOnPolicyUpdate: true
-  generateExistingOnPolicyUpdate: true
-  rules:
-    - name: external-dns
-      match:
-        any:
-          - resources:
-              kinds: ["Ingress"]
-              annotations:
-                external-dns.home.arpa/enabled: "true"
-      mutate:
-        targets:
-          - apiVersion: networking.k8s.io/v1
-            kind: Ingress
-            name: "{{request.object.metadata.name}}"
-            namespace: "{{ request.object.metadata.namespace }}"
-        patchStrategicMerge:
-          metadata:
-            annotations:
-              +(external-dns.alpha.kubernetes.io/target): |-
-                services.${SECRET_DOMAIN}.
--- a/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml
+++ b/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml
@@ -6,4 +6,3 @@ namespace: networking
 resources:
  - ./dashboard
  - ./helmrelease.yaml
-  - ./clusterpolicy.yaml
--- a/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml
+++ b/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml
@@ -50,7 +50,7 @@ spec:
        enabled: true
        className: nginx
        annotations:
-          external-dns.home.arpa/enabled: "true"
+          external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
        hosts:
          - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
            paths: