Use variable susbtitution in manifests

apps/prod/authelia/forward-auth-middleware.yaml

@@ -6,7 +6,7 @@ metadata:
   namespace: auth
 spec:
   forwardAuth:
-    address: 'http://authelia.auth.svc.cluster.local/api/authz/forward-auth?authelia_url=https%3A%2F%2Fauth.example.com'
+    address: 'http://authelia.auth.svc.cluster.local/api/authz/forward-auth?authelia_url=https%3A%2F%2F${AUTHELIA_DOMAIN}'
     trustForwardHeader: true
     authResponseHeaders:
     - "Remote-User"

apps/prod/authelia/values.yaml

@@ -1,5 +1,5 @@
 # /apps/prod/authelia/values.yaml
-domain: 'example.com'
+domain: '${DOMAIN}'
 configMap:
   authentication_backend:
     file:
@@ -11,7 +11,7 @@ configMap:
       enabled: false
   access_control:
     rules:
-      - domain: '*.example.com'
+      - domain: '*.${DOMAIN}'
         policy: one_factor
   server:
     endpoints:
@@ -22,8 +22,8 @@ configMap:
     redis:
       enabled: false
     cookies:
-      - domain: 'example.com'
-        authelia_url: 'https://auth.example.com'
+      - domain: '${DOMAIN}'
+        authelia_url: 'https://${AUTHELIA_DOMAIN}'
         name: 'authelia_session'
   storage:
     local:
@@ -51,6 +51,6 @@ ingress:
   ingressClassName: "traefik"
   traefikCRD:
     enabled: true
-    matchOverride: Host(`auth.example.com`)
+    matchOverride: Host(`${AUTHELIA_DOMAIN}`)
     entryPoints:
       - "websecure"

apps/prod/gitea/ingress.yaml

@@ -8,7 +8,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`git.example.com`)
+  - match: Host(`${GITEA_DOMAIN}`)
     kind: Rule
     services:
     - name: gitea-http

apps/prod/gitea/values.yaml

@@ -24,7 +24,7 @@ image:
 gitea:
   admin:
     existingSecret: gitea-admin-secret
-    email: "admin@example.com"
+    email: "${GITEA_ADMIN_EMAIL}"
   config:
     actions:
       ENABLED: true
@@ -40,8 +40,8 @@ gitea:
       TYPE: channel
     server:
       BUILTIN_SSH_SERVER_USER: git
-      ROOT_URL: https://git.example.com
-      DOMAIN: git.example.com
+      ROOT_URL: https://${GITEA_DOMAIN}
+      DOMAIN: ${GITEA_DOMAIN}
       SSH_CREATE_AUTHORIZED_KEYS_FILE: false
       LANDING_PAGE: explore
     service:

apps/prod/k9s-web/ingress.yaml

@@ -7,7 +7,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`k9s.example.com`)
+  - match: Host(`${K9S_DOMAIN}`)
     kind: Rule
     middlewares:
     - name: "auth-authelia@kubernetescrd"

apps/prod/lemma/ingress.yaml

@@ -7,7 +7,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`lemma.example.com`)
+    - match: Host(`${LEMMA_DOMAIN}`)
       kind: Rule
       services:
         - name: lemma-http