diff --git a/workout-system/workout.yaml b/workout-system/workout.yaml index b9fe0c0..dc5fd6f 100644 --- a/workout-system/workout.yaml +++ b/workout-system/workout.yaml @@ -91,6 +91,10 @@ spec: app.kubernetes.io/instance: wger app.kubernetes.io/name: wger spec: + # Prevent k8s from injecting WGER_PORT / WGER_SERVICE_* env vars + # from the wger Service — they collide with wger's own $WGER_PORT + # config and break the startup script (URI instead of port number). + enableServiceLinks: false securityContext: fsGroup: 1000 containers: @@ -263,6 +267,7 @@ spec: app.kubernetes.io/instance: wger app.kubernetes.io/name: wger-celery-worker spec: + enableServiceLinks: false securityContext: fsGroup: 1000 containers: @@ -342,6 +347,7 @@ spec: app.kubernetes.io/instance: wger app.kubernetes.io/name: wger-celery-beat spec: + enableServiceLinks: false securityContext: fsGroup: 1000 containers: @@ -450,8 +456,8 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: "100m" # Authentik Forward Auth (domain mode) - same pattern as your other SSO apps # If you use an internal outpost service URL elsewhere, swap auth-url for it. - nginx.ingress.kubernetes.io/auth-url: "http://ak-outpost-workout-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - nginx.ingress.kubernetes.io/auth-signin: "https://workout.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri" + nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-kisfenyo-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx + nginx.ingress.kubernetes.io/auth-signin: https://kisfenyo-files.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri nginx.ingress.kubernetes.io/auth-response-headers: "Set-Cookie,X-Authentik-Username,X-Authentik-Email,X-Authentik-Name,X-Authentik-Groups,X-Authentik-Uid" nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host;