feat: disable oauth for sonarr api

denniseffing · denniseffing · commit 1a736b86bdc6 · 2026-02-10T20:28:09.000+01:00
API is secured by API key anyways.
diff --git a/kubernetes/main/apps/default/sonarr/app/helmrelease.yaml b/kubernetes/main/apps/default/sonarr/app/helmrelease.yaml
@@ -90,6 +90,18 @@ spec:
         parentRefs:
           - name: envoy-internal
             namespace: network
+      api:
+        hostnames:
+          - "sonarr.internal.denniseffing.de"
+        parentRefs:
+          - name: envoy-internal
+            namespace: network
+        rules:
+          - name: api
+            matches:
+              - path:
+                  type: PathPrefix
+                  value: /api
     persistence:
       config:
         existingClaim: sonarr-config
diff --git a/kubernetes/main/apps/default/sonarr/app/kustomization.yaml b/kubernetes/main/apps/default/sonarr/app/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
   - helmrelease.yaml
   - ocirepository.yaml
   - pvc.yaml
+  - securitypolicy.yaml
 configMapGenerator:
   - name: sonarr-configmap
     files:
diff --git a/kubernetes/main/apps/default/sonarr/app/securitypolicy.yaml b/kubernetes/main/apps/default/sonarr/app/securitypolicy.yaml
@@ -0,0 +1,9 @@
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: SecurityPolicy
+metadata:
+  name: sonarr-api-disable-auth
+spec:
+  targetRefs:
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      name: sonarr-api
