From e71156bcec5ad5e4fcd27b80d9d7c404dae51a45 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 22 Jun 2024 19:38:54 -0500
Subject: [PATCH] authelia: Mount dch-root-ca

The LDAP servers now use certificates signed by _DCH CA R2_, so the
_DCH Root CA R2_ CA needs to be trusted in order to communicate with
them.
---
 authelia/kustomization.yaml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/authelia/kustomization.yaml b/authelia/kustomization.yaml
index 0437bf4..9040453 100644
--- a/authelia/kustomization.yaml
+++ b/authelia/kustomization.yaml
@@ -1,11 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
+namespace: authelia
+
 labels:
 - pairs:
     app.kubernetes.io/instance: authelia
 
 resources:
+- ../dch-root-ca
 - secrets.yaml
 - redis.yaml
 - authelia.yaml
@@ -37,8 +40,12 @@ patches:
             - name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
               value: /run/authelia/secrets/postgresql/password
             volumeMounts:
-            - mountPath: /run/authelia/certs
+            - mountPath: /run/authelia/certs/postgresql-ca.crt
               name: postgresql-ca
+              subPath: postgresql-ca.crt
+            - mountPath: /run/authelia/certs/dch-root-ca.crt
+              name: dch-root-ca
+              subPath: dch-root-ca.crt
             - mountPath: /run/authelia/secrets/postgresql
               name: postgresql-auth
           volumes:
@@ -48,3 +55,6 @@ patches:
           - name: postgresql-ca
             configMap:
               name: postgresql-ca
+          - name: dch-root-ca
+            configMap:
+              name: dch-root-ca