diff --git a/whoogle/templates/ingress.yaml b/whoogle/templates/ingress.yaml
index e826997..160c541 100644
--- a/whoogle/templates/ingress.yaml
+++ b/whoogle/templates/ingress.yaml
@@ -6,6 +6,14 @@ metadata:
     kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/proxy-body-size: "0"
     cert-manager.io/cluster-issuer: letsencrypt-production 
+    nginx.ingress.kubernetes.io/auth-url: |-
+        http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
+    nginx.ingress.kubernetes.io/auth-signin: |-
+        https://whoogle.durp.info/outpost.goauthentik.io/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-response-headers: |-
+        Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+    nginx.ingress.kubernetes.io/auth-snippet: |
+        proxy_set_header X-Forwarded-Host $http_host;
 spec:
   rules:     
   - host: whoogle.durp.info
@@ -18,7 +26,24 @@ spec:
             name: whoogle
             port: 
               number: 5000                                
+      - path: /outpost.goauthentik.io
+        pathType: Prefix
+        backend:
+          service:
+            name: ak-outpost-authentik-embedded-outpost
+            port: 
+              number: 9000
   tls:
     - hosts: 
       - whoogle.durp.info
-      secretName: whoogle-tls
\ No newline at end of file
+      secretName: whoogle-tls
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: ak-outpost-authentik-embedded-outpost
+spec:
+  type: ExternalName
+  externalName: ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local