From f0c579413862a630f8ae198ddeb9f566e15b41b0 Mon Sep 17 00:00:00 2001 From: LordMathis Date: Thu, 19 Sep 2024 21:07:35 +0200 Subject: [PATCH] Add authelia --- .../base/authelia/kustomization.yaml | 8 ++++ infrastructure/base/authelia/namespace.yaml | 4 ++ infrastructure/base/authelia/release.yaml | 16 ++++++++ infrastructure/base/authelia/repository.yaml | 8 ++++ infrastructure/base/cert-manager/release.yaml | 2 +- .../authelia/forward-auth-middleware.yaml | 14 +++++++ infrastructure/prod/authelia/ingress.yaml | 14 +++++++ .../prod/authelia/kustomization.yaml | 17 ++++++++ infrastructure/prod/authelia/release.yaml | 19 +++++++++ infrastructure/prod/authelia/values.yaml | 40 +++++++++++++++++++ 10 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 infrastructure/base/authelia/kustomization.yaml create mode 100644 infrastructure/base/authelia/namespace.yaml create mode 100644 infrastructure/base/authelia/release.yaml create mode 100644 infrastructure/base/authelia/repository.yaml create mode 100644 infrastructure/prod/authelia/forward-auth-middleware.yaml create mode 100644 infrastructure/prod/authelia/ingress.yaml create mode 100644 infrastructure/prod/authelia/kustomization.yaml create mode 100644 infrastructure/prod/authelia/release.yaml create mode 100644 infrastructure/prod/authelia/values.yaml diff --git a/infrastructure/base/authelia/kustomization.yaml b/infrastructure/base/authelia/kustomization.yaml new file mode 100644 index 0000000..ec017fd --- /dev/null +++ b/infrastructure/base/authelia/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: auth + +resources: +- namespace.yaml +- repository.yaml +- release.yaml diff --git a/infrastructure/base/authelia/namespace.yaml b/infrastructure/base/authelia/namespace.yaml new file mode 100644 index 0000000..6b34cab --- /dev/null +++ b/infrastructure/base/authelia/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: auth diff --git a/infrastructure/base/authelia/release.yaml b/infrastructure/base/authelia/release.yaml new file mode 100644 index 0000000..b6fdecf --- /dev/null +++ b/infrastructure/base/authelia/release.yaml @@ -0,0 +1,16 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: authelia + namespace: auth +spec: + interval: 12h + chart: + spec: + chart: authelia + version: 0.8.58 + sourceRef: + kind: HelmRepository + name: authelia + namespace: auth + interval: 12h \ No newline at end of file diff --git a/infrastructure/base/authelia/repository.yaml b/infrastructure/base/authelia/repository.yaml new file mode 100644 index 0000000..04dcdc1 --- /dev/null +++ b/infrastructure/base/authelia/repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: authelia + namespace: auth +spec: + interval: 24h + url: https://charts.authelia.com diff --git a/infrastructure/base/cert-manager/release.yaml b/infrastructure/base/cert-manager/release.yaml index c571dc5..ab5bf52 100644 --- a/infrastructure/base/cert-manager/release.yaml +++ b/infrastructure/base/cert-manager/release.yaml @@ -4,7 +4,7 @@ metadata: name: cert-manager namespace: cert-manager spec: - interval: 30m + interval: 12h chart: spec: chart: cert-manager diff --git a/infrastructure/prod/authelia/forward-auth-middleware.yaml b/infrastructure/prod/authelia/forward-auth-middleware.yaml new file mode 100644 index 0000000..64a5796 --- /dev/null +++ b/infrastructure/prod/authelia/forward-auth-middleware.yaml @@ -0,0 +1,14 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: authelia + namespace: auth +spec: + forwardAuth: + address: 'http://authelia.auth.svc.cluster.local/api/verify?rd=https://auth.namesny.com' + trustForwardHeader: true + authResponseHeaders: + - "Remote-User" + - "Remote-Groups" + - "Remote-Email" + - "Remote-Name" diff --git a/infrastructure/prod/authelia/ingress.yaml b/infrastructure/prod/authelia/ingress.yaml new file mode 100644 index 0000000..fe87728 --- /dev/null +++ b/infrastructure/prod/authelia/ingress.yaml @@ -0,0 +1,14 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: authelia-ingress + namespace: auth +spec: + entryPoints: + - websecure + routes: + - match: Host(`auth.namesny.com`) + kind: Rule + services: + - name: authelia + port: 80 diff --git a/infrastructure/prod/authelia/kustomization.yaml b/infrastructure/prod/authelia/kustomization.yaml new file mode 100644 index 0000000..51820cb --- /dev/null +++ b/infrastructure/prod/authelia/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: auth + +resources: + - release.yaml + - ingress.yaml + - forward-auth-middleware.yaml + +configMapGenerator: + - name: authelia-prod-values + namespace: auth + files: + - values.yaml + +patchesStrategicMerge: + - release.yaml \ No newline at end of file diff --git a/infrastructure/prod/authelia/release.yaml b/infrastructure/prod/authelia/release.yaml new file mode 100644 index 0000000..72b5a3f --- /dev/null +++ b/infrastructure/prod/authelia/release.yaml @@ -0,0 +1,19 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: authelia + namespace: auth +spec: + interval: 12h + chart: + spec: + chart: authelia + version: 0.8.58 + sourceRef: + kind: HelmRepository + name: authelia + namespace: auth + interval: 12h + valuesFrom: + - kind: ConfigMap + name: authelia-prod-values \ No newline at end of file diff --git a/infrastructure/prod/authelia/values.yaml b/infrastructure/prod/authelia/values.yaml new file mode 100644 index 0000000..47ca455 --- /dev/null +++ b/infrastructure/prod/authelia/values.yaml @@ -0,0 +1,40 @@ +domain: 'namesny.com' +configMap: + authentication_backend: + file: + enabled: true + path: /users/users_database.yaml + password: + algorithm: argon2 + argon2: + variant: argon2id + memory: 65536 + ldap: + enabled: false + access_control: + rules: + - domain: '*.namesny.com' + policy: one_factor + session: + redis: + enabled: false + storage: + local: + enabled: true + path: /config/db.sqlite3 + postgres: + enabled: false + notifier: + smtp: + enabled: false + filesystem: + enabled: true + +pod: + extraVolumeMounts: + - name: authelia-users-vol + mountPath: /users + extraVolumes: + - name: authelia-users-vol + secret: + secretName: authelia-users-secret