mirror of
https://github.com/lordmathis/dev-cluster.git
synced 2025-12-23 00:54:26 +00:00
Add authelia
This commit is contained in:
14
infrastructure/prod/authelia/forward-auth-middleware.yaml
Normal file
14
infrastructure/prod/authelia/forward-auth-middleware.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: authelia
|
||||
namespace: auth
|
||||
spec:
|
||||
forwardAuth:
|
||||
address: 'http://authelia.auth.svc.cluster.local/api/verify?rd=https://auth.namesny.com'
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- "Remote-User"
|
||||
- "Remote-Groups"
|
||||
- "Remote-Email"
|
||||
- "Remote-Name"
|
||||
14
infrastructure/prod/authelia/ingress.yaml
Normal file
14
infrastructure/prod/authelia/ingress.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: authelia-ingress
|
||||
namespace: auth
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`auth.namesny.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: authelia
|
||||
port: 80
|
||||
17
infrastructure/prod/authelia/kustomization.yaml
Normal file
17
infrastructure/prod/authelia/kustomization.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: auth
|
||||
|
||||
resources:
|
||||
- release.yaml
|
||||
- ingress.yaml
|
||||
- forward-auth-middleware.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: authelia-prod-values
|
||||
namespace: auth
|
||||
files:
|
||||
- values.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- release.yaml
|
||||
19
infrastructure/prod/authelia/release.yaml
Normal file
19
infrastructure/prod/authelia/release.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2beta1
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: authelia
|
||||
namespace: auth
|
||||
spec:
|
||||
interval: 12h
|
||||
chart:
|
||||
spec:
|
||||
chart: authelia
|
||||
version: 0.8.58
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: authelia
|
||||
namespace: auth
|
||||
interval: 12h
|
||||
valuesFrom:
|
||||
- kind: ConfigMap
|
||||
name: authelia-prod-values
|
||||
40
infrastructure/prod/authelia/values.yaml
Normal file
40
infrastructure/prod/authelia/values.yaml
Normal file
@@ -0,0 +1,40 @@
|
||||
domain: 'namesny.com'
|
||||
configMap:
|
||||
authentication_backend:
|
||||
file:
|
||||
enabled: true
|
||||
path: /users/users_database.yaml
|
||||
password:
|
||||
algorithm: argon2
|
||||
argon2:
|
||||
variant: argon2id
|
||||
memory: 65536
|
||||
ldap:
|
||||
enabled: false
|
||||
access_control:
|
||||
rules:
|
||||
- domain: '*.namesny.com'
|
||||
policy: one_factor
|
||||
session:
|
||||
redis:
|
||||
enabled: false
|
||||
storage:
|
||||
local:
|
||||
enabled: true
|
||||
path: /config/db.sqlite3
|
||||
postgres:
|
||||
enabled: false
|
||||
notifier:
|
||||
smtp:
|
||||
enabled: false
|
||||
filesystem:
|
||||
enabled: true
|
||||
|
||||
pod:
|
||||
extraVolumeMounts:
|
||||
- name: authelia-users-vol
|
||||
mountPath: /users
|
||||
extraVolumes:
|
||||
- name: authelia-users-vol
|
||||
secret:
|
||||
secretName: authelia-users-secret
|
||||
Reference in New Issue
Block a user