Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Moved authelia ACL rules to seperate ConfigMaps

Browse Source
This commit is contained in:
Dreaded_X 2025-03-01 06:14:47 +01:00
parent c7229f1112
commit 4ae76d668e
Signed by: Dreaded_X
GPG Key ID: FA5F485356B0D2D4
8 changed files with 39 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/grafana/config-map-authelia-acl.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: authelia-acl
annotations:
config.huizinga.dev/fragment: authelia-acl
data:
rules: |
- domain: grafana.${domain}
policy: one_factor

1
apps/grafana/kustomization.yaml
View File

@ -6,6 +6,7 @@ resources:
- ./repository.yaml - ./repository.yaml
- ./release.yaml - ./release.yaml
- ./lldap.yaml - ./lldap.yaml
- ./config-map-authelia-acl.yaml
- ../../common/postgres - ../../common/postgres
- ../../common/dragonflydb - ../../common/dragonflydb

11
infra/authelia/secret-authelia-acl.yaml
View File

@ -4,11 +4,6 @@ metadata:
name: authelia-acl name: authelia-acl
stringData: stringData:
rules: | rules: |
- domain: traefik.${domain} # Deny by default, mainly a placeholder to allow patching in other rules
policy: one_factor - domain: "*"
subject: "group:lldap_admin" policy: deny
- domain: ceph.${domain}
policy: one_factor
subject: "group:lldap_admin"
- domain: grafana.${domain}
policy: one_factor

2
infra/kyverno-policies/generate-authelia-acl.yaml
View File

@ -45,7 +45,7 @@ spec:
kinds: kinds:
- ConfigMap - ConfigMap
annotations: annotations:
config.huizinga.dev/generate: authelia-acl config.huizinga.dev/fragment: authelia-acl
context: context:
- name: rules - name: rules
apiCall: apiCall:

11
infra/rook-ceph/config-map-authelia-acl.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: authelia-acl
annotations:
config.huizinga.dev/fragment: authelia-acl
data:
rules: |
- domain: ceph.${domain}
policy: one_factor
subject: "group:lldap_admin"

1
infra/rook-ceph/kustomization.yaml
View File

@ -5,3 +5,4 @@ resources:
- ./namespace.yaml - ./namespace.yaml
- ./helm-repository.yaml - ./helm-repository.yaml
- ./helm-release.yaml - ./helm-release.yaml
- ./config-map-authelia-acl.yaml

11
infra/traefik/config-map-authelia-acl.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: authelia-acl
annotations:
config.huizinga.dev/fragment: authelia-acl
data:
rules: |
- domain: traefik.${domain}
policy: one_factor
subject: "group:lldap_admin"

1
infra/traefik/kustomization.yaml
View File

@ -5,3 +5,4 @@ resources:
- ./namespace.yaml - ./namespace.yaml
- ./helm-repository.yaml - ./helm-repository.yaml
- ./helm-release.yaml - ./helm-release.yaml
- ./config-map-authelia-acl.yaml