Reorganized authelia and split values into seperate file
This commit is contained in:
17
infra/authelia/helm-release.yaml
Normal file
17
infra/authelia/helm-release.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: authelia
|
||||
spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: authelia
|
||||
reconcileStrategy: ChartVersion
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: authelia
|
||||
version: 0.9.16
|
||||
interval: 15m
|
||||
valuesFrom:
|
||||
- kind: ConfigMap
|
||||
name: authelia-values
|
||||
7
infra/authelia/helm-repository.yaml
Normal file
7
infra/authelia/helm-repository.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: authelia
|
||||
spec:
|
||||
interval: 15m
|
||||
url: https://charts.authelia.com
|
||||
18
infra/authelia/kustomization.yaml
Normal file
18
infra/authelia/kustomization.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: authelia
|
||||
resources:
|
||||
- ./namespace.yaml
|
||||
- ./helm-repository.yaml
|
||||
- ./helm-release.yaml
|
||||
- ./secret-authelia-lldap.yaml
|
||||
- ../../common/postgres
|
||||
- ../../common/dragonflydb
|
||||
|
||||
configurations:
|
||||
- ../../common/name-reference/helm-release.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: authelia-values
|
||||
files:
|
||||
- ./values.yaml
|
||||
4
infra/authelia/namespace.yaml
Normal file
4
infra/authelia/namespace.yaml
Normal file
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: authelia
|
||||
60
infra/authelia/secret-authelia-lldap.yaml
Normal file
60
infra/authelia/secret-authelia-lldap.yaml
Normal file
@@ -0,0 +1,60 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: authelia-lldap
|
||||
type: Opaque
|
||||
stringData:
|
||||
password: ENC[AES256_GCM,data:t9dCqqJrS0mhJMBXLKTKUgbOpwI3LGN134OlGmIaOsZg1bzWSV4sU0YAQMU=,iv:Bp2hO34VNtqy+7ZnWtqvmUNe2GKUh7KPZmRgXzyFqqA=,tag:qJ8iV6OyuNlVmnrPs13LNg==,type:str]
|
||||
user-configs.json: ENC[AES256_GCM,data:7bhp9uWOM1NcfJ8DnnUdYCIFMZeCvmGr8S5gJPzw0kzXfXQfRbI2xfq4X5GdAbOCn9HHM1F+xJLaF6tno1ZmH26NN7FkXUZQCtqK9+yZgjHY8MZYsUZHdZlV40BcaYSCk7qtefGsCrITN2X/DAjrmedNeh0CF9rdov3ZKsi8nSGWGUeLpKcouhOpvbfLRSoEEfYUyUF1r5GscTuunh9uZ8DtoCJvBf8iyQ==,iv:3YuaXKKIHUgzWL07yItqR6rgI+YXbaoTVc4xdiZ/hWU=,tag:hyObOlrQVXgRHgDxcV/R0g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-11-22T04:09:11Z"
|
||||
mac: ENC[AES256_GCM,data:3o1AYP26QEIMjCUZ4y6AH+CXevoJoJ+rX3ioMLRf8KAGy0mSOtacaSY9xRdDIjATu9aJgHmFbSw9CHTBpXxmaISZxQdMPMHQAmRxHnSuQiofPRkVtD1TlvCFcDTSgITWbvG3dpUoLdM57Mgd3z7KpI/+gEoDebYfryDaYXCoH3c=,iv:1C8QMJCJtvnGVPpLJE+l0U3hOknEC3XiWTQrPAQsHKc=,tag:fn+cMj1NImJSvNiuyzX5pQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-11-22T04:09:11Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA7pKPTYH5bqOAQ/+MgqnLWwHCWPxacANbHEEYsPENOyIywmYJnSnRqRLWhAn
|
||||
9K0/udCxwO30rnvo+p6/YLF2VSqFfz7pUm/z+MH6ypyY1B83HjCkjsaTQhPR5Q0K
|
||||
CmhTR7TrQBNfa/flawhebWOjvmUJ9lJ9uqCnAB16S03Sn+PqDYlGTE6CMJ0oJuSr
|
||||
VpxdvdvFZ1gfR7hlVrsKqvn47T3XIYDJohp9l819nQ1O2adTPfevZEN/JLwaWSLT
|
||||
YtwJyg+6ogKD3q6UBv7hyyXH9ZlMHFxGWxmo1OXAA3E/vMvOacgmFW6pqoGMqwGU
|
||||
D9Ch2x1MBobD342ZPPmsQNiI+34Q5cl+hVJJgL5jWk2kML67itM8pMUTyn+5NtWO
|
||||
wWo6zu5q5IfqREwuerZtisocctrLB9QKPVGcjVihWfoenvlkf4yfCRDFzOPSAb0o
|
||||
e2K+3fZknZlnb3Qb/rgD7XRiBhcif1zIHZxUQDv/Lq9GyuCM7dk8YKUVCtyeixQ4
|
||||
C+WFmp9ED8xzv1jR9lPcQhD+I2Cb7/9jlTXEetFHSzl4riYpKPjhKQedUWZ0YY1A
|
||||
u0ORTBaLzcmrXTjGz24PxmWZDBjhV4Kgvn76rchqLrS8lvi1EbXoZB6ERhuhlz5Y
|
||||
bm1FwUBxDRG04gFCPwWKV0AvMmhd+hOdyo4KeQbZCO+w3QqXnp/y6b3TtpEeQnPU
|
||||
aAEJAhCMqxSAESN99AcEtW56mJsZmRCCi3NsRLwllDczeDfUznF2CSTCnJRDmjsU
|
||||
bLf8jVjawLxfRnKmRyKX/cCYbuz9OmIFkOAWoSNVb/teiMrYYFq96kRDLHR1Llxr
|
||||
EuX0poghRPqU
|
||||
=tI6a
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E
|
||||
- created_at: "2024-11-22T04:09:11Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA51kG++kLewoARAA15aOcSEfAIpEXXhmF4YToynn1NM9OsANHc3PR2uVzAPv
|
||||
C4Wi8R1PNhGdV3aTuRN5WpSjkJEE3GNR0kA0Etao7Ip0d1UgXzg1wtwEd1Yyvtdh
|
||||
ccK2/z0a4UJu8SMczChT1P18IASNksaxSAm+TOLFGcZeJFwQepsBaQIEfXYO3+hR
|
||||
Jw+zcPmFaOzKoqdbAAWzvYhLxD2ocjZl7iiIOhz8fBSqWLO2oeJRp5Lk8Q14olTZ
|
||||
708BQ+aLlsVJyLkiV7SzlKfEDIymMDZSe7Q3i4JqOFOyHRIkIM5ZPOLoelqRNcY2
|
||||
zQphsk1U/MFp7LsR/d+5IKWBkqV5DYJWFunw+NRFHLg1/6+zmGnGbZ2gZfohvnKV
|
||||
5GUrYfWCBACIclpxY7PlVQ7d/aTDf3jdR0iVV3Jh+8Lvze1msPvI+BF67oDNMsTu
|
||||
EIbRa6eHzxgSqrq3Za5eeUXd9Gxfg2g4KdkbG+FA9qQI6f5Y1q0tE9cFfOElTiBk
|
||||
xTAckrBMHOMGozvx4/6xXHMmAxd80tX0ZjVyBsPBeb64oZGlsGuRngWT1Ob9gF4Q
|
||||
sDfyd74kpQ9fHhIYs9XSLrPbH6yzVIFF/sHpMGgri43PCMW6vvnfP4JQgdMNdXRw
|
||||
U+RWDxA6BOkP7XvNfGADiumeSGQ+PE/KP0TuUqMD7gr9X/VGH+/1e6zbI1iruhPS
|
||||
XgFoSamAXKfYrYz94J9u0vA8D8ne9EKa8Ls6ybicyyZlGLri/qnoHNJAVhLWKdId
|
||||
h68ksrI5l25Z1MkAcKVR1xlHUnRCwb2Xdbag0vV07So00wxAl1XNhtPeuQrykk0=
|
||||
=V4Gd
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 49F10679C425233EFB4B1B6F9D641BEFA42DEC28
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.9.0
|
||||
76
infra/authelia/values.yaml
Normal file
76
infra/authelia/values.yaml
Normal file
@@ -0,0 +1,76 @@
|
||||
pod:
|
||||
kind: Deployment
|
||||
replicas: 2
|
||||
ingress:
|
||||
enabled: true
|
||||
tls:
|
||||
enabled: true
|
||||
secret: ${domain//./-}-tls
|
||||
traefikCRD:
|
||||
enabled: true
|
||||
entryPoints:
|
||||
- websecure
|
||||
|
||||
secret:
|
||||
additionalSecrets:
|
||||
postgres-app:
|
||||
key: postgres-app
|
||||
authelia-lldap:
|
||||
key: authelia-lldap
|
||||
|
||||
configMap:
|
||||
authentication_backend:
|
||||
ldap:
|
||||
enabled: true
|
||||
implementation: lldap
|
||||
address: ldap://lldap.lldap.svc.cluster.local:3890
|
||||
base_dn: dc=huizinga,dc=dev
|
||||
additional_users_dn: ou=people
|
||||
users_filter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))"
|
||||
additional_groups_dn: ou=groups
|
||||
groups_filter: "(member={dn})"
|
||||
attributes:
|
||||
display_name: displayName
|
||||
username: uid
|
||||
group_name: cn
|
||||
mail: mail
|
||||
user: uid=authelia,ou=people,dc=huizinga,dc=dev
|
||||
password:
|
||||
secret_name: authelia-lldap
|
||||
path: password
|
||||
|
||||
session:
|
||||
cookies:
|
||||
- subdomain: login${subdomain}
|
||||
domain: ${topdomain}
|
||||
redis:
|
||||
enabled: true
|
||||
host: dragonflydb.authelia
|
||||
|
||||
storage:
|
||||
postgres:
|
||||
enabled: true
|
||||
address: tcp://postgres-rw.authelia:5432
|
||||
database: app
|
||||
username: app
|
||||
password:
|
||||
secret_name: postgres-app
|
||||
path: password
|
||||
|
||||
notifier:
|
||||
filesystem:
|
||||
enabled: true
|
||||
|
||||
access_control:
|
||||
rules:
|
||||
- domain: traefik.${domain}
|
||||
policy: one_factor
|
||||
subject: "group:lldap_admin"
|
||||
- domain: ceph.${domain}
|
||||
policy: one_factor
|
||||
subject: "group:lldap_admin"
|
||||
- domain: grafana.${domain}
|
||||
policy: one_factor
|
||||
# Deny by default, mainly a placeholder to allow patching in other rules
|
||||
- domain: "*"
|
||||
policy: deny
|
||||
Reference in New Issue
Block a user