From b4073dfef7d668f30ca8d7c3b7d9ac107dd724ee Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Tue, 19 Nov 2024 02:53:34 +0100 Subject: [PATCH] Patch in authelia access rules --- apps/authelia/release.yaml | 6 +++--- apps/kustomization.yaml | 4 +++- apps/traefik-dashboard/access.yaml | 6 ++++++ apps/traefik-dashboard/kustomization.yaml | 10 ++++++++-- 4 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 apps/traefik-dashboard/access.yaml diff --git a/apps/authelia/release.yaml b/apps/authelia/release.yaml index a0e92e7..f717301 100644 --- a/apps/authelia/release.yaml +++ b/apps/authelia/release.yaml @@ -72,6 +72,6 @@ spec: access_control: rules: - - domain: traefik.${domain} - policy: one_factor - subject: "group:lldap_admin" + # Deny by default, mainly a placeholder to allow patching in other rules + - domain: "*" + policy: deny diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index ce3d8d7..feb9e20 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -1,7 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./traefik-dashboard - ./lldap - ./authelia - ./whoami.yaml + +components: + - ./traefik-dashboard diff --git a/apps/traefik-dashboard/access.yaml b/apps/traefik-dashboard/access.yaml new file mode 100644 index 0000000..0dda00a --- /dev/null +++ b/apps/traefik-dashboard/access.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/values/configMap/access_control/rules/0 + value: + domain: traefik.${domain} + policy: one_factor + subject: "group:lldap_admin" diff --git a/apps/traefik-dashboard/kustomization.yaml b/apps/traefik-dashboard/kustomization.yaml index 972f3ed..a2a5380 100644 --- a/apps/traefik-dashboard/kustomization.yaml +++ b/apps/traefik-dashboard/kustomization.yaml @@ -1,4 +1,10 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component resources: - ingress.yaml +patches: + - target: + kind: HelmRelease + name: authelia + namespace: authelia + path: access.yaml