Added authelia proxy auth to grafana
This commit is contained in:
parent
e011308c24
commit
b84c6ea811
GPG Key ID:
FA5F485356B0D2D4
|
|
@ -80,6 +80,8 @@ spec:
|
||||||
- domain: traefik.${domain}
|
- domain: traefik.${domain}
|
||||||
policy: one_factor
|
policy: one_factor
|
||||||
subject: "group:lldap_admin"
|
subject: "group:lldap_admin"
|
||||||
|
- domain: grafana.${domain}
|
||||||
|
policy: one_factor
|
||||||
# Deny by default, mainly a placeholder to allow patching in other rules
|
# Deny by default, mainly a placeholder to allow patching in other rules
|
||||||
- domain: "*"
|
- domain: "*"
|
||||||
policy: deny
|
policy: deny
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,10 @@ spec:
|
||||||
- grafana.${domain}
|
- grafana.${domain}
|
||||||
tls:
|
tls:
|
||||||
- secretName: ${domain//./-}-tls
|
- secretName: ${domain//./-}-tls
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd" # name of your middleware, as defined in your middleware.yml
|
||||||
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
|
|
||||||
envValueFrom:
|
envValueFrom:
|
||||||
LDAP_ADMIN_PASSWORD:
|
LDAP_ADMIN_PASSWORD:
|
||||||
|
|
@ -32,6 +36,16 @@ spec:
|
||||||
auth.ldap:
|
auth.ldap:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
auth.proxy:
|
||||||
|
enabled: true
|
||||||
|
header_name: Remote-User
|
||||||
|
header_property: username
|
||||||
|
auto_sign_up: true
|
||||||
|
headers: Groups:Remote-Group
|
||||||
|
enable_login_token: false
|
||||||
|
sync_ttl: 0
|
||||||
|
signout_redirect_url: https://login.${domain}/logout?rd=https://grafana.${domain}
|
||||||
|
|
||||||
database:
|
database:
|
||||||
type: postgres
|
type: postgres
|
||||||
host: $__file{/etc/secrets/db/host}
|
host: $__file{/etc/secrets/db/host}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user