Added authelia proxy auth to grafana

2024-12-31 04:37:36 +01:00 · 2024-12-31 04:37:36 +01:00 · b84c6ea811
commit b84c6ea811
parent e011308c24
2 changed files with 16 additions and 0 deletions
--- a/apps/authelia/release.yaml
+++ b/apps/authelia/release.yaml
@ -80,6 +80,8 @@ spec:
          - domain: traefik.${domain}
            policy: one_factor
            subject: "group:lldap_admin"
+          - domain: grafana.${domain}
+            policy: one_factor
          # Deny by default, mainly a placeholder to allow patching in other rules
          - domain: "*"
            policy: deny
--- a/apps/grafana/release.yaml
+++ b/apps/grafana/release.yaml
@ -21,6 +21,10 @@ spec:
        - grafana.${domain}
      tls:
        - secretName: ${domain//./-}-tls
+      annotations:
+        traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
+        traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd" # name of your middleware, as defined in your middleware.yml
+        traefik.ingress.kubernetes.io/router.tls: "true"

    envValueFrom:
      LDAP_ADMIN_PASSWORD:
@ -32,6 +36,16 @@ spec:
      auth.ldap:
        enabled: true

+      auth.proxy:
+        enabled: true
+        header_name: Remote-User
+        header_property: username
+        auto_sign_up: true
+        headers: Groups:Remote-Group
+        enable_login_token: false
+        sync_ttl: 0
+        signout_redirect_url: https://login.${domain}/logout?rd=https://grafana.${domain}
+
      database:
        type: postgres
        host: $__file{/etc/secrets/db/host}