Allow authelia ACLs to be configured through ConfigMaps

infra/authelia/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
   - ./namespace.yaml
   - ./helm-repository.yaml
   - ./helm-release.yaml
+  - ./secret-authelia-acl.yaml
   - ./secret-authelia-lldap.yaml
   - ../../common/postgres
   - ../../common/dragonflydb

infra/authelia/secret-authelia-acl.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authelia-acl
+stringData:
+  rules: |
+    - domain: traefik.${domain}
+      policy: one_factor
+      subject: "group:lldap_admin"
+    - domain: ceph.${domain}
+      policy: one_factor
+      subject: "group:lldap_admin"
+    - domain: grafana.${domain}
+      policy: one_factor

infra/authelia/values.yaml

@@ -62,15 +62,5 @@ configMap:
       enabled: true
 
   access_control:
-    rules:
-      - domain: traefik.${domain}
-        policy: one_factor
-        subject: "group:lldap_admin"
-      - domain: ceph.${domain}
-        policy: one_factor
-        subject: "group:lldap_admin"
-      - domain: grafana.${domain}
-        policy: one_factor
-      # Deny by default, mainly a placeholder to allow patching in other rules
-      - domain: "*"
-        policy: deny
+    secret:
+      existingSecret: authelia-acl