Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity
5d38d90552
flux-infra/infra/authelia/values.yaml

77 lines
1.7 KiB
YAML
Raw Blame History

pod:
kind: Deployment
replicas: 2
ingress:
enabled: true
tls:
enabled: true
secret: ${domain//./-}-tls
traefikCRD:
enabled: true
entryPoints:
- websecure
secret:
additionalSecrets:
postgres-app:
key: postgres-app
authelia-lldap:
key: authelia-lldap
configMap:
authentication_backend:
ldap:
enabled: true
implementation: lldap
address: ldap://lldap.lldap.svc.cluster.local:3890
base_dn: dc=huizinga,dc=dev
additional_users_dn: ou=people
users_filter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))"
additional_groups_dn: ou=groups
groups_filter: "(member={dn})"
attributes:
display_name: displayName
username: uid
group_name: cn
mail: mail
user: uid=authelia,ou=people,dc=huizinga,dc=dev
password:
secret_name: authelia-lldap
path: password
session:
cookies:
- subdomain: login${subdomain}
domain: ${topdomain}
redis:
enabled: true
host: dragonflydb.authelia
storage:
postgres:
enabled: true
address: tcp://postgres-rw.authelia:5432
database: app
username: app
password:
secret_name: postgres-app
path: password
notifier:
filesystem:
enabled: true
access_control:
rules:
- domain: traefik.${domain}
policy: one_factor
subject: "group:lldap_admin"
- domain: ceph.${domain}
policy: one_factor
subject: "group:lldap_admin"
- domain: grafana.${domain}
policy: one_factor
# Deny by default, mainly a placeholder to allow patching in other rules
- domain: "*"
policy: deny
Reference in New Issue View Git Blame Copy Permalink