From 357ed774e2e2487e9d1ede7ea97aca6f09488000 Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Mon, 22 Dec 2025 02:50:14 +0100 Subject: [PATCH] feat: Added authelia --- apps/authelia/base/cluster-restore.yaml | 16 +++++++ apps/authelia/base/cluster.yaml | 15 +++++++ apps/authelia/base/helm-release.yaml | 29 ++++++++++++ apps/authelia/base/helm-repository.yaml | 8 ++++ apps/authelia/base/kustomization.yaml | 25 +++++++++++ apps/authelia/base/name-reference.yaml | 6 +++ apps/authelia/base/namespace.yaml | 5 +++ apps/authelia/base/object-store.yaml | 20 +++++++++ apps/authelia/base/secret-s3-garage.yaml | 9 ++++ apps/authelia/base/service-user.yaml | 6 +++ apps/authelia/base/values.yaml | 56 ++++++++++++++++++++++++ apps/authelia/production/cluster.yaml | 6 +++ apps/authelia/production/values.yaml | 8 ++++ apps/authelia/staging/cluster.yaml | 6 +++ apps/authelia/staging/kustomization.yaml | 18 ++++++++ apps/authelia/staging/object-store.yaml | 8 ++++ apps/authelia/staging/values.yaml | 11 +++++ 17 files changed, 252 insertions(+) create mode 100644 apps/authelia/base/cluster-restore.yaml create mode 100644 apps/authelia/base/cluster.yaml create mode 100644 apps/authelia/base/helm-release.yaml create mode 100644 apps/authelia/base/helm-repository.yaml create mode 100644 apps/authelia/base/kustomization.yaml create mode 100644 apps/authelia/base/name-reference.yaml create mode 100644 apps/authelia/base/namespace.yaml create mode 100644 apps/authelia/base/object-store.yaml create mode 100644 apps/authelia/base/secret-s3-garage.yaml create mode 100644 apps/authelia/base/service-user.yaml create mode 100644 apps/authelia/base/values.yaml create mode 100644 apps/authelia/production/cluster.yaml create mode 100644 apps/authelia/production/values.yaml create mode 100644 apps/authelia/staging/cluster.yaml create mode 100644 apps/authelia/staging/kustomization.yaml create mode 100644 apps/authelia/staging/object-store.yaml create mode 100644 apps/authelia/staging/values.yaml diff --git a/apps/authelia/base/cluster-restore.yaml b/apps/authelia/base/cluster-restore.yaml new file mode 100644 index 0000000..903d05f --- /dev/null +++ b/apps/authelia/base/cluster-restore.yaml @@ -0,0 +1,16 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: db +spec: + bootstrap: + recovery: + source: source + externalClusters: + - name: source + plugin: + name: barman-cloud.cloudnative-pg.io + parameters: + barmanObjectName: garage-store + serverName: db + plugins: [] diff --git a/apps/authelia/base/cluster.yaml b/apps/authelia/base/cluster.yaml new file mode 100644 index 0000000..7f98d1a --- /dev/null +++ b/apps/authelia/base/cluster.yaml @@ -0,0 +1,15 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: db + namespace: authelia + # TODO: Add labels? +spec: + storage: + size: 8Gi + storageClass: local-path + plugins: + - name: barman-cloud.cloudnative-pg.io + isWALArchiver: true + parameters: + barmanObjectName: garage-store diff --git a/apps/authelia/base/helm-release.yaml b/apps/authelia/base/helm-release.yaml new file mode 100644 index 0000000..0b4e4ba --- /dev/null +++ b/apps/authelia/base/helm-release.yaml @@ -0,0 +1,29 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: authelia + namespace: authelia +spec: + interval: 12h + install: + strategy: + name: RetryOnFailure + retryInterval: 2m + upgrade: + strategy: + name: RetryOnFailure + retryInterval: 3m + chart: + spec: + chart: authelia + version: "0.10.x" + sourceRef: + kind: HelmRepository + name: authelia + interval: 24h + valuesFrom: + - kind: ConfigMap + name: values-base + - kind: ConfigMap + name: values-overlay + optional: true diff --git a/apps/authelia/base/helm-repository.yaml b/apps/authelia/base/helm-repository.yaml new file mode 100644 index 0000000..2479615 --- /dev/null +++ b/apps/authelia/base/helm-repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: authelia + namespace: authelia +spec: + interval: 24h + url: https://charts.authelia.com diff --git a/apps/authelia/base/kustomization.yaml b/apps/authelia/base/kustomization.yaml new file mode 100644 index 0000000..1ab4cc8 --- /dev/null +++ b/apps/authelia/base/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - cluster.yaml + - service-user.yaml + - helm-repository.yaml + - helm-release.yaml + - secret-s3-garage.yaml + - object-store.yaml + +configurations: + - name-reference.yaml + +configMapGenerator: + - name: values-base + namespace: authelia + files: + - values.yaml + +# Uncomment to restore database from backup +# patches: +# - path: cluster-restore.yaml +# target: +# kind: Cluster diff --git a/apps/authelia/base/name-reference.yaml b/apps/authelia/base/name-reference.yaml new file mode 100644 index 0000000..a80be15 --- /dev/null +++ b/apps/authelia/base/name-reference.yaml @@ -0,0 +1,6 @@ +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/apps/authelia/base/namespace.yaml b/apps/authelia/base/namespace.yaml new file mode 100644 index 0000000..b4a79e4 --- /dev/null +++ b/apps/authelia/base/namespace.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: authelia + namespace: authelia diff --git a/apps/authelia/base/object-store.yaml b/apps/authelia/base/object-store.yaml new file mode 100644 index 0000000..522345e --- /dev/null +++ b/apps/authelia/base/object-store.yaml @@ -0,0 +1,20 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: garage-store + namespace: authelia +spec: + configuration: + destinationPath: s3://cnpg-backup/authelia + s3Credentials: + accessKeyId: + name: s3-garage + key: ACCESS_KEY_ID + secretAccessKey: + name: s3-garage + key: ACCESS_SECRET_KEY + region: + name: s3-garage + key: REGION + wal: + compression: gzip diff --git a/apps/authelia/base/secret-s3-garage.yaml b/apps/authelia/base/secret-s3-garage.yaml new file mode 100644 index 0000000..b17a725 --- /dev/null +++ b/apps/authelia/base/secret-s3-garage.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-garage + namespace: authelia + annotations: + reflector.v1.k8s.emberstack.com/reflects: "cnpg-system/s3-garage" +type: Opaque +data: {} diff --git a/apps/authelia/base/service-user.yaml b/apps/authelia/base/service-user.yaml new file mode 100644 index 0000000..06db91f --- /dev/null +++ b/apps/authelia/base/service-user.yaml @@ -0,0 +1,6 @@ +apiVersion: lldap.huizinga.dev/v1 +kind: ServiceUser +metadata: + name: authelia + namespace: authelia +spec: {} diff --git a/apps/authelia/base/values.yaml b/apps/authelia/base/values.yaml new file mode 100644 index 0000000..095a980 --- /dev/null +++ b/apps/authelia/base/values.yaml @@ -0,0 +1,56 @@ +pod: + kind: Deployment + replicas: 2 +ingress: + enabled: false + +secret: + additionalSecrets: + postgres-app: + key: db-app + authelia-lldap-credentials: + key: authelia-lldap-credentials + +configMap: + authentication_backend: + ldap: + enabled: true + implementation: lldap + address: ldap://lldap.lldap.svc.cluster.local:3890 + base_dn: dc=huizinga,dc=dev + additional_users_dn: ou=people + users_filter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))" + additional_groups_dn: ou=groups + groups_filter: "(member={dn})" + attributes: + display_name: displayName + username: uid + group_name: cn + mail: mail + user: uid=authelia.authelia,ou=people,dc=huizinga,dc=dev + password: + secret_name: authelia-lldap-credentials + path: password + + # session: + # redis: + # enabled: true + # host: dragonflydb.authelia + + storage: + postgres: + enabled: true + address: tcp://db-rw.authelia:5432 + database: app + username: app + password: + secret_name: db-app + path: password + + notifier: + filesystem: + enabled: true + + # access_control: + # secret: + # existingSecret: authelia-acl diff --git a/apps/authelia/production/cluster.yaml b/apps/authelia/production/cluster.yaml new file mode 100644 index 0000000..b7e7438 --- /dev/null +++ b/apps/authelia/production/cluster.yaml @@ -0,0 +1,6 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: db +spec: + instances: 2 diff --git a/apps/authelia/production/values.yaml b/apps/authelia/production/values.yaml new file mode 100644 index 0000000..ad85b70 --- /dev/null +++ b/apps/authelia/production/values.yaml @@ -0,0 +1,8 @@ +pod: + replicas: 2 + +configMap: + session: + cookies: + - subdomain: auth + domain: huizinga.dev diff --git a/apps/authelia/staging/cluster.yaml b/apps/authelia/staging/cluster.yaml new file mode 100644 index 0000000..b85230c --- /dev/null +++ b/apps/authelia/staging/cluster.yaml @@ -0,0 +1,6 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: db +spec: + instances: 1 diff --git a/apps/authelia/staging/kustomization.yaml b/apps/authelia/staging/kustomization.yaml new file mode 100644 index 0000000..aaa2371 --- /dev/null +++ b/apps/authelia/staging/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + +patches: + - path: cluster.yaml + target: + kind: Cluster + - path: object-store.yaml + target: + kind: ObjectStore + +configMapGenerator: + - name: values-overlay + namespace: cnpg-system + files: + - values.yaml diff --git a/apps/authelia/staging/object-store.yaml b/apps/authelia/staging/object-store.yaml new file mode 100644 index 0000000..1e3af5a --- /dev/null +++ b/apps/authelia/staging/object-store.yaml @@ -0,0 +1,8 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: garage-store + namespace: lldap +spec: + configuration: + endpointURL: http://192.168.1.1:3900 diff --git a/apps/authelia/staging/values.yaml b/apps/authelia/staging/values.yaml new file mode 100644 index 0000000..379e8a7 --- /dev/null +++ b/apps/authelia/staging/values.yaml @@ -0,0 +1,11 @@ +pod: + replicas: 1 + +configMap: + log: + level: debug + + session: + cookies: + - subdomain: auth + domain: staging.huizinga.dev