From a8e74b6161104d7e480fac5bbbd48ff6b587d3e9 Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Mon, 22 Dec 2025 02:50:14 +0100 Subject: [PATCH] feat: Added authelia --- apps/artifacts.yaml | 5 ++ apps/authelia/authelia.yaml | 17 +++++++ apps/authelia/base/cluster-restore.yaml | 16 +++++++ apps/authelia/base/cluster.yaml | 15 ++++++ apps/authelia/base/helm-release.yaml | 29 +++++++++++ apps/authelia/base/helm-repository.yaml | 8 ++++ apps/authelia/base/kustomization.yaml | 25 ++++++++++ apps/authelia/base/name-reference.yaml | 6 +++ apps/authelia/base/namespace.yaml | 5 ++ apps/authelia/base/object-store.yaml | 20 ++++++++ apps/authelia/base/secret-s3-garage.yaml | 9 ++++ apps/authelia/base/service-user.yaml | 6 +++ apps/authelia/base/values.yaml | 61 ++++++++++++++++++++++++ apps/authelia/production/cluster.yaml | 6 +++ apps/authelia/production/values.yaml | 8 ++++ apps/authelia/staging/cluster.yaml | 6 +++ apps/authelia/staging/kustomization.yaml | 18 +++++++ apps/authelia/staging/object-store.yaml | 8 ++++ apps/authelia/staging/values.yaml | 11 +++++ clusters/testing/kustomization.yaml | 1 + 20 files changed, 280 insertions(+) create mode 100644 apps/authelia/authelia.yaml create mode 100644 apps/authelia/base/cluster-restore.yaml create mode 100644 apps/authelia/base/cluster.yaml create mode 100644 apps/authelia/base/helm-release.yaml create mode 100644 apps/authelia/base/helm-repository.yaml create mode 100644 apps/authelia/base/kustomization.yaml create mode 100644 apps/authelia/base/name-reference.yaml create mode 100644 apps/authelia/base/namespace.yaml create mode 100644 apps/authelia/base/object-store.yaml create mode 100644 apps/authelia/base/secret-s3-garage.yaml create mode 100644 apps/authelia/base/service-user.yaml create mode 100644 apps/authelia/base/values.yaml create mode 100644 apps/authelia/production/cluster.yaml create mode 100644 apps/authelia/production/values.yaml create mode 100644 apps/authelia/staging/cluster.yaml create mode 100644 apps/authelia/staging/kustomization.yaml create mode 100644 apps/authelia/staging/object-store.yaml create mode 100644 apps/authelia/staging/values.yaml diff --git a/apps/artifacts.yaml b/apps/artifacts.yaml index 624d8c9..53bf85b 100644 --- a/apps/artifacts.yaml +++ b/apps/artifacts.yaml @@ -19,3 +19,8 @@ spec: copy: - from: "@foundation/apps/lldap/**" to: "@artifact/" + - name: authelia + originRevision: "@foundation" + copy: + - from: "@foundation/apps/authelia/**" + to: "@artifact/" diff --git a/apps/authelia/authelia.yaml b/apps/authelia/authelia.yaml new file mode 100644 index 0000000..67149a9 --- /dev/null +++ b/apps/authelia/authelia.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: authelia + namespace: flux-system +spec: + interval: 1h + retryInterval: 2m + timeout: 5m + dependsOn: + - name: cnpg + sourceRef: + kind: ExternalArtifact + name: authelia + path: ./${cluster_env} + prune: true + wait: true diff --git a/apps/authelia/base/cluster-restore.yaml b/apps/authelia/base/cluster-restore.yaml new file mode 100644 index 0000000..903d05f --- /dev/null +++ b/apps/authelia/base/cluster-restore.yaml @@ -0,0 +1,16 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: db +spec: + bootstrap: + recovery: + source: source + externalClusters: + - name: source + plugin: + name: barman-cloud.cloudnative-pg.io + parameters: + barmanObjectName: garage-store + serverName: db + plugins: [] diff --git a/apps/authelia/base/cluster.yaml b/apps/authelia/base/cluster.yaml new file mode 100644 index 0000000..7f98d1a --- /dev/null +++ b/apps/authelia/base/cluster.yaml @@ -0,0 +1,15 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: db + namespace: authelia + # TODO: Add labels? +spec: + storage: + size: 8Gi + storageClass: local-path + plugins: + - name: barman-cloud.cloudnative-pg.io + isWALArchiver: true + parameters: + barmanObjectName: garage-store diff --git a/apps/authelia/base/helm-release.yaml b/apps/authelia/base/helm-release.yaml new file mode 100644 index 0000000..0b4e4ba --- /dev/null +++ b/apps/authelia/base/helm-release.yaml @@ -0,0 +1,29 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: authelia + namespace: authelia +spec: + interval: 12h + install: + strategy: + name: RetryOnFailure + retryInterval: 2m + upgrade: + strategy: + name: RetryOnFailure + retryInterval: 3m + chart: + spec: + chart: authelia + version: "0.10.x" + sourceRef: + kind: HelmRepository + name: authelia + interval: 24h + valuesFrom: + - kind: ConfigMap + name: values-base + - kind: ConfigMap + name: values-overlay + optional: true diff --git a/apps/authelia/base/helm-repository.yaml b/apps/authelia/base/helm-repository.yaml new file mode 100644 index 0000000..2479615 --- /dev/null +++ b/apps/authelia/base/helm-repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: authelia + namespace: authelia +spec: + interval: 24h + url: https://charts.authelia.com diff --git a/apps/authelia/base/kustomization.yaml b/apps/authelia/base/kustomization.yaml new file mode 100644 index 0000000..1ab4cc8 --- /dev/null +++ b/apps/authelia/base/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - cluster.yaml + - service-user.yaml + - helm-repository.yaml + - helm-release.yaml + - secret-s3-garage.yaml + - object-store.yaml + +configurations: + - name-reference.yaml + +configMapGenerator: + - name: values-base + namespace: authelia + files: + - values.yaml + +# Uncomment to restore database from backup +# patches: +# - path: cluster-restore.yaml +# target: +# kind: Cluster diff --git a/apps/authelia/base/name-reference.yaml b/apps/authelia/base/name-reference.yaml new file mode 100644 index 0000000..a80be15 --- /dev/null +++ b/apps/authelia/base/name-reference.yaml @@ -0,0 +1,6 @@ +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/apps/authelia/base/namespace.yaml b/apps/authelia/base/namespace.yaml new file mode 100644 index 0000000..b4a79e4 --- /dev/null +++ b/apps/authelia/base/namespace.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: authelia + namespace: authelia diff --git a/apps/authelia/base/object-store.yaml b/apps/authelia/base/object-store.yaml new file mode 100644 index 0000000..522345e --- /dev/null +++ b/apps/authelia/base/object-store.yaml @@ -0,0 +1,20 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: garage-store + namespace: authelia +spec: + configuration: + destinationPath: s3://cnpg-backup/authelia + s3Credentials: + accessKeyId: + name: s3-garage + key: ACCESS_KEY_ID + secretAccessKey: + name: s3-garage + key: ACCESS_SECRET_KEY + region: + name: s3-garage + key: REGION + wal: + compression: gzip diff --git a/apps/authelia/base/secret-s3-garage.yaml b/apps/authelia/base/secret-s3-garage.yaml new file mode 100644 index 0000000..b17a725 --- /dev/null +++ b/apps/authelia/base/secret-s3-garage.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: s3-garage + namespace: authelia + annotations: + reflector.v1.k8s.emberstack.com/reflects: "cnpg-system/s3-garage" +type: Opaque +data: {} diff --git a/apps/authelia/base/service-user.yaml b/apps/authelia/base/service-user.yaml new file mode 100644 index 0000000..06db91f --- /dev/null +++ b/apps/authelia/base/service-user.yaml @@ -0,0 +1,6 @@ +apiVersion: lldap.huizinga.dev/v1 +kind: ServiceUser +metadata: + name: authelia + namespace: authelia +spec: {} diff --git a/apps/authelia/base/values.yaml b/apps/authelia/base/values.yaml new file mode 100644 index 0000000..57848f1 --- /dev/null +++ b/apps/authelia/base/values.yaml @@ -0,0 +1,61 @@ +pod: + kind: Deployment + replicas: 2 +ingress: + enabled: true + gatewayAPI: + enabled: true + parentRefs: + - name: gateway + namespace: default + +secret: + additionalSecrets: + db-app: + key: db-app + authelia-lldap-credentials: + key: authelia-lldap-credentials + +configMap: + authentication_backend: + ldap: + enabled: true + implementation: lldap + address: ldap://lldap.lldap.svc.cluster.local:3890 + base_dn: dc=huizinga,dc=dev + additional_users_dn: ou=people + users_filter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))" + additional_groups_dn: ou=groups + groups_filter: "(member={dn})" + attributes: + display_name: displayName + username: uid + group_name: cn + mail: mail + user: uid=authelia.authelia,ou=people,dc=huizinga,dc=dev + password: + secret_name: authelia-lldap-credentials + path: password + + # session: + # redis: + # enabled: true + # host: dragonflydb.authelia + + storage: + postgres: + enabled: true + address: tcp://db-rw.authelia:5432 + database: app + username: app + password: + secret_name: db-app + path: password + + notifier: + filesystem: + enabled: true + + # access_control: + # secret: + # existingSecret: authelia-acl diff --git a/apps/authelia/production/cluster.yaml b/apps/authelia/production/cluster.yaml new file mode 100644 index 0000000..b7e7438 --- /dev/null +++ b/apps/authelia/production/cluster.yaml @@ -0,0 +1,6 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: db +spec: + instances: 2 diff --git a/apps/authelia/production/values.yaml b/apps/authelia/production/values.yaml new file mode 100644 index 0000000..ad85b70 --- /dev/null +++ b/apps/authelia/production/values.yaml @@ -0,0 +1,8 @@ +pod: + replicas: 2 + +configMap: + session: + cookies: + - subdomain: auth + domain: huizinga.dev diff --git a/apps/authelia/staging/cluster.yaml b/apps/authelia/staging/cluster.yaml new file mode 100644 index 0000000..b85230c --- /dev/null +++ b/apps/authelia/staging/cluster.yaml @@ -0,0 +1,6 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: db +spec: + instances: 1 diff --git a/apps/authelia/staging/kustomization.yaml b/apps/authelia/staging/kustomization.yaml new file mode 100644 index 0000000..7d0d27e --- /dev/null +++ b/apps/authelia/staging/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base + +patches: + - path: cluster.yaml + target: + kind: Cluster + - path: object-store.yaml + target: + kind: ObjectStore + +configMapGenerator: + - name: values-overlay + namespace: authelia + files: + - values.yaml diff --git a/apps/authelia/staging/object-store.yaml b/apps/authelia/staging/object-store.yaml new file mode 100644 index 0000000..1e3af5a --- /dev/null +++ b/apps/authelia/staging/object-store.yaml @@ -0,0 +1,8 @@ +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: garage-store + namespace: lldap +spec: + configuration: + endpointURL: http://192.168.1.1:3900 diff --git a/apps/authelia/staging/values.yaml b/apps/authelia/staging/values.yaml new file mode 100644 index 0000000..379e8a7 --- /dev/null +++ b/apps/authelia/staging/values.yaml @@ -0,0 +1,11 @@ +pod: + replicas: 1 + +configMap: + log: + level: debug + + session: + cookies: + - subdomain: auth + domain: staging.huizinga.dev diff --git a/clusters/testing/kustomization.yaml b/clusters/testing/kustomization.yaml index 6193d88..ce7debe 100644 --- a/clusters/testing/kustomization.yaml +++ b/clusters/testing/kustomization.yaml @@ -21,3 +21,4 @@ resources: - ../../apps/artifacts.yaml - ../../apps/spegel/spegel.yaml - ../../apps/lldap/lldap.yaml + - ../../apps/authelia/authelia.yaml