authelia: Add Authelia
This commit is contained in:
commit
6931a8a2b8
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: authelia
|
||||||
|
namespace: auth
|
||||||
|
spec:
|
||||||
|
forwardAuth:
|
||||||
|
address: 'http://authelia.auth.svc.cluster.local/api/verify?rd=https://auth.namesny.com'
|
||||||
|
trustForwardHeader: true
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: authelia-ingress
|
||||||
|
namespace: auth
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- websecure
|
||||||
|
routes:
|
||||||
|
- match: Host(`auth.namesny.com`)
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
- name: authelia
|
||||||
|
port: 80
|
|
@ -0,0 +1,21 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
generatorOptions:
|
||||||
|
disableNameSuffixHash: true
|
||||||
|
namespace: auth
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- ingress.yaml
|
||||||
|
- basic-auth-middleware.yaml
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ./secret-generator.yaml
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: authelia
|
||||||
|
releaseName: authelia
|
||||||
|
version: 0.8.58
|
||||||
|
repo: https://charts.authelia.com
|
||||||
|
namespace: auth
|
||||||
|
valuesFile: values.yaml
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: auth
|
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: authelia-secret-generator
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
exec:
|
||||||
|
path: ksops
|
||||||
|
secretFrom:
|
||||||
|
- metadata:
|
||||||
|
name: authelia-users-secret
|
||||||
|
namespace: auth
|
||||||
|
annotations:
|
||||||
|
kustomize.config.k8s.io/needs-hash: "false"
|
||||||
|
type: Opaque
|
||||||
|
files:
|
||||||
|
- users_database.yaml=./users_database.enc.yaml
|
|
@ -0,0 +1,28 @@
|
||||||
|
users:
|
||||||
|
matus:
|
||||||
|
displayname: ENC[AES256_GCM,data:mLFikpU=,iv:Iemii72kWnE1l0py/t+0656eT8Uq1gpngDbTMMeECh8=,tag:QM1/ZMz+2bhAfCn2yvjc/g==,type:str]
|
||||||
|
password: ENC[AES256_GCM,data:nrOc1JNEew5ucfkYAlx3IzS63BWVESLjZhZ/TZf0brsLNFVKvQ35RZX9RxEfy8BbJt/ELeNlv7UBJVXVCp994UjelG0rQGdGqVKdl4d/UJ8FaMVxCKYtmHuAT4yYC9xs9BHm,iv:a7PS17bCSakhDFINBpSePKvI0dDt8CDCn4QnGp4D1W4=,tag:IQyGAAKr4hjR2bQthlw1qQ==,type:str]
|
||||||
|
email: ENC[AES256_GCM,data:eRqp61nZzcnaIDHJAQsr1Wg=,iv:m9/LLx+nVpsukFvxUs+Xtxqrzm2Gg6NuU7vVDYSvORM=,tag:nGvy4YIHgQ/Q89BRVWD41Q==,type:str]
|
||||||
|
groups:
|
||||||
|
- ENC[AES256_GCM,data:WT3SDtr1,iv:HpPaH3bYt6nuUJX4ydm30ndDpzxzTCsJS+O1GqLcT5M=,tag:ZeI+K2re1K5DoZHxbD60GA==,type:str]
|
||||||
|
- ENC[AES256_GCM,data:Vh/i,iv:6Ds1PdJtivewRQvQpAqjtTQeKjhEUDifTWL8aCWaK4A=,tag:D4k6vVlFGCo8nYVeGhRDkA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age14dgmts59tc2gv2xu9305auvu854n3pfl8vkheqzzqyrygyeequ0sjhl92v
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSOHcvR296TFNDTlFUV2hS
|
||||||
|
UXdqZ0tFWkl5bVBBeGlFN1ZIVFBXQjk3KzBZCllhTXdhYXBJUG5NT1JyZDF2M0xs
|
||||||
|
eHZsbWFraGVwVmpWWlZWaEs5b1V2VlEKLS0tIGpNU0VZSXYxL0xGZmJ4TktzNGcw
|
||||||
|
aCs0NnhLQnF2bStEallaZFRkRTI1d3cKtcZJoDjv/+GLrx32GALmc3MuQGLoZ9iT
|
||||||
|
7y3kEdf+fNJGZG7zr9c2Tx8WpDzX2qb7C2VFneDp52p4OpYBIWmKCQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-11-28T20:30:26Z"
|
||||||
|
mac: ENC[AES256_GCM,data:uRvVIHdZ/fSi1dKGAn0QEfAwzEKw6cP4GMbpZz3DWMkHkxMnFkR2hcc4NGNg5oRAOxFP5dFTsXMkZCVNN/JiNsb6/Hji7G4YEM6wPWGy3PerWwIwipp+D9r3HvDpR6Viky/TJzCF5NsiVf+sNcN3cMZw8B/IqD0nH8/PXwg3Yvc=,iv:TCqZjgVVv/sMHEjzgFuMvHHs6hfxBgkvOx10MSna3rI=,tag:Tr+hCP5N1nf3lxuE2pfEDg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,35 @@
|
||||||
|
domain: 'namesny.com'
|
||||||
|
configMap:
|
||||||
|
authentication_backend:
|
||||||
|
file:
|
||||||
|
enabled: true
|
||||||
|
path: /users/users_database.yaml
|
||||||
|
ldap:
|
||||||
|
enabled: false
|
||||||
|
access_control:
|
||||||
|
rules:
|
||||||
|
- domain: '*.namesny.com'
|
||||||
|
policy: one_factor
|
||||||
|
session:
|
||||||
|
redis:
|
||||||
|
enabled: false
|
||||||
|
storage:
|
||||||
|
local:
|
||||||
|
enabled: true
|
||||||
|
path: /config/db.sqlite3
|
||||||
|
postgres:
|
||||||
|
enabled: false
|
||||||
|
notifier:
|
||||||
|
smtp:
|
||||||
|
enabled: false
|
||||||
|
filesystem:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
pod:
|
||||||
|
extraVolumeMounts:
|
||||||
|
- name: authelia-users-vol
|
||||||
|
mountPath: /users
|
||||||
|
extraVolumes:
|
||||||
|
- name: authelia-users-vol
|
||||||
|
secret:
|
||||||
|
secretName: authelia-users-secret
|
Loading…
Reference in New Issue