feat: change cluster url

2025-10-03 01:00:54 +02:00 · 2024-06-16 23:56:36 +02:00
parent c9bf75538e
commit 2545b72b99
78 changed files with 156 additions and 161 deletions
--- a/kubernetes/apps/default/authelia/app/config/configuration.yaml
+++ b/kubernetes/apps/default/authelia/app/config/configuration.yaml
@@ -29,9 +29,9 @@ session:
  remember_me: 1M
  cookies:
    - name: authelia_session
-      domain: ${SECRET_CLUSTER_DOMAIN}
-      authelia_url: https://auth.${SECRET_CLUSTER_DOMAIN}
-      default_redirection_url: https://${SECRET_CLUSTER_DOMAIN}
+      domain: ${SECRET_EXTERNAL_DOMAIN}
+      authelia_url: https://auth.${SECRET_EXTERNAL_DOMAIN}
+      default_redirection_url: https://${SECRET_EXTERNAL_DOMAIN}
  redis:
    host: dragonfly.database.svc.cluster.local.
    port: 6379
@@ -58,17 +58,17 @@ access_control:
  rules:
    # bypass Authelia WAN + LAN
    - domain:
-        - auth.${SECRET_CLUSTER_DOMAIN}
+        - auth.${SECRET_EXTERNAL_DOMAIN}
      policy: bypass
    # One factor auth for LAN
    - domain:
-        - "*.${SECRET_CLUSTER_DOMAIN}"
+        - "*.${SECRET_EXTERNAL_DOMAIN}"
      policy: one_factor
      subject: [group:admins, group:users]
      networks:
        - private
    # Deny public resources
-    - domain: ["navidrome.${SECRET_CLUSTER_DOMAIN}"]
+    - domain: ["navidrome.${SECRET_EXTERNAL_DOMAIN}"]
      resources: [^/metrics.*$]
      policy: deny

@@ -83,7 +83,7 @@ identity_providers:
        client_secret: "$${FRESHRSS_OAUTH_DIGEST}"
        public: false
        authorization_policy: two_factor
-        redirect_uris: ["https://freshrss.${SECRET_CLUSTER_DOMAIN}:443/i/oidc/"]
+        redirect_uris: ["https://freshrss.${SECRET_EXTERNAL_DOMAIN}:443/i/oidc/"]
        scopes: [openid, profile, groups, email]
        userinfo_signed_response_alg: none
        token_endpoint_auth_method: client_secret_basic
@@ -94,7 +94,7 @@ identity_providers:
        authorization_policy: two_factor
        pre_configured_consent_duration: 1y
        scopes: [openid, profile, groups, email]
-        redirect_uris: ["https://grafana.${SECRET_CLUSTER_DOMAIN}/login/generic_oauth"]
+        redirect_uris: ["https://grafana.${SECRET_EXTERNAL_DOMAIN}/login/generic_oauth"]
        userinfo_signed_response_alg: none
      - client_id: outline
        client_name: Outline
@@ -104,7 +104,7 @@ identity_providers:
        pre_configured_consent_duration: 1y
        scopes: [openid, profile, email, offline_access]
        response_types: code
-        redirect_uris: ["https://docs.${SECRET_CLUSTER_DOMAIN}/auth/oidc.callback"]
+        redirect_uris: ["https://docs.${SECRET_EXTERNAL_DOMAIN}/auth/oidc.callback"]
        userinfo_signed_response_alg: none
        token_endpoint_auth_method: client_secret_basic
      - client_name: jellyfin
@@ -116,6 +116,6 @@ identity_providers:
        pkce_challenge_method: S256
        pre_configured_consent_duration: 1y
        scopes: [openid, profile, groups]
-        redirect_uris: [ "https://jellyfin.${SECRET_CLUSTER_DOMAIN}/sso/OID/redirect/authelia"]
+        redirect_uris: [ "https://jellyfin.${SECRET_EXTERNAL_DOMAIN}/sso/OID/redirect/authelia"]
        userinfo_signed_response_alg: none
        token_endpoint_auth_method: client_secret_post
--- a/kubernetes/apps/default/authelia/app/helmrelease.yaml
+++ b/kubernetes/apps/default/authelia/app/helmrelease.yaml
@@ -131,7 +131,7 @@ spec:
          gethomepage.dev/name: Authelia
          gethomepage.dev/icon: authelia.png
        hosts:
-          - host: &host auth.${SECRET_CLUSTER_DOMAIN}
+          - host: &host auth.${SECRET_EXTERNAL_DOMAIN}
            paths:
              - path: /
                service: