add authelia

cluster/auth/authelia.yaml

@@ -0,0 +1,101 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: authelia
+  namespace: auth
+  labels:
+    app.kubernetes.io/instance: authelia
+    app.kubernetes.io/name: authelia
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: authelia
+      app.kubernetes.io/name: authelia
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: authelia
+        app.kubernetes.io/name: authelia
+    spec:
+      initContainers:
+      - name: authelia-init
+        image: busybox
+        command: ['/bin/sh', '-c', 'cp /configyaml/*.y* /config']
+        volumeMounts:
+        - name: configyaml
+          mountPath: /configyaml
+        - name: config
+          mountPath: /config
+      containers:
+      - name: redis
+        image: k8s.gcr.io/redis:e2e
+        resources:
+          limits:
+            cpu: 100m
+            memory: 125Mi
+          requests:
+            cpu: 50m
+            memory: 125Mi
+        ports:
+        - containerPort: 6379
+      - name: authelia
+        image: authelia/authelia:4.23.3
+        ports:
+        - containerPort: 9091
+        volumeMounts:
+        - name: config
+          mountPath: /config
+        resources:
+          limits:
+            cpu: 500m
+            memory: 2000Mi
+          requests:
+            cpu: 100m
+            memory: 1500Mi
+      dnsConfig:
+        options:
+          - name: ndots
+            value: "1"
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/worker
+                operator: In
+                values:
+                - "true"    
+      volumes:
+      - name: config
+        emptyDir: {}
+      - name: configyaml
+        configMap:
+          name: authelia-config
+          items:
+          - key: configuration.yml
+            path: configuration.yml
+          - key: users.yaml
+            path: users.yaml
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: authelia
+  namespace: auth
+  labels:
+    app.kubernetes.io/instance: authelia
+    app.kubernetes.io/name: authelia
+spec:
+  selector:
+    app.kubernetes.io/instance: authelia
+    app.kubernetes.io/name: authelia
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 9091
+  externalTrafficPolicy: Local
+  type: LoadBalancer
+  loadBalancerIP: 192.168.9.204

secrets/custom-auth-authelia-secrets.yaml

@@ -0,0 +1,50 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+    annotations:
+        kubernetes.io/ingress.class: nginx
+    labels:
+        app.kubernetes.io/instance: authelia
+        app.kubernetes.io/name: authelia
+    name: authelia
+    namespace: auth
+spec:
+    rules:
+    -   host: ENC[AES256_GCM,data:UC1OHsfgJeTfdSguiw5as54eDaTB,iv:J6U94TDHeZ8392oobRBbiYW8mb+P47U+figG5JdNpVo=,tag:i4oXVoe+7w8erGBV4xAjSQ==,type:str]
+        http:
+            paths:
+            -   backend:
+                    serviceName: ENC[AES256_GCM,data:/IJZJ14EpXI=,iv:81msQhhJ2f+zqHPv0sbHl/UYRqXv8Lv+2zlSWBu3qZI=,tag:BGELU0MAI1dg36lrO/mYYw==,type:str]
+                    servicePort: ENC[AES256_GCM,data:x8xZ3A==,iv:Z7cWysPEGPxhPPHyhFhxd1g4YRUv3guTOjguMdHrvu8=,tag:2MJdyayokV8CCFR4zde/Mg==,type:str]
+                path: ENC[AES256_GCM,data:WA==,iv:BOtrJkFm1/zs3w05SPYO5PDR0MKY1Ty/9yygl42f+ss=,tag:KMGYzJJ2uU3KwgdLXBxakQ==,type:str]
+    tls:
+    -   hosts:
+        - ENC[AES256_GCM,data:0331YXH0E8ahQ7REjR2ljOf9aAhI,iv:4wTXl9+EVh3SB+uDzqgHE73t4vSQ4YSJbIfdZt2/qao=,tag:2s4dIppoSexWZefIOqxgtA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    lastmodified: '2020-11-29T18:28:08Z'
+    mac: ENC[AES256_GCM,data:oEcQufuZheagavZmIPjdjKzsiBH+HNK+uw2+8Iiro/ZAacIfvErt0jslimDy7a7M6yckuaSs9Tp0MzcPHfVFQ1e5RIo7KtG3aR/Jn3dfzdnslxkzU9cQqbchBgnIEfX4VDNjDvVrH5TH8c35FPyxbhtPIr8Iy7vF31yjVH7WRn4=,iv:oHYOKOops3EwhYw+nwHNQiNIq6MKPw+N+n/qkUnpWTg=,tag:c8+kNyOzQddLCRqE6ECzhA==,type:str]
+    pgp:
+    -   created_at: '2020-11-29T18:28:07Z'
+        enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQGMA/JorPHm1g9XAQv/R3xnfT/UUmaBJ2CULhwfIfC/ojCoZ/bR9KS7luyJWNJR
+            PsrpTCUpvHC2i0MopV390WX9CAcDX4LV9xzzbmA1VQfBWe0/6zPp0pl7TTl0WKIQ
+            tfT0ajMqu5CYZTJslC0WWRAaPVECmp+SEkQkj7ZVGmeHARZlh7JYg799ZLDPIle5
+            jNwgbFBUrY+u1eosbzRwx6wVXQ04UGeIe02g8utgzPtZUngGFUIh82lWH0Bm/ee2
+            zG2obQCyPFCw40UQGHZKxQ5Fv0NIN8y7CaHtr+YY+EzsxeYeNXTSQGZUno/DxSWK
+            cJRFVdNXqvoftnJZoXMh8/ZaRJEVU6fMBtKRC1xgdmEnA9bFCAUrNg+yR8RtNbK0
+            2uH6vXuG+xQSOJpGimgMf8lw8M9YVQ0qMYUyZQCudSSB5y/iSreWDT4is4uGbIQq
+            qOYbuaPf8I6E51lf+MRK1XUzgKZSa114wd8gnaUgfgWewU9IS5j74GnGXvuorFyR
+            f+5aojWzMvqwy0/J4S8W0lwB27cmXQChrV6NPPMKqDW/6gu4JZ2W9XqUOb55tx0F
+            DvTcRksFZ2jAQ6yWzGdtUXZmgjuaCQ/0q8jFaJUf/9f4h4tmaaXvfkK9SWjrE8x7
+            NttgxbiJyx1u+AF2kg==
+            =t253
+            -----END PGP MESSAGE-----
+        fp: C8F8A49D04A1AB639F8EA21CDBA4B1DCB1FA5BDD
+    encrypted_regex: ^(spec|stringData)$
+    version: 3.6.1