From ba3580e9ae8d233bbd9573a9135794024864ef8e Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sun, 29 Oct 2023 16:19:41 +0100 Subject: [PATCH] =?UTF-8?q?=20=E2=AC=86=EF=B8=8F=20authelia=20app-template?= =?UTF-8?q?=20v2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../default/authelia/app/helmrelease.yaml | 196 +++++++++--------- 1 file changed, 101 insertions(+), 95 deletions(-) diff --git a/kubernetes/apps/default/authelia/app/helmrelease.yaml b/kubernetes/apps/default/authelia/app/helmrelease.yaml index 7988cd3e2..26fa09855 100644 --- a/kubernetes/apps/default/authelia/app/helmrelease.yaml +++ b/kubernetes/apps/default/authelia/app/helmrelease.yaml @@ -10,7 +10,7 @@ spec: chart: spec: chart: app-template - version: 1.5.1 + version: 2.0.3 sourceRef: kind: HelmRepository name: bjw-s @@ -31,69 +31,105 @@ spec: - name: authelia-redis - name: smtp-relay values: - initContainers: - 01-init-db: - image: ghcr.io/auricom/postgres-init:15.4 - imagePullPolicy: IfNotPresent - envFrom: &envFrom - - secretRef: - name: authelia-secret - controller: - replicas: 2 - strategy: RollingUpdate - annotations: - reloader.stakater.com/auto: "true" - image: - repository: ghcr.io/authelia/authelia - tag: master@sha256:a3647c3dd136402745c7639e446944004145630c822f27e22f999c414c234d2f - args: ["--config", "/config/configuration.yaml", "--config.experimental.filters", "expand-env"] - env: - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_GROUPS_DN: ou=groups - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_USERS_DN: ou=people - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN: dc=home,dc=arpa - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_DISPLAY_NAME_ATTRIBUTE: displayName - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER: (member={dn}) - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_NAME_ATTRIBUTE: cn - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_IMPLEMENTATION: custom - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_MAIL_ATTRIBUTE: mail - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_START_TLS: "false" - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TIMEOUT: 5s - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_URL: ldap://lldap.default.svc.cluster.local:5389 - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER: uid=admin,ou=people,dc=home,dc=arpa - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERNAME_ATTRIBUTE: uid - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER: (&({username_attribute}={input})(objectClass=person)) - AUTHELIA_AUTHENTICATION_BACKEND_PASSWORD_RESET_DISABLE: "true" - AUTHELIA_AUTHENTICATION_BACKEND_REFRESH_INTERVAL: 1m - AUTHELIA_DEFAULT_REDIRECTION_URL: https://auth.${SECRET_CLUSTER_DOMAIN} - AUTHELIA_DUO_API_DISABLE: "true" - AUTHELIA_LOG_LEVEL: info - AUTHELIA_NOTIFIER_DISABLE_STARTUP_CHECK: "true" - AUTHELIA_NOTIFIER_SMTP_DISABLE_REQUIRE_TLS: "true" - AUTHELIA_NOTIFIER_SMTP_HOST: smtp-relay.default.svc.cluster.local. - AUTHELIA_NOTIFIER_SMTP_PORT: "2525" - AUTHELIA_NOTIFIER_SMTP_SENDER: "Authelia " - AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true" - AUTHELIA_SERVER_PORT: &port 8888 - AUTHELIA_SESSION_DOMAIN: ${SECRET_CLUSTER_DOMAIN} - AUTHELIA_SESSION_NAME: authelia-home-ops - AUTHELIA_SESSION_REDIS_HOST: authelia-redis.default.svc.cluster.local. - AUTHELIA_SESSION_REDIS_PORT: 6379 - AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia - AUTHELIA_STORAGE_POSTGRES_HOST: ${POSTGRES_HOST} - AUTHELIA_TELEMETRY_METRICS_ADDRESS: tcp://0.0.0.0:8080 - AUTHELIA_TELEMETRY_METRICS_ENABLED: "true" - AUTHELIA_THEME: dark - AUTHELIA_TOTP_ISSUER: authelia.com - AUTHELIA_WEBAUTHN_DISABLE: "true" - envFrom: *envFrom - enableServiceLinks: false + controllers: + main: + replicas: 2 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + initContainers: + init-db: + image: + repository: ghcr.io/auricom/postgres-init + tag: 15.4@sha256:83e1abf06be5741bdfb8cb53fc03a1ade6e6b5ec7b92a8aac0c69ba5dc7e51f0 + pullPolicy: IfNotPresent + envFrom: &envFrom + - secretRef: + name: authelia-secret + containers: + main: + image: + repository: ghcr.io/authelia/authelia + tag: master@sha256:a3647c3dd136402745c7639e446944004145630c822f27e22f999c414c234d2f + env: + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_GROUPS_DN: ou=groups + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_USERS_DN: ou=people + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN: dc=home,dc=arpa + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_DISPLAY_NAME_ATTRIBUTE: displayName + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER: (member={dn}) + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_NAME_ATTRIBUTE: cn + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_IMPLEMENTATION: custom + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_MAIL_ATTRIBUTE: mail + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_START_TLS: "false" + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TIMEOUT: 5s + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_URL: ldap://lldap.default.svc.cluster.local:5389 + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER: uid=admin,ou=people,dc=home,dc=arpa + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERNAME_ATTRIBUTE: uid + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER: (&({username_attribute}={input})(objectClass=person)) + AUTHELIA_AUTHENTICATION_BACKEND_PASSWORD_RESET_DISABLE: "true" + AUTHELIA_AUTHENTICATION_BACKEND_REFRESH_INTERVAL: 1m + AUTHELIA_DEFAULT_REDIRECTION_URL: https://auth.${SECRET_CLUSTER_DOMAIN} + AUTHELIA_DUO_API_DISABLE: "true" + AUTHELIA_LOG_LEVEL: info + AUTHELIA_NOTIFIER_DISABLE_STARTUP_CHECK: "true" + AUTHELIA_NOTIFIER_SMTP_DISABLE_REQUIRE_TLS: "true" + AUTHELIA_NOTIFIER_SMTP_HOST: smtp-relay.default.svc.cluster.local. + AUTHELIA_NOTIFIER_SMTP_PORT: "2525" + AUTHELIA_NOTIFIER_SMTP_SENDER: "Authelia " + AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true" + AUTHELIA_SERVER_ADDRESS: tcp://0.0.0.0:8888 + AUTHELIA_SESSION_DOMAIN: ${SECRET_CLUSTER_DOMAIN} + AUTHELIA_SESSION_NAME: authelia-home-ops + AUTHELIA_SESSION_REDIS_HOST: authelia-redis.default.svc.cluster.local. + AUTHELIA_SESSION_REDIS_PORT: 6379 + AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia + AUTHELIA_STORAGE_POSTGRES_HOST: ${POSTGRES_HOST} + AUTHELIA_TELEMETRY_METRICS_ADDRESS: tcp://0.0.0.0:8080 + AUTHELIA_TELEMETRY_METRICS_ENABLED: "true" + AUTHELIA_THEME: dark + AUTHELIA_TOTP_ISSUER: authelia.com + AUTHELIA_WEBAUTHN_DISABLE: "true" + envFrom: *envFrom + args: ["--config", "/config/configuration.yaml", "--config.experimental.filters", "expand-env"] + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /api/health + port: &port 8888 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: false + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + memory: 128Mi + pod: + enableServiceLinks: false + securityContext: + runAsUser: 568 + runAsGroup: 568 + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: *app service: main: ports: http: port: *port metrics: - enabled: true port: 8080 serviceMonitor: main: @@ -104,21 +140,6 @@ spec: path: /metrics interval: 1m scrapeTimeout: 10s - probes: - liveness: &probes - enabled: true - custom: true - spec: - httpGet: - path: /api/health - port: *port - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - readiness: *probes - startup: - enabled: false ingress: main: enabled: true @@ -135,33 +156,18 @@ spec: - host: &host auth.${SECRET_CLUSTER_DOMAIN} paths: - path: / - pathType: Prefix + service: + name: main + port: http tls: - hosts: - *host - podSecurityContext: - runAsUser: 568 - runAsGroup: 568 - fsGroup: 568 - fsGroupChangePolicy: OnRootMismatch persistence: config: enabled: true type: configMap name: authelia-configmap - subPath: configuration.yaml - mountPath: /config/configuration.yaml - readOnly: false - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - cpu: 5m - memory: 10Mi - limits: - memory: 200Mi + globalMounts: + - path: /config/configuration.yaml + subPath: configuration.yaml + readOnly: true