diff --git a/apps/monitoring/grafana-auth.sealedsecret.yaml b/apps/monitoring/grafana-auth.sealedsecret.yaml new file mode 100644 index 0000000..400a548 --- /dev/null +++ b/apps/monitoring/grafana-auth.sealedsecret.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: grafana-auth + namespace: monitoring +spec: + encryptedData: + client_secret: AgCcKsnS3u2eI+fNVC9hAZ3QRFOHFErAzs5aQgX51CSdJwM03SZUoTyrDi5JPcHUVyS3MbevFH5piMhDTARMI3bLOjYlcwMbpf77JCPa7o95Y9asA/FW3lXicYt3biN9xBXJBz7Ws3fVRtEzyf6DmbGedT9gaX8aPwrUVbP19RdyJiuu76oB1A/jdUkX4K+X6kVvmoP/BWdypk/kdQJrzBNt00DIXF4NHfYey36AuhpBtqYZs4faA/tBXMXLE4RxPNtcHwNfVjnRj3v3qzNufD1fnweJvLq2UfLMrQjoR9XDVnM0zkpautylkI7yrvcoEH7ljnf6b1FMogOEZUfH1BIdqTd/WwrrlCqE58OPfJWthIfN+pQ8LvdHsGo3jc9gXvfXS2cStyhP06eTZ4D79kG+RtDQGOsD/Wpx7EcM6hbB3+dIjcs3wEAIGjpIVtY9JayW8YeRnFApMuhDST1+hscm+LdoGvaSTlAuGzv9BbVrPX/Fo9XKeYHlbG/x71Er+vF8WbW0wUa46MHLvbEy376XIdJDYi+vjl4eqznZ6YhvPbawhoKXT8ZcKUcUAjVcMue/O/jCSPZplbn3vdSCeqPTiqVqDw9PTMIeWFUepgPMxiGpFRAqdwIecFBnYItq0dXoGlFrZpo0S6AECgZjxzUR5EgdkdPlDDs2CN+d9yP7f2S+gmL7AIlQr74NW1GrTGw2x/rD4IJhunh7 + template: + metadata: + creationTimestamp: null + name: grafana-auth + namespace: monitoring + type: Opaque diff --git a/apps/monitoring/grafana.values.yaml b/apps/monitoring/grafana.values.yaml index c140449..196b923 100644 --- a/apps/monitoring/grafana.values.yaml +++ b/apps/monitoring/grafana.values.yaml @@ -16,6 +16,12 @@ serviceMonitor: ## enabled: false +envValueFrom: + AUTH_GRAFANA_CLIENT_SECRET: + secretKeyRef: + name: grafana-auth + key: client_secret + ingress: enabled: false @@ -67,3 +73,21 @@ grafana.ini: default_theme: dark unified_alerting: enabled: false + analytics: + check_for_updates: false + server: + domain: grafana.kluster.moll.re + root_url: https://grafana.kluster.moll.re + auth.generic_oauth: + name: Authelia + enabled: true + allow_sign_up: true + client_id: grafana + client_secret: ${AUTH_GRAFANA_CLIENT_SECRET} + scopes: openid profile email groups + auth_url: https://auth.kluster.moll.re/api/oidc/authorization + token_url: https://auth.kluster.moll.re/api/oidc/token + api_url: https://auth.kluster.moll.re/api/oidc/authorization/userinfo + tls_skip_verify_insecure: true + auto_login: true + use_pkce: true \ No newline at end of file diff --git a/apps/monitoring/kustomization.yaml b/apps/monitoring/kustomization.yaml index fe9e2d0..293b1b1 100644 --- a/apps/monitoring/kustomization.yaml +++ b/apps/monitoring/kustomization.yaml @@ -7,6 +7,7 @@ resources: - namespace.yaml - grafana.ingress.yaml - grafana-admin.sealedsecret.yaml + - grafana-auth.sealedsecret.yaml # grafana dashboards are provisioned from a git repository # in the initial bootstrap of the app of apps, the git repo won't be available, so this sync will initially fail - https://git.kluster.moll.re/remoll/grafana-dashboards//?timeout=10&ref=main diff --git a/infrastructure/authelia/authelia-ldap.sealedsecret.yaml b/infrastructure/authelia/authelia-ldap.sealedsecret.yaml new file mode 100644 index 0000000..66c0cec --- /dev/null +++ b/infrastructure/authelia/authelia-ldap.sealedsecret.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: authelia-ldap + namespace: authelia +spec: + encryptedData: + ldap.yml: AgCPQ1ANVJUXZEU/OIWnracsskky0YhXXpnqfkmUqo9v00rmxgk/ByftZlBUkm4PVnczqmZzzb0HFMJUD8xYEe6oBntfvYjrGIIVsVj917XmqPPi0Ws22M5xq40XBZ000YuhxGxWzXesx/sadXBPEkWvVAcrlS9P7+PMqamSqaPdHeY5GKPHGsnY7BIDUqCq9oxcODmqiMeajJX/vFJGGcjU8eKMzt39mXk1dUriq53ELh/az4kN9lt3NhUmW3iZbt4+jwLd9q3b7jMEcNwdGprdI2WZ+KaZAt3x0Ujcaip15PP14aVbMOvb2BYD/pP3w6SXrj2PjIBJLzjuKqV75vFujr1pzeiiwSBdSX5n1UWfWvssGsv9qxehEzVR/wsr5lO+Wg1MAq4UMVPT/eJpPZzuybIrZpzZ/Nb5O1F4EqfixTvjqJLEQo79Hqyc/WISDgOJe6sQZgecs2mJ8dk+MLx7u+m20Pw5AmDMLoBzKfmn5Eh+vvtJqqNuParbtURniM398kosy+hR2+8TmqJ2cwXIi5/gANyunEOrfd5CbBG8RoftejB5uQWIP0mUi1fFSqc+PTuG9GWUv1H3W4kYu7l8efpnWTT37XV1d5leIh9yQJlwmU/UQH2FbhTKYCKNk+fVoKDSFdldxAYeJql/YKwXIbaP8/mT7ZTxF1X0G5mCq1uTzBVgY1Q7Qlh0TleQmRZcVe06bnIqh25A2Ry9gmirpKy8MPpeBro19ukbxBmylsX75+ui0S9ZTBypDa1dLOKNCXOyvYoVzdCRDt+kOTCAcyYY3hxGxTLuDdlKNn6Od5bfMhsfSrscrlc/1TRhHzWHiSIJ33DqDRB0WNG4Yd2Pm4T/upj8xsLO1fffzVquTJIY2rPE9SNa6G5LyXy+exffJAeGSg7ugML0JmHqTBbczKdKO8fIfvwsIdeC/TcRu2fkMp3sNPl4uoJBvWhd4D1nERfkI5u9Syilyi1CbAckqwgXhd/N2P+zrbCnw2/gC4POnYnXNdCrqGysxVG73ryAupS4eGvN0leXIo3hqrjeZsBxfGCFnGaWHTkIhfwaIsKI1sXiCj+O0seWQu7LON2l2X7z6QH/BBnzBWD3+RxpA4elaIvPuK6Mp0InftEmP4SkoKWkIuv9d2xFhWVG9DET2CJQown7n53OELEveLVZA9TGdfaC0Ld36S7ghhA9ehUX3muH1XqtURwU1n5hTNsbDNuiV+wE1D0uDlEiGVDzfy7yNlVHPKlxEA4RdelShisbaFWU5xr8chPXnOCK9KrYClNRdnjFsyqT/isBxKjMAg+11/ZlFiuvQyUzUVyjqBYDOVjLlMi9hqHBpLs/LNkb6UuOMRtX2/bBTQt9g5dtWgFzQ3oTdwhkJt2EGxztS7SWXixYD5Ar/wCX6C7fdlvUAAMzRK+m8UlT5CdjPvhTiEJd0GhdtqPj0yEuAUPpmpdOhGD3lD5Fa8n7Bsvn6LDIVOB/Hsc3mPngAo+4MwIXsB95SHQovU06LPft5ME6JWmR4Mm9IIsRSD95a/QCNa411LiLBXp6LtO9ze/x9ZXHht+gWlT8NVRwHywEyo38IXQmawwOI0k6ksxIQFMcu0M1tsxpt+OM/d/bB+xVQwcw5kZpYvu3p+xpBgJ4BEaTPXirXRIjDB0vPuSF7SJBF2Tx/v7oLJDAtNaO8CUufmRwg/aoREaoMhg/n0WEIctDrf0KJLiFSzmIg12rKwjWw9yf5NEeTo/pno5dYKf/mbaHGpFcL6rHkye+U+cpRCxAIuanQihinmMc9zWub3kdS54XcPKQvHADwkUTAHMzYXpjEAnRv5lkhqO7SAerzZO5+ziL4OCcGFskhrUHh4gXqgEbWdWRcPvy8EqgNTHcwBYbrMO2g+K3KQpfZRTCH7ADeQVGj3wdrphkj8gVofTCQisLWr7BjWfvgMgwGwCyaaqxJv8fo8ma3PhVfymnpY08vjWQHT/55fNZ7Il/MCIMU7EZMi/iDu+MtNZPU+Ao4vTplADiS1ghQBupIizLh9SQ5/fzCZBpr64Kvcj6Dnrj3Ctby8JO3Gih1k34oagE6QDo7icvd9SdR+CE9rY4D7kesZvsptiyqenlqEREq8m72Cs+nNFzR8wW2BlbDTgnZ3l/cbGTcL3KeEum1/GnM/lEyCJfvt81FvrFNwYbeE5Un9Dvrltmleiq1oFrG2oaxCNc3iu44YgcydkDO88s6n4r8oQlYI1txvsHKDT+P66Au8x4B+mLu0zYV2fT3h9KRb4cn9NC7N3QHK5BW/hUSqU+k1h/ZkT+graYGMN6IRqlde5SfKtNDgeq0EP/KIpG52/63P9NTZUPtA0EYoKSkySPUNY47tKwYpRiTCVA827dAYU1c0S25C5V3ng5mpO1sRgSZDovJaLg1S3Bd/B4AfgLTqP/HXMg+OJAcoxHnZVl3rV9Ta5TEKHb96W72dsu/uBFXRbfVrbUPqOfo/snrJ9VCNpYmZP9K/U2TgmryZH8q3VKSBQExoYuFpDq9023rNSLbMVgLoaWqbruA93RcyJyFU6VRRqnOIhxHX8UK4JWkHsgMhdjNNHfgER+ZYFXuo2e572U/Yl40HlbVlM2vfL7AcW4yC5R0QIHFngGRmoqONfZPDyLCRSiZLhLqMzr1sH/ousJLqjtN4Wg3YWZ8w8Ha+V6rQ0TrF4lJEUwaL2Qb+GzR3ZND5mUDgZsfmS9GeObSEWyuJ/K2RvHX7qf0xZsVxHPQBxpAzXabqGHpWHbab+qHOKJelyn29sNNYdqx2+1KKx/XkeXmYTcBFx15qs+Zb9uulfsnuJ8hGeabsg+LD5XOl8/Wjq4iYTScO21p/ed+ecC/0HvWkC4N07StwsMedlblazvu+Iij9xq1vhFij/U5O15oU1ri4JfSkDkYbu6IWtxp71XkPj+IvrF9gaZBuL1dJu0NHYKytCoHfXnloEbFgWfIQRwZg9wrtdffz4RnwKONHQepRm183BAqji3dmWJ3XhAdlz4Ea3Kwt0b1sL/LU+EbieEMOlkq/gbjG+G8GyhlCW4ftaV1Zh91qCWvZnXh7lvAXBcDyjP0sn4qS+TwEAbkg5wKfTcIVw8ILH+Us5RRSBbQ5SnBuzk3anEsoe81VfeGCr87E4NdRgUwxYBZnlwhw5VUsTQv3Msl5oOuLuI++DLLE2OEiT9IyE0RyZCo/a+TBoPTsd/JuAdrFtzhrAAUX4PiY/SC4Dm+UduaVsFXY8huOGOehn8XICS1SjcYAg1zL4kPOTMxAQmO7oqf2V6RpUsNEe5sTEH0adNgdGl7YwTggfinA/lpKoQtMB+9gi746Pfenfn9GUGs7SPFQ4pUe5/6BJOT2Z69w598ThlKivw6eisPWAWrj2WYoAD0ts/+ncZXLiJD8CEli7aOH6xuHlt8rk/CP834ydaByn0jq3ULKnyUyF90YHx6JPwxd1RO7daMY5QrPS1AvaAhE6JC+irKE8zwVZQxtpsoCw/bChWXvuB1mUguamFW6Pbt+dy/MR1OWRS1FiYsMkdmsYYnIY/Qa6lCMMWAkuELL7YYYVkVn80SAZGiuNpkeNQdZUAfsWnoKOirX7cqYTuoHJIMEMlLeDEm5hV63lkJdrHdy5yRn7JDuDOQLqXCrTIGxGHBhrpUoCtQg6lBaULLTq26h5WZSwoPQbExAozfpQBZHirQDT0OjW+ajxvcMx5VT70mEU9JTWaXgqLeSLEqy792GcfLNgkwlA9e3a1L4U0TNpZgBygvk9Wujll2mkVyG+EyeCLEkngH7aXxl1k4uFSpIEef1wl9WXK9R/eTd3rtxL8zGVSn/PqX1UiYAyIw7bA/uqNRtWWoWpC+guLDC7juQJcP4ExUNfzIhSoEWxTnfxl535WRIwZW3IZX5QY/p7xDjUhG+rNtgdmjC6ieTgaa9J6eFauxusb4iMlD2UoRnJ1xQ7oCz1quLyleLC4VEKQ2qlLJmWtk3Xu3tlCeHl5/JSsTurts45/EFyGhxNK4VQtJ4elMColm7VJDttfiiy4uaBsr4jqrL22hY9VVt9wdAwvevh0b4vdOnDylU80XZYLJ4//oHq1DIlwbYcbaCXgOreNmXN7WEd+70iRK2Bp3WIZtqEGWe0y0U2dEMJCBqMHMf9ilKppJ93isox0mvU8jdfgKnSXkPfvuOr5TLcKY0W6DH4Bjn00Sjot8HtNtRG6mqCjgeXjxaobSUz8BDObx+LS+PqziDV+0c6FyP9m3fpr3iyk8BsuRMpgL7pllE2Rsiy/v/YQQZcDp7G3cTpd+/D2imJIWJcAaap6fP9mICuHK497Vrc+3Wa9lHtCgCk4JKtAYLTNE3bkeQr4D2ZTnWI2IDRR7ImTkPdXlCUERYzqVAPiv7huhwf+Htstn4Lb8xg2/nYlJDdh41Gx/kdx7Pf4WczOQ0+I28LHI/+FVyPPDVk4GwQS8uU6znfyvxJlowZ0KdCS1d5pkbTSApixoG2HX1CuTId8DTQBn613xgg4oGFX9cUJEEK4lSDa9zwR27MO0H5G0mnMKJqiNqqzQmVAn+irwbeYLmLmuvXnP/+1RmM8R6D7+5hDGfnl4iW/4n2JkcHAD5gdu+MGl+aeBYc74pgAf2uXtsmewfq5FaIgWrLSa9lJQyNlFU8z0ZKC5xNRraq8Z99iIXvyXKWIS1Bo6gdrlDPzAzwyzzdwGkgr+jCkpeFcF3UwCPltqVEq9miIUg62baOdo1pPsX/H+8q5fRk3PhCBpkhgnWc2rlIsC4IJBvchXFlp0GFOYO+yVjjK0i83btBmmOaKdz23fVPEmNhr+k0ciuM/0KuvWPYJ3xiPYMCZF+LY4dTYbIVlkk1pBV8eeH+EEqOqw+x+NEHGA+4ixwOQvOxFcfk/0asUzfyGI3mLfWpNItc4crUAokEqkUmUEOcIT2x+EpIfObYZ9TLrA/me8QOHIE/4kLsuedzgVgEVVur+KZrn0Oy4LaEfirOf6mQaIt1fwIkoOPTgAwpGioCX2xL3uDxSE0x/Aq/OV0dv0df4VCLx49J3oTIgZbI96PWklaGC+rZHFqFcoUFLvN3ueHkzgQsjdreBoRulEpuWKgVSPoEbRPegw7VV7oGlPXrd2hILIvEX1+fc4XC97oypYYSNneypoaNfS89rFm0vo6H7xWxIaRTwnE6Lz1vnXDeLco2QJLM45UivWY/OpR0+Ej3bnXGbzIyaUuJQOR9H6teOmHtb3Vw5r3qmMDuLBu38GGhved1i6MbbkEOveWcIRM9xRHzlYIUfFIap+X3QEpDDKaw03FUMY/jO9YsOEtoG5G72eQ9fDN/OQxf37ejsq7UVfa2EaZ8gqB/+vunreWBazb2TA6droy/iYsta54UTIUq7l62yEjtSxkSrfv+pYURsQXmIjY3mGAUR8/Fh8xKSr3o2XcqezVN6LzHuzpTW0oOs9Or12bccm38EwdtxONVOQ1pg9MQyjKEtoQ3IXRMUNSKx8+FicCmWulmSBOdxBQBtYHVmS455hvajyYCCef3Om0cKrZOg9G7fLA2gqZyZHpcpoSZneXGo35gXs0svISuOV2D23T06n35Y5H1ipttFLlt0pMwAEIvN0Aq/5EWQl3QBhTypd79xZZQor+eCKSeQrYpmjuZI/B40RSdMp8k/zhMN0/kDIhaWcho48PnM8H57MGD14d1iWIdzDUtrByHsO52JuFMgA4NNi8zdgXarOjzk1TjDVmZouS7bR25htsJgxFemL52wr6STA/1CrLp+wjwzhTPw5zCOkBMhf5sDshOei/jAw1rahIXhKYHs93WK0Pj2DI3SdCHsp1UwTX3iChexVNd1hMys1dgWYLsEJJOpJ7gUIeTROFJib3Gou0QRAsEC7vzJoxhT0kBr+qWLV7aaW61pkhHylMRucXmhqbK2VG+pXaiZgxdbx5tnyUF/ + template: + metadata: + creationTimestamp: null + name: authelia-ldap + namespace: authelia + type: Opaque diff --git a/infrastructure/authelia/authelia-oidc.sealedsecret.yaml b/infrastructure/authelia/authelia-oidc.sealedsecret.yaml new file mode 100644 index 0000000..cf063d2 --- /dev/null +++ b/infrastructure/authelia/authelia-oidc.sealedsecret.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: authelia-oidc + namespace: authelia +spec: + encryptedData: + oidc.yml: AgA48TAg5f8/6ef9cX2F6lnUfQvAR5AWF4wEkNWvykKIkc7dm+oNOEo4xuMdbGtwZfg5j5XYrroiXAk7dbdFOscmDydK2r4euV5empfLcfDYEYU4ClL4R4rGA5ZYU7z+8HwYmICxvIuactCiQKk48VkApqQyK8PPWeM7k5tiCrhnaQX7dhs19dY1uDrZaDxwAokbBobCAvJhdahI+FwRcYicbsiY+LbWmMM5yNxQ5NXkQrXoJ0rprOSOOso68jOD3OetcT4aqStlHXIjnf8rjWIWAiiJ2Osqpnocf2KsuhvYljMcJ6Nl/6MXLth/TJ8CqzOsQc6JEkPuSnXcmMLFCD6IHtHksTF4V0NJ+20nTw3Arf2033drOcb7H+iKdHRP6wI5I2cvqHqHIQDXHXXI++vn1DJU1e4j1bxgtJbfsdGIwbCKLpvJMWgD5E02MVWM36KIrjtPJKczdrFDpDXHynpvA19S7BYgO58i1YIvtAOqapSjsKDEkRsTn6Dq7fYf5aPPJkoHtHU/zZfHfMG0RfTsV0ur18oZUtCwylNBChEIrDb0VPy8YzIReXe8mmqUanwIEH4xNfzVbPd19vTKe1Hmw4DkrWtWYUSLcBqBVgT/lVG5V5Qgvf0TNr21OiN+RHj9W2VjpcU1SEMpNE/dSsdguorgPrTzGYmWx/HmxrEfuaaVUqVhqjDXPXnZLv/w5hjg1/TsJo4v4unAh7WLDtMuhsFT9mKQkrRQ3Uv7Lo4yJg6H0QDG/0V9+0/vxTW15gCT3ctdhl1cvjYsyCTl3DaWtq2ZLeU4pjfH8BybVNzSRcfLt0tauneDGj+aM80xQ2REa9X9FecO+Bbkdvno8hFWqjZPa4CTBdYy/gyU6Nm6gTgtZzcY3DW6KS5+maY8kIK6eL/vrZfO3gyFz9A9w/SL4Hwwmp4e+Pd91sjvuH7Z1EZBBIoO0k49PrhH1O0lvtoUlrH95XGdHeyrlOv9kQk6IDzSXQydO8cm2Nkyh5BYKSqqvHsHOChG4jB+zM9QEUH+YWqHp8VLZJKU9JRDyRhxaK0n/mjbx/gzvL9KPhMzWc6f1mCOqt/zBtBYz4UW/WdQrzu3dRq1ipCxPsAR6HW7y437eRneEsi4F6/k4eBanWCa+u+JHSJJbFQ7S+byPFRRmlJURWDF+rLYRP9iOAQPh0ksjytemAvQO79NEH0mGgjF+F5nDTfwAWKD5eRlW1aEx0V/4fjwunHtKPrSoay5mk1DP41gObXa2CPufZh6HnWU/3/QyvzePKGRY7TIWfytrfVJIoiLcVsvLlFmdY5XOT+EaZtf32GuYiC7Q2zVcB/LGyBVWIjPklXAr8ZZJy0W6yyEBlj+HNjMrnv//WKnZhHDyR0Q3tbRGEBMowwAs+2mA6DqtMVxy/6/QBy6lxpOrRKKZfpTfJ57v5EWP0YMFvMqI0sfM3/LURNbqQcG6M8o+lHdsSAxjxg34VfeK9lTCc2srIEn7EqXdMFeHKjd9ODya4Y/bdKx9t5qe5HrNlWB+m/UB3cN8lfWg5tgOTDtE2JG+IR44Qz3VNA4vSPjcP8zED2eFsa/2X/z/l2gnT4QsY34df8zVUrBdTSuA8Co5kNctxwSLORf6sEiCGmJvwaHsBRCRHls1BVR8AR9tn1WFykg4st4ETI6Zw5n+x1SnEYPhtRfR+0dGQU+ICMTdpI6AvvJaAIim5b7MTMoIlsRVD3Uuegw7goQXHedx+P6SYRQYnx7ihtGkLAsdAw4Tk2TgIQAaLat/4YVKSm8+QTNhJRzEAjXNTngrIBgyq5JLun/9cwwsReNZISQm90lL7q6tLD0s36brz4iME5em26GORBOJ6c7vQQVG1HWqyYyBUu+N3HOuh14EnjQCTn4M6tvHQy7vsUOVpMm4Bv14BD0xqGqzkACuHb7d/OIA7yAUfCUxzMJm4luj3LGnsLTTLMTnD+VBAWIGTbv45qRn1HS6euKEK4Vi3SFl3XKaKn1mRN5A+MSHeQFcYhtUPIGSD9SNZ2xRXaAJLZOHQC/UKeR/9n/ynrej6MWt8anD0ie+STxUQPq74BCywPR8p8es2ggvZ7ZwYfuVNQsNYUdaXMp89hUhqgu1EmWE7hbAPcDBbkZRwKaoFzCT6zWBO6bx6jauKFva7uPUkfmSjSPj4xAgOvEO1zGJ9J4b7I9s5mugdmHPo1Yvi6lC6r1m8k6G1idQT+z++r6c62j+o4oJ1tzVPsiTAXR4DbR40KWqWhYHEF092sSvfSMrvtWp9xuCLwq+Fz3a0h3ySurtbSYjCIY1H/YcLl1Vu5+W/gSlDCY+8cNhHOXSLLqR3PSxEqZXOYIDNBPtukwW+JsptMgKB/88EZhO1XlVnNjVIzFmYzLKvckwYTaDXLn805bt3ImFXuM0flPr7A2zOk+UpVP07HJFnpQHirfhv1Jj+VZkCQE1/zmKQm8soaNnjW6PL+LpKB6YAa+hd+Ih2r1FmbQGojXs/MUuecN4s5z2U1YCBRexoHpOK6DpPJug3H31wsZyArI+1Fir+E8sayDvxNU8NpNmQYsVTBZd0Qv0mhF3IfDYlqIhVUmOirScOXXLGxOE3M9oAuoaW3w56xSecmL0TioiAJJRfKD8WJH5n3EVpL0cTtjN16fkGQtajzYnbe89WOW1ZRNYmZP8ET/UWognfOXwgdIL+O4zKv+nxMaoZdyiSA9xt6FWYjt/4JHhay1RM2WHzfuhoYSanXwIcrjwLZw5vlFgm+sFPtAApMOlJ6mTV6caV4Hl6/WTKmMVzfpSBXKEWbS3gh+t/YFX24zzSuL5R17gn0u7EP48XFu7bWeKAj/5mhDzesYoT48kpo7IId2PvkmgNa5GAjod6N+OhWdF4e+4rV2Zk9RFMzkFrQ3J3iF0SAbjOfaTYAPQnkJZV1BRjbK5CjbDP0Qhx+2gvOTax8MataK+tWV6EtBAr2+Ik35xNB9ZzXYN66d0k2IqzEwzOmHDiSgUDRbApKC52gVq6cElevqxIKlkVIP5pBXuLUaZ85fsEuO4ToKm5oIU/1XJuhWPU1opArfbmoselnR9DbXjwgqeSXZTA3vL9hLSIyP/qbFAhRiBaTuxHp/dT2CytgThJz0971ZA//d7LD1eQlP1a4YovWWakR9LFp/AJ75tIlqfdLsjPqn4Ax+voGRTvN7OX3Ns/HPzwWPfqRbmuObcpEtDTNWqfjs7NPRr1woxBX0CuU/htAK4g89Fs/OUDB8O90OUadsRBXfrgKVPL7QM95jGvo8FRqCAjqLIdg11Czc634M5pm0u4YNAuY7lkkOM+teJOTqoOxTBSJhi0mmDMen6ahD6oCunA7MIwsxI0wQhmJCa5Nrpt2ctrKTTzdEYw0vL7fH042lCpjyb56BoKIkvv4R2R6p0bAmb90jeX7ELstvxy/evxOCwhCyOGAgbspcwMjtSm6C7hclcDnlY38tWXdPWFM9MMvHyvWNXBQA7nWZVVNp81MgFmgqhuKiTGueVWdNtcjUNl8XXH2HLySGHzpm9Q16G67PHgxkYitJO8rrZ8ADRVGvRG+LFyLrEWcx5OLAT56Q59wzO5FhSGBKY8LhOr7lKXvMGTPmg87hkRA70hvJLGbb1z3cHDE/hxK9IIu9JMb++Uhm6gSOakAmruiAaydvv8R689tu0VSKE2MIO2NT/9r682IKIyF64TVBPsDDVR0dGuiqyqjmPW39bkzbp6XS4OjcAgyA+blJCKxOmaPHmLsBwfFXhIUPUz1Mcq6X4qG4tVsGXPN75r1u6Bydiv/kdvo7v8LvCopmk2Xr99W8E1t4CHTL1FtS2EK0rnORkVjMi2HZRui9860TD8wJBaBc4Fa321R5Kgd0tcjSkwEsCZ4YXAcXsHqh79q+QQwNfah3rSMqKPpvgaQV+0k+FaIOtm+upXJ4C5l/V5SUcKGGpC7KBGVed8VQpVb6VN5RxPqcN4wfZGI5gNVrfIXrsRFB9oH411+Q1hHsJUeEtTvFYEHbdly6eMIXljMYeYaX0V+YRjdwFvpe8spYT2bzrqxaZ4YLA2vtMrCeTHCHYYapOXVb7AZrXeCAsPCk65xojB7WAdIJqifIK0NjQ0T3xv6agawjT120fkdorkesDU8Fw3Ocx8QH28By6AC/bmH1gcNGUB7tp3ANLA+gXu1SFlowJi+cdW6kiY6w0zsCJcZkTHbaKmPX9bIBpU3r9sPY0gDq+nn6wlwrPb0suAmGBnKWqs5+vz43vkik9+fwOt/wuaBOT82H4H1Dyrcdnj9OxRLZjTJjPtodUylLYmvNnmRDqltQs3HmmtehGUZQuPKvFFTX/nQIJlPove5Fh7Hr6WKQtJKw49XVyzh3jLqj/KWoviUCB/SYtdU3rf+IvTae45f6E0dWOCv3Z9rqof86mzkEHg7SD61BpkSXp7cSVcHVVbafwIRkSr5HqYPtUBBYXJlUwPTTz4zy4QeMGAU5lw4c5Wq0a4OdqPxxFF+x7snFFycYcVlL+prPh2JglZ/GvVDpAxE2PTiD/FYQE648uUqvPLYCHa42GOWT+NHKbzV5QX1SUlt86i5oL0as0Ys+CQB8+RVEqsTGZVliFk931UHmjIDWzg8KXITp3McVEl8R/dID7LeFh8oqFH8hKCbPCVbnh0TYKPNYApRF6mBBNNkevNwsU5p+bwVxXOcrjV2Xxt6C4XFnAzE91oxbFCQxO/BFOYGd2gvrH7jeNGHE80rvMqrONa+irRJg3ViMKNENCq5R2cr74ilWiulvGEPjewhhbqkYwqVj8ORUmWEicAv2h6rhhyNAbOS3LL9wGw/dOAm6x8NAxRfAXwxjtUOkETpqWZWiZ6VUvDwOu6eEGyebC0vvNhHRcSvnYph7OmVAI5Eiy1fZj6hYIyhZAqb5drZNzk7CQ5It4dEQtAo9DjjxLiolAQYcGv2O2sVCgegLB9Lmj0nTw2FOT53EdSsCn7dbb7SoolmVdZ0MfCZFlY+sYo8xmAohYpM/Buv8FO8ym2E0HQf8nzI1kJrdQE7BoZ8eJ1NlU5aUa5jIXzO4R32qMRCk/lXkuN7Mz+Tbh7KHzz57+JaCongqycQ06tnE7Dr8vx6T8WNpgwz5lbeJxDV6tvV4bU6zAZxZNxSh884gpURgpfgjaTopfAGoaCe3T1P3Zi/enE4Q7CS3THACnpguegYQq7EGzg7KFRLrvtBfFZ1ag+muJaCHfdba//5QPMjtQ7s2hyE+15VYKu7aIlWCHlNU+hcqZ4OvU2Csc+bGIYBjTyvd7sBLUZXl7EmiVlCfFmknRsjyrdokBxAfEvoNl1FBJcq+q5r9pMH5wKOTUCSmAnDpyWrRtvllCp7MnxQUyUbIukbCD0WixY44+uLjrSTtr6+HFOwBERlC0ds8v0/vVVWlFcKvqL4UaQYDDxTwgogWMcXMk2RF/HeXLpNA929UEEz/ND1k9VcbQeYX8hXMub0b2xEhc9n2VKax0LHBfIWvb3wf3dpqQdoBVBZNYzyQFQmNchM1NOBHuVhJsCJjtKDYM9HmF13sURQF21NauW8XjIz4gcKavoqJdLX2XNy1bRoGAsQ2ooli+FPgORC67D2vVLz2TCKlGb+npSm8K5Jo5zH4BbDHs9OjM79zpx0UimBHIkR4qcsEnoAt18wwsCi2eWzu45FOM5b0lyuZ2pMr7o3fJd+SxGPFFTrwd06BpZlRmtDjSrJfO9+tY8MYiMIXDOBeEffib1gcov20JyO+mWzt1W8hz8ImW1p+jLVYy5MC6Uiy5kN/EchKmeFTlo0K/wve/FrHDBEjdg1NSAIm2QzL9ArwM3yJiQLkoQwtVdJo51Di3oLaHlZE/c8w3AVUxtZMc5ivPj6fSxv8+XnMoryjOqcio8K+yn11F4XwHmHggT0tRRzPse6KA/b2/9k2I0ulBjiaT2dHAXMNO+tIyO5kSM+jQcr7b0k7jTc6WICgDhczquJjiqwjYBvrYXjvApn5LIp+kZbSq4fDvQMBcOBn8Qs4JczF2PrKtB2yVyDAUFKL1cYvvaQ4HE7XtH+8VqiG0g94E6tt3hkdNJhveIGdDxMsLFTb8x9eoNyIsR8ZDAqTu0Vf0LUGIoJ2+s5m/yq9i8itOWt1VbEedTEvGnS2grUb8o2b0Fq19mzfcTg/A21ugSdPyusiIaA5BfrEp62C76OZMR3ZfyTFqnpy9oEqhfeZSqjKr+GwtYtPUQdoLBgmAd5WJUCiQMdCYlhQXRfgynOvN2d10ewCUtTXbe7M9JG/liN0oHAemMDEZVYNX3VpoR0ibRY5g6XBQ9wfEsqi07EbZT15heC8KqismuoG00EGunyQTUVkRcfzZ/Zf6egshwy10JPQRZFYuf6e8AQ6gckv/rJRzYzlUOGPfPgRLaYinuvNMwQYKdQ1EnqAsxDMKLzS1+CEC4I3wbb5bw5VAO3NHQUvesP2CqYdJlqLkI9mQK1OqRCZxyhf21JtSyMz4l55PUEQwZtI7gqt1jpg6oh3QiZ8TmA9WCcpkvrCsaXC9a6YQ7rGpz9RWmnQyJomv8K+WLSS8Md0F8vAqktAE2M0yi4xiWNYN4t58y0Ysb7zeaTgOa4OF+BNPnKjAa5iOpD6aZPE92g6WKHBuvKj1gItsNoCdCMw2SAJ5iXtqhjd/xP59FMlyyRctzAvk6XK4q2f/Vdv9Kqj+P4LAsCUwR5r060F1BFYXARy1fSLPqXuI/79Oz/EatYKHM7kOwsX4uSNeESAmGT5ZbwqACQ21oINlMD2XJjcwTB7WORbdBqljABoSRjl5QEv/HLRuD/MSyXGV9KA65BvW+a+trCTWf/ItmfL1lDsHTHyGK53Gl4zecpCi01uVA3ZIGabwUmX1FCZ9oiqTS6PiHAq9aaNcXPLu7D+aj3wYGPZHn6Y1F0tKNId/jrfcVQ6J0Srcl/6JhlPnkPuOTGxb5rL0KaU+GYsX6/M7e4cqj7RifRlvcqKG0bzTKN5O2Nvx+zxowfXckZu/RLo7SgAEbfdxYANZij3NIHcKM8FxBcc3v4q4A6Ko3jOd2ekGYMd2Wyw7h798IeiEE+RTjIywwWiKICQ+zAteq33Z48rd3VATp61s1kfcvHRRAPZjs/93v233oy4tI5zM2tI85fEFty3roGrDGvtONUjykXjnJrbGNb6jOtfEV79BWNsSe+znXt2U7DZAKOgdZHBu2mCsE9AMAiQfJrXTIZBZEEuyCDsQmMjTAJxT60R3mnr5N8iwLVpE43PRDQgJC3nqNCjASFxI1tpmVIFlZ4dG/iFbh7lqqMJWYFwkzbLa7EwrttAGlp2i1vU/aWEtrKJETjPbpEyfikKYl4t59wdWrMBHtFXj8S4WSmaTWBvsaQLnnjFikv29I9uRYy43haoGtnpG4sYw6DYPOZjiXnd96WReQ9EJdrDwpt06bGnpLnp8Ym9afj73e0qMzpTqWKASpk9cCOQ8q6B3lEMTIg5XeB4RCq6ooKun4SJATT/Brm7trdGVcffGdsJiUH/z8SeycHyq0MGZ6gbq7pPNRD9dQe3l4r6Qw9dDHsI6YnxFVYwWyEKheTF3Ol9HzP7rWLhUn0jUYBkIjW9XVNawsu4llooxWwTiBOav4nDC87/ilna4arWSs6iJOZiGBS0gUyJMtsQFCAwz8eldBSoZpP/LntlN4IqWTw1BkmPl3mnnxM9c89se7Jd0bD7cX34G7SenRiJ4AGjSaL5V2np07BbBieKpfJS+HNGPH5e1ugkvQIYjy7GMe+R1I9XHWYUdbRvuU0L7/gzpvCMdWa0onrp+sbDPvRtXbakQkHsPE7RzAlX0R70wY6lbom202cQu27jrNASIQd/3Cr1VF4A9DJOj2BwokwrfE7yCRw55e8TxP1GRyz+8r6RlzuKWUsjSxjY6yuCGeeB3VyDoLI7TsdewokBqaPn3er6LopBmtBCzd4dRnVxmVrQ8eDYX+iMgGZhYeCTL16/Xwa2KAtEuL7DEaXNtOH1XwKrfmPZSG+SIFlOPRfSN03LgT4Wc1biQdxH3W/OVG0/JdFIbg9vvrIEMZSRhoUOd9k3QREtQ7DQn7utcU6Yps3s4S4KnPn21deyqw2FWT1Co5GSONf/mxauB7Z+VWKV/grGkIun333i7t26siBpc7mKwb9vEqkPtLHwTr9TAAZzPKvaKvTozhqeUNsZYPLbf5m0W49bFLnn2dI0C1isTpCeVoeTflML/h6C1t5J5hv2hmSbiGrTk4Hks6whHFXwc/4dZPpXbHsEXhgpZ/M+WOTnMSmK07C3YZzWCAFGVI1WIL1iv7JGUbJ2HNN2XicHQJ9GdFFosZhecgVsCopM8TFFoBJ0LBJUKzegwOT02P9IFvGPOSxW4RXQYrIvrqamI6gleV6Sg34mYd8KI/yu9NZRKAbV9pgE2G7V/FFKvfCMpK5wLc3O++bCF1thbQGkf07OIxwJDB1pEzpo+j/7a5CYFrWmV1t39CE/VJrOzpLXf0uO3U+qvctsUEpAblEtfDCC7tAtnPk4NNqhwHrab7SM+hjK+qWa74FYA5PWVUiM0hwruW/8qEli2BnkaRIDSfH7wfcKwokbKw++GU+eWlxBgQ+JraSGMz4UhaBujRCS8uV+4KkRepT9Z0anrORiyOU9aUzlvOog1vhkRIYWZSWUVb/17GEAgiiN/q3mV0ntwxBNbInlxtWDiW8UiQU9GMESn1Fl3c8nsVfi4yp/UZlghh1XWXr5WQzvlDcHlVMv6jDmeIXCeaijtXD/IZkKuPF0wRUSASabS7kSXfImTp6MFbWZ9Zgc4/L+Ls/MZuiJJ3EccUdKqRMB/nzxmjUO7x0RxMdX2sRKhdRNi26WrNn/7hMxrlJaE3tEG0dTTO+zDkZ7yywJ9pDfSTfx1z+KsGsVBvPN5PS9+Z2cUZcaOHlvWUfmdhsi1/9kM94vWrr2il6EMQ2Wot33BhiEqv1zKMYIYVoyE1Iq6xbvNCL4ySQj0fUUmRoKBi67v/YvKNN8LobiKolUJvz9cIjLKCUvEjyfCYinZN+93mYsp3VRVgWW2CwoB+stetgsVrlLqU8ZV+JCg8X1fvSb36D6u/yIsgOT+fIuDNssw/sd5UmYzHzNg7Vj8tEceN7GQeDQwS7sKK2y0uYGCjLlZ4ya29R/0+zjnMRER8SPUC8usjlzvzlhkLUxvRhS8ckec9kFmwlmsXgLFDSWs5XPjFA1Vdsvy+KrP5gllAHJ1S/9qprusXxhZAQRxRAoFvYtmmqo+L9oTipkJnjvTSA+SqgUaWxcAP421Id0MddgQXaNCnkQrWVLtwrUGI+rpjaxiGGFKkauSx/jT9y5WEGz1XTW2MXO+2Nn+jlS4gdoiQbWQc+31DaNpz6naVFRPg9KAKkyqwER5zGzxOW642hjGh8f7gXL72AFxJ+YwCkzY/dksU2eNoOWmBojfQKiOeRjBg/4DvdaY/15BTuP2yRWO7CWle9F0t36SZYxf+XEIe0LpHFa0AF+mLMQy0nxMw0OKj5+n3Jgyq/dFbHt6J2ScMylLhUHUJcV6AUn6Rpb7Ni/PPYaqYbHKBc3GB+kKMGziBZXIaYyGmMWZOVftcHHqlKvRQ1bPK0R0v9dRtW6+3CJla4ASSvarOzIE7Ir5KSgql4RF49erHkYSZ6MM4Fg3WwTNoi77QvBOfEN7LBO8XxEvYqZ4GH0V+lbvHnKtppKqpfMz6WRDoE29KcM//Rv56dJLHSkBFvzKqW7qzN3qo4kyIvlJucBGzs3QF2BOK8yBC07XDYNdXQgj3giiZpwEBnRp1352AzS4nQaf8JLoerFVESfbFLx5BKiYxLQ0/Umq5fNfADDlZpvDJFFHNnnb0UVTjUrV2iE/BvIHt2HNGbW68wYqSAgoRTd96DpqwRMxhUeJIYVhP7WT1acUM57jOOnI9gJ9feQ/vLDB9bdSeXUjU+eRHTUtrl+eBlX4gedUeV1msxIwNR/+02ev7/WENNSSH2w0FEbryym7+kMttcEZMnLkvpWgpkZpaBELMO+Pk5VnI07YpGt/kosSezqpAmQ4ikIf9hxlfamIS96djx7RTs+x341rxIBKaGIVO0MqcwtF5lgMv1oC0yoc25FZJ3qnbpQRu1fduhCmn97hv2wPGq4811C4JdsUfXyvIQFyELvY/BGURaAroa9NYTJjepoPjKjIZj+t91aL5rMN0ItJ9RCGibbBaDrnT3hj89T5mmojeSwcT05LW2nao9aFku3+QXvF9xZuTXECbq1PLFPynq5yDzpqt6M7/ZtnD3jUtk+bcVD8E6neo0GDouVUo27oYW+JZeRkJK7mPoVfjUu7E/0oZGRyElWlgBY9+Gj3nkV/fN0yzKD2/6ctPa5NDLqxkZpi5tGp2d4BMstU3Pkpfv75GFX53bI2tIXpnLOfLcKps5JYpR7GkVYMvCVcO+oMrCZpQuc9ARYubzZFvIlCwFDL89AMDVCbG4RrBrN2qF/RpMKapLJ0jbANlET6GYKk+6uL7nzF3IS63HPkcJh973jKUY18NwMm5kwWa1vC1UeIveYLC2ABZ9oYAZT/TNvPIuKawpJrZD/jfZSn6HzynzPwXwjKpYo6aIjPim+cQhYr0DdMuA/sVoctEUdrAb9Vjrq7zAZbDJ3SMPolyGlEh4CJvxZW/4OI/ezBHiASa1tIUaLj3KnmzvKDM9xc7H+uoXl2nUKeZ4WZBorySZGxw/ikKq970yHYeenHTIz4mmw5vNeWGlwerQ4Lk83SrxUCqtrrwzHfBlysD9xqLA7EoIIEZGnrrsodi5J4SM1EktY7gyTxzznuIQnkwUyaMBniineThwzwE7kw24xoK24cLEEJms2TqZabbbY1T3i80diUxNjtWcKCuzJLcCX+xFvQvOAhRzVJuF+5l4GFqYb51PkCOyLjq8uvd3uP8J57zf6ZI6ioE2gKqXt/HiCrAylL1iiyLAqHrYcgblOjJ9SaGf78GB027CQ45PN1mjVdbD3bK4ZThuOi+fjyAeP+7L2SLLjQYp6jOjPk+pHDPJYo86Qz9PHiYnLdSGvOfsmnP9PzdQymNlSPsmpohAKGWl0FXgC7CSOCM7tpzowkz/uZai7aE3evbX2ssHwvXDgIE7Zo7MGbvJsycUMAvHgQXwnEVcDN8W2ueSxlUNMqCOO/KnPjhJxGgFq61O7STR5hhVG3i+q311GmctiOsadkDkjIXGv5SW6/GxnTPygRJiYQBono3R2MSCuA2zQ2JWSxUGhoTf76VZ5aC4hwln+65jAk0kVHyuh9ST/unj8ejQeQVpLVBPqIECYyfZGwwpfqSVmZyURCWDIVHSKzD+13SYVoC82vSrYCyrD98rvlFn5+hmPbnEL64JIj9knR5+rwJOeNbgFeuut8PK3UFA/bY5WQFpcXQiCz/+FvTjw9/vrg+zhxhdJlffb4CjcH/A5itr39GyaP4SxcjBdJ8LPMBCBQgiJej9wmneT84l/EbdBi1QfelXB+wAPpP6UiWQuapF4y8S9/zv26ks8B7Tl7RW/bEIcF8JFVIIbmZt9EGfkKlayXy1lM5187841UchP7HsdHoCfQcjruq5T0+iRqiKfJmNzfGghaPGQ29JCSRYp4/jb+Kp5ZdFqvLmWjc61qvAmxU15dKvlWPP2o6Yoe7Y4AyoR7vsVwW8LVyNTsJO4WEHGNvVE6dQx+UeAyJBLxBtE2Gi/i0z+tN2ngQoC14ivjvSXd7X71wRpouc2Lsc3/dqBJGYyEdgvrzolBv9Hg/xbYttPcxQDizadhK4TkkO1L3uV8jDxzKg+qohvVNFDbhMXqOyseL+nHhW3VaZbiHPYOP1MuKZveN1Fdq+OjBSDMfO4dzfEU2IAEIXoEPmvqkxoh45vq1tmz8D6boCTBLIj3VP5ul8AoO1JdAKdJ5CUsfo27wzQ6rYQw5rSTWXhCwiAceOyuFl4SuyWj8gBST+wIGYbNticgRuNlD3D9C3N0W0ty8j0COcP1q1gsWMgFbfGm8p5cT/yxHzco2Qfd7MPga+XLLlJWk9trrPEC+BebGEhWBBc93tYpFJbhmETlCsedjlxaReNmoSVyQ8xhDsWUP7TGTOa8l6f2KC/8sdWHJk7XfJdaZQqQPG7SNuHJNTGL8VVH0R0buMpsQAio2efmuDbjtkHeQY5xPPj9ggVfHe/sIUQ5P9VyLnjypnHzAS0H1d9Bz94NOHyIxiDYyOZwXkM8LWfmmC4sdiXLsGZK00NDXXYglExHiRE4+3npws4awV/8GY09eybwocXzJcpLe9b9msD1LSPKr5SlK6sX7SuuHM23IuG9jBU3F1N/neBd37su6TJxyePmzubNCnkPFkb1d9Ffe0LRQkKFX1nq6DmkYsRDg6qXOnxr4SqQUQMi7Ylu9VKmo7YifcE6AIL4nxJn0vnzeSj0mZe/hLChuLodjblCaanyXmeAS0Y3HiSemTEA+3LvXfj3Qm+eXxwIy3F4a5FDiCW9zJQDYB2xWVx1NX7KOuS1aefSpwsyvPKBt0W6G31cvZOnMegaFRC5kNq8glWkwH9EpgdPPK3piGTsgikYSRqEbPQwkDWGoYNMnyddwSRwDGcD5tc1wN1NWQFrkp3dW7sVyefvcHrsyHzZ3JwMjhcqbA3Jxvfq/Vkn6SK2ov1SgsYBCa6UxAGkoR4VkNUZnUhPbUJH0YZ64NzZVZMrdVyxGwt1m2vP91ye1pE/XdyfeMCJL+JMWpFw6O9hmk6wze9wCLJUxQcMG2UYr4JVBJQ0Hd6c/gkVLBZlm8oyjlxxo+UaNcaBDhGtb9sb6AF37QTLKZzPdtVI/1K4Li67VwppXZrl4SDao1FEYDXr2TRb6cjns7y7spiqOPGTTtJ5Vc6NGBmAG3r+7GbxHbbeJprYWIdtoXvQEMnQe6lX/CxpoazUKDz6erM17nfQMILrOrDOKCRG4W+QROOVfHuxyAhbEc+8IHYHcN3egup5woZgXoEJRnNkFCMUQZq3VjWfMOWRQMwEubWQmQXy1B+ci4s9YX1GGwm0nKNLx6xRG4= + template: + metadata: + creationTimestamp: null + name: authelia-oidc + namespace: authelia + type: Opaque diff --git a/infrastructure/authelia/authelia.values.yaml b/infrastructure/authelia/authelia.values.yaml new file mode 100644 index 0000000..5d37fda --- /dev/null +++ b/infrastructure/authelia/authelia.values.yaml @@ -0,0 +1,83 @@ + +ingress: + enabled: false + + +pod: + kind: 'Deployment' + replicas: 1 + extraVolumes: + - name: config-ldap + secret: + secretName: authelia-ldap + - name: config-oidc + secret: + secretName: authelia-oidc + extraVolumeMounts: + - name: config-ldap + mountPath: /extra-config/ldap.yml + readOnly: true + - name: config-oidc + mountPath: /extra-config/oidc.yml + readOnly: true + + +## +## Authelia Config Map Generator +## +configMap: + + # Enable the configMap source for the Authelia config. + # If this is false you need to provide a volumeMount via PV/PVC or other means that mounts to /config. + disabled: false + key: 'configuration.yml' + # do not use a pre-existing configMap + # BUT, include sub-maps wich OVERRIDE the values generated by the helm chart + extraConfigs: + - /extra-config/ldap.yml + - /extra-config/oidc.yml + + session: + cookies: + - name: authelia_session + domain: auth.kluster.moll.re + storage: + encryption: + key: 'supersecretstorage' + local: + enabled: true + file: /config/db.sqlite3 + notifier: + filesystem: + enabled: true + filename: /config/notification.txt + + + + +## +## Authelia Secret Configuration. +## +secret: + + disabled: false + + existingSecret: '' + + +certificates: + # don't use the pre-existing secret + existingSecret: '' + +## +## Authelia Persistence Configuration. +## +## Useful in scenarios where you need persistent storage. +## Auth Provider Use Case: file; we recommend you use the ldap provider instead. +## Storage Provider Use Case: local; we recommend you use the mysql/mariadb or postgres provider instead. +## Configuration Use Case: when you want to manually configure the configuration entirely (set configMap.enabled = false). +## +persistence: + enabled: true + storageClass: 'nfs-client' + diff --git a/infrastructure/authelia/ingress.yaml b/infrastructure/authelia/ingress.yaml new file mode 100644 index 0000000..b0f8a28 --- /dev/null +++ b/infrastructure/authelia/ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: authelia-ingressroute + +spec: + entryPoints: + - websecure + routes: + - match: Host(`auth.kluster.moll.re`) + kind: Rule + services: + - name: authelia + port: 80 + + tls: + certResolver: default-tls diff --git a/infrastructure/authelia/kustomization.yaml b/infrastructure/authelia/kustomization.yaml new file mode 100644 index 0000000..3ce13e3 --- /dev/null +++ b/infrastructure/authelia/kustomization.yaml @@ -0,0 +1,30 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: authelia + +resources: + - namespace.yaml + # # As a user management tool, we use LDAP, more specifically, ligh ldap + - lldap-credentials.sealedsecret.yaml + - lldap.pvc.yaml + - lldap.deployment.yaml + - lldap.service.yaml + # Authelia itself is installed as a helm chart + - authelia-ldap.sealedsecret.yaml + - authelia-oidc.sealedsecret.yaml + - ingress.yaml + + +images: + - name: lldap + newName: nitnelave/lldap + newTag: latest + + +helmCharts: + - name: authelia + releaseName: authelia + version: 0.9.6 + repo: https://charts.authelia.com + valuesFile: authelia.values.yaml diff --git a/infrastructure/authelia/lldap-credentials.sealedsecret.yaml b/infrastructure/authelia/lldap-credentials.sealedsecret.yaml new file mode 100644 index 0000000..4b6a87b --- /dev/null +++ b/infrastructure/authelia/lldap-credentials.sealedsecret.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: lldap-credentials + namespace: authelia +spec: + encryptedData: + base-dn: AgBC27VFLsDFHQ6qMN3kbyilhgRwa++hJ5uDsBOqtemO4mOj3nw3/79SJRrO4201zeFq54WJaG5tRHS4SaB5+hYMjdZKqtgTE5Cl9amKIXsfZOzHQ8bKj//WJZYgfmfPxDm5tVdElvF0CGJQMf4SbN52F4V5ujnl2x/j2Qu6gyoJdTaa8lRRIOewXrgOc16lGuAmgVIFB3KR9SEOiSQb2sJxi4tbBPvu0qcLnnfq8/roWouqlfNycanf+Smgc23P112U4ZcirF/oSoeYjUxSy/yxRMrfSzrcxjLPMeb0hyHgsKpFc17YghBt6Ofqx/JOeb4rCZUAGe2PJYoNg6EvGNlgiL02h5TqPF0GfZ02QLiEVK+jUkrEZGMEqEl97iw8juVW3fFJQpcZxyA4eZWAN2ocH7LjDg/UaPvjaZzXbkkva92X1g9LXFCukbMXYoR6QrRI4AyjLWdAHRlBm1M/7w0x5SH3uh05MR3Su0uhRgwreKxJGndd02SsWYs3I9+xM4RjzIs//aNYvhoUgeMzvhIjda8Jut4HzCTqcycIwxkE9aIUlSAgcS+0HrLuvMb236F5OROz2kwx187KlZn6FlK5vDO3m1pWQwmq2E2q0oRhg2mOJDSexzKwzaTkvOdtNiEOWgitYkML93L9I+9scDd3RbIfA5ejOKu5+JR+8cxpwvO5puURvyzI4BTZcTSj+Jnm6MK0pl6tJgfHtgt/ + jwt-secret: AgCI0LA/Y2ZTUl1VZax9Wqd5DxC9OFDe3NfWH9Mr85N5xbF6X5oe49fjW0GTjBE2cytN4aCUy+Gu5kAuo2qgfF1p5XyFY42Tg8q8fyF+LMN0Uu3JlgyA1D3ql0ePc5kNKxD8TRsfcWZOX/KtIWiZxceQ4YJi+OY/7llso3ZiGRCwzV1pXPoFd7A9dSA0qbUklpFI/58VkAUJ1HSel5oCx0JUfxZZAHQaCo72ZPqhbAskOZ4ofH1hzq66NJG5VbOhtBWkPDi4e82OOgT1VqiOiVOUC3w0GAvt6S1SD5P3N2FRqUbRag02rETnja/uahRKDHvLJG82zHXDVGxt5aZQ7bKRYe93gizCaZ4mTfAgrEaz9ys3ywRNr8UL7Cda18YWghvyOqDJSNePn6tUsntc2wA5rRhkPV3NKEhi0Tskqalc8zKXTf4MrX1WJSKw2D8i2l1B6Z7/UhjncAZKaAz7pky33QlitaDtp4Jg4k/ERcqcODB8jG+7oW17At96tXpiqCu6LUki4gkMrtsojRyaVHhl12w4XjVUHW9DyyzELlUT3CluF42wN9zyqDuyhPsuuIr4JrrhNrjvhFU6dcWppvjOvaZMIBvHH5A77F7LDVoCcLwYlrqmpnpxmateeIQHC8IId2JcFlg5CbD3abN9CjtUpoK8ZDRiEt3ULNkyOZ7z1hSfwa9TpJ//HkpWoXsO1b16+ZcNUdM= + ldap-user-pass: AgBX8ryuZX2fr6CZDaYOR54I445RNY123jp5LpyYLtB4QQljzmD6CC9BIOP5eju46cu5q/GoMSRdz5OthSLXfUB+I0iRrq+yI4bWpckpcrecNa0eJn0PAbWoI+T4gfAbkOxLLz1+yfG8J2PKqwZGVmpBqSBaqw1PQnkj8HggP05YtU8kfmH8W+Gi6c5mOBOL6RtIOgWW0pHgz1OZRKLKgyb70D+suvK1Xw9cKehkNoWtbmS9YvB+2lXZpWPW96Bw1mYnilEWr5WgMRz5aYYShe7/yf9OaFHfHpORgH42dpt+nvMSb5fY8nYVjEm6cYyS/mRm7H5cuBYwj5XnghAAoSIhX1B2KxIhbLh+yvFo+y1tdZB+q7sbJHFTegqRXi/eVvM3qkqTxksxhw9kGvCT/v7vRlS6jXHNTk1wS/Ka40Sv2AHaKlg/cMLQGZZur2LJcCZW6UVZwc2uqpJuszm1RwNX7hiTe+Pj1nCE+Iu/nHJrsk4SVEVcsRGOCAQjXwCXqbkuCz8dqZvCHVYBa2qIZTEd4gTXPjabaabudUzAXRiBg1SHLTVwz4HszUY3yfKASNdpYSxZwHTDt/BTENC8NJyT0Y48Daw26uS3U+87Ntsoe0gruccamhoKPdZlzA9Pl1hoD/GEryhVCLbuUhHC02qGo7WhjPaDZ/Cguu906e6qR4bq78PqBMiz6XllZgrZ0QMshT8/ubo9Bh7HxUD0aw== + template: + metadata: + creationTimestamp: null + name: lldap-credentials + namespace: authelia + type: Opaque diff --git a/infrastructure/authelia/lldap.deployment.yaml b/infrastructure/authelia/lldap.deployment.yaml new file mode 100644 index 0000000..8ad6cd9 --- /dev/null +++ b/infrastructure/authelia/lldap.deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: lldap + name: lldap +spec: + replicas: 1 + selector: + matchLabels: + app: lldap + strategy: + type: Recreate + template: + metadata: + labels: + app: lldap + spec: + containers: + - env: + - name: GID + value: "1001" + - name: LLDAP_JWT_SECRET + valueFrom: + secretKeyRef: + name: lldap-credentials + key: jwt-secret + - name: LLDAP_LDAP_BASE_DN + valueFrom: + secretKeyRef: + name: lldap-credentials + key: base-dn + - name: LLDAP_LDAP_USER_PASS + valueFrom: + secretKeyRef: + name: lldap-credentials + key: ldap-user-pass + - name: TZ + value: Europe/Berlin + - name: UID + value: "1001" + image: lldap + name: lldap + ports: + - containerPort: 3890 + - containerPort: 17170 + volumeMounts: + - mountPath: /data + name: lldap-data + restartPolicy: Always + volumes: + - name: lldap-data + persistentVolumeClaim: + claimName: lldap-data diff --git a/infrastructure/authelia/lldap.ingress.yaml b/infrastructure/authelia/lldap.ingress.yaml new file mode 100644 index 0000000..e69de29 diff --git a/infrastructure/authelia/lldap.pvc.yaml b/infrastructure/authelia/lldap.pvc.yaml new file mode 100644 index 0000000..8ce4f3f --- /dev/null +++ b/infrastructure/authelia/lldap.pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: lldap-data +spec: + storageClassName: "nfs-client" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/infrastructure/authelia/lldap.service.yaml b/infrastructure/authelia/lldap.service.yaml new file mode 100644 index 0000000..95e0bc3 --- /dev/null +++ b/infrastructure/authelia/lldap.service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: lldap +spec: + selector: + app: lldap + ports: + - port: 3890 + targetPort: 3890 diff --git a/infrastructure/authelia/namespace.yaml b/infrastructure/authelia/namespace.yaml new file mode 100644 index 0000000..0a074bd --- /dev/null +++ b/infrastructure/authelia/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: placeholder diff --git a/kluster-deployments/authelia/application.yaml b/kluster-deployments/authelia/application.yaml new file mode 100644 index 0000000..da84b01 --- /dev/null +++ b/kluster-deployments/authelia/application.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: authelia-application + namespace: argocd +spec: + project: infrastructure + source: + repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git + targetRevision: main + path: infrastructure/authelia + destination: + server: https://kubernetes.default.svc + namespace: authelia + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/kluster-deployments/authelia/kustomization.yaml b/kluster-deployments/authelia/kustomization.yaml new file mode 100644 index 0000000..977dcfe --- /dev/null +++ b/kluster-deployments/authelia/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - application.yaml diff --git a/kluster-deployments/kustomization.yaml b/kluster-deployments/kustomization.yaml index 7f63bf9..faa811e 100644 --- a/kluster-deployments/kustomization.yaml +++ b/kluster-deployments/kustomization.yaml @@ -21,6 +21,7 @@ resources: - external-dns/ - external-services/ - prometheus/application.yaml + - authelia/ # simple apps - adguard/