|
|
@@ -0,0 +1,105 @@
|
|
|
+---
|
|
|
+kind: Deployment
|
|
|
+apiVersion: apps/v1
|
|
|
+metadata:
|
|
|
+ name: authelia
|
|
|
+ labels:
|
|
|
+ app: authelia
|
|
|
+
|
|
|
+spec:
|
|
|
+ replicas: 1
|
|
|
+ selector:
|
|
|
+ matchLabels:
|
|
|
+ app: authelia
|
|
|
+ #enableServiceLinks: false
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ app: authelia
|
|
|
+ spec:
|
|
|
+ containers:
|
|
|
+ - name: authelia
|
|
|
+ image: authelia/authelia
|
|
|
+ ports:
|
|
|
+ - name: web
|
|
|
+ containerPort: 9091
|
|
|
+ volumeMounts:
|
|
|
+ - name: authelia-config
|
|
|
+ mountPath: "/config"
|
|
|
+ volumes:
|
|
|
+ - name: authelia-config
|
|
|
+ persistentVolumeClaim:
|
|
|
+ claimName: authelia-volume
|
|
|
+
|
|
|
+---
|
|
|
+apiVersion: v1
|
|
|
+kind: PersistentVolumeClaim
|
|
|
+metadata:
|
|
|
+ name: authelia-volume
|
|
|
+spec:
|
|
|
+ accessModes:
|
|
|
+ - ReadWriteOnce
|
|
|
+ storageClassName: nfs
|
|
|
+ resources:
|
|
|
+ requests:
|
|
|
+ storage: 100M
|
|
|
+
|
|
|
+---
|
|
|
+apiVersion: traefik.containo.us/v1alpha1
|
|
|
+kind: IngressRoute
|
|
|
+metadata:
|
|
|
+ name: authelia-ingress-route
|
|
|
+ namespace: default
|
|
|
+spec:
|
|
|
+ entryPoints:
|
|
|
+ - web
|
|
|
+ routes:
|
|
|
+ - match: Host(`sso.dezendorf.net`)
|
|
|
+ kind: Rule
|
|
|
+ services:
|
|
|
+ - name: authelia
|
|
|
+ port: 9091
|
|
|
+---
|
|
|
+apiVersion: v1
|
|
|
+kind: Service
|
|
|
+metadata:
|
|
|
+ name: authelia
|
|
|
+spec:
|
|
|
+ type: ClusterIP
|
|
|
+ ports:
|
|
|
+ - name: web
|
|
|
+ port: 9091
|
|
|
+ selector:
|
|
|
+ app: authelia
|
|
|
+
|
|
|
+---
|
|
|
+apiVersion: traefik.containo.us/v1alpha1
|
|
|
+kind: IngressRoute
|
|
|
+metadata:
|
|
|
+ name: authelia-websecure-route
|
|
|
+ namespace: default
|
|
|
+spec:
|
|
|
+ entryPoints:
|
|
|
+ - websecure
|
|
|
+ routes:
|
|
|
+ - match: Host(`sso.dezendorf.net`)
|
|
|
+ kind: Rule
|
|
|
+ services:
|
|
|
+ - name: authelia
|
|
|
+ port: 9091
|
|
|
+ tls:
|
|
|
+ certResolver: myresolver
|
|
|
+---
|
|
|
+apiVersion: traefik.containo.us/v1alpha1
|
|
|
+kind: Middleware
|
|
|
+metadata:
|
|
|
+ name: authelia
|
|
|
+spec:
|
|
|
+ forwardAuth:
|
|
|
+ address: "http://authelia.default.svc.cluster.local:9091/api/verify?rd=https://sso.dezendorf.net/"
|
|
|
+ trustForwardHeader: true
|
|
|
+ authResponseHeaders:
|
|
|
+ - "Remote-User"
|
|
|
+ - "Remote-Groups"
|
|
|
+ - "Remote-Email"
|
|
|
+ - "Remote-Name"
|
