╔══════════════════════════════════════════════════════════════╗
║              Authelia SSO — Deployed                         ║
╚══════════════════════════════════════════════════════════════╝

Portal:   http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.authHost }}/
Namespace: {{ .Release.Namespace }}
OIDC:      {{ if .Values.oidc.enabled }}enabled{{ else }}disabled{{ end }}
Redis:     {{ if .Values.redis.enabled }}enabled{{ else }}disabled (memory sessions){{ end }}
Storage:   {{ .Values.storage.type }}

─── Protect a new service ──────────────────────────────────────

Add to its Ingress:
  nginx.ingress.kubernetes.io/auth-url: "http://{{ include "authelia.name" . }}.{{ .Release.Namespace }}.svc.cluster.local:9091/api/authz/forward-auth"
  nginx.ingress.kubernetes.io/auth-signin: "http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.authHost }}/?rd=$scheme://$host$escaped_request_uri"
  nginx.ingress.kubernetes.io/auth-response-headers: "Remote-User,Remote-Name,Remote-Groups,Remote-Email"
  nginx.ingress.kubernetes.io/auth-snippet: "proxy_set_header X-Forwarded-Method $request_method;"

Or get the full reference:
  kubectl get cm {{ include "authelia.name" . }}-forward-auth -n {{ .Release.Namespace }} -o jsonpath='{.data.annotations\.yaml}'

─── OIDC Issuer ────────────────────────────────────────────────

  http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.authHost }}

Discovery: http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.authHost }}/.well-known/openid-configuration

─── Logs / Debug ───────────────────────────────────────────────

  kubectl -n {{ .Release.Namespace }} logs -l app.kubernetes.io/name={{ include "authelia.name" . }} -f

─── First login ────────────────────────────────────────────────

  Open:    http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.authHost }}/
  User:    admin  (or as configured in authelia_users)
  Pass:    the plaintext password whose hash you set in vault.yml

─── Access control rules ────────────────────────────────────────
{{- if .Values.accessControl.protectedDomains }}
  Protected (login required):
  {{- range .Values.accessControl.protectedDomains }}
    - {{ . }}
  {{- end }}
{{- end }}
{{- if .Values.accessControl.adminDomains }}
  Admin-only (group: admins):
  {{- range .Values.accessControl.adminDomains }}
    - {{ . }}
  {{- end }}
{{- end }}
{{- if .Values.accessControl.bypassDomains }}
  Bypass (public):
  {{- range .Values.accessControl.bypassDomains }}
    - {{ . }}
  {{- end }}
{{- end }}
