225f77598a
Helm chart + Ansible role для Authelia 4.38: - Forward-auth для ingress-nginx через аннотации auth-url/auth-signin - OIDC provider: Gitea, Grafana, ArgoCD, MinIO, Vault, Nextcloud - SQLite default или PostgreSQL; опциональный Redis для сессий - RSA ключ OIDC генерируется автоматически если не задан в vault - ConfigMap authelia-forward-auth с готовыми аннотациями для любого сервиса - README: install, users, protect service, OIDC per-service, debug, test
38 lines
1.2 KiB
Smarty
38 lines
1.2 KiB
Smarty
{{- define "authelia.name" -}}
|
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
|
{{- end }}
|
|
|
|
{{- define "authelia.chart" -}}
|
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
|
{{- end }}
|
|
|
|
{{- define "authelia.labels" -}}
|
|
helm.sh/chart: {{ include "authelia.chart" . }}
|
|
{{ include "authelia.selectorLabels" . }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
{{- end }}
|
|
|
|
{{- define "authelia.selectorLabels" -}}
|
|
app.kubernetes.io/name: {{ include "authelia.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
{{- end }}
|
|
|
|
{{/*
|
|
Forward-auth URL for use in ingress-nginx annotations.
|
|
Returns the full URL to Authelia's authz endpoint inside the cluster.
|
|
*/}}
|
|
{{- define "authelia.forwardAuthUrl" -}}
|
|
{{- printf "http://%s.%s.svc.cluster.local:9091/api/authz/forward-auth" (include "authelia.name" .) .Release.Namespace }}
|
|
{{- end }}
|
|
|
|
{{/*
|
|
Sign-in URL for redirecting unauthenticated users.
|
|
*/}}
|
|
{{- define "authelia.signinUrl" -}}
|
|
{{- if .Values.ingress.tls.enabled -}}
|
|
{{- printf "https://%s/?rd=$scheme://$host$escaped_request_uri" .Values.authHost }}
|
|
{{- else -}}
|
|
{{- printf "http://%s/?rd=$scheme://$host$escaped_request_uri" .Values.authHost }}
|
|
{{- end -}}
|
|
{{- end }}
|