225f77598a
Helm chart + Ansible role для Authelia 4.38: - Forward-auth для ingress-nginx через аннотации auth-url/auth-signin - OIDC provider: Gitea, Grafana, ArgoCD, MinIO, Vault, Nextcloud - SQLite default или PostgreSQL; опциональный Redis для сессий - RSA ключ OIDC генерируется автоматически если не задан в vault - ConfigMap authelia-forward-auth с готовыми аннотациями для любого сервиса - README: install, users, protect service, OIDC per-service, debug, test
37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
{{- if .Values.ingress.enabled }}
|
|
---
|
|
# Authelia portal ingress — accessible at authHost
|
|
# No forward-auth annotation here (would cause an auth loop)
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: {{ include "authelia.name" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "authelia.labels" . | nindent 4 }}
|
|
annotations:
|
|
kubernetes.io/ingress.class: {{ .Values.ingress.ingressClass | quote }}
|
|
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
|
|
{{- if .Values.ingress.tls.certManager.enabled }}
|
|
cert-manager.io/cluster-issuer: {{ .Values.ingress.tls.certManager.issuer | quote }}
|
|
{{- end }}
|
|
spec:
|
|
{{- if .Values.ingress.tls.enabled }}
|
|
tls:
|
|
- hosts:
|
|
- {{ .Values.authHost | quote }}
|
|
secretName: {{ .Values.ingress.tls.secretName | default (printf "%s-tls" (include "authelia.name" .)) | quote }}
|
|
{{- end }}
|
|
rules:
|
|
- host: {{ .Values.authHost | quote }}
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: {{ include "authelia.name" . }}
|
|
port:
|
|
number: 9091
|
|
{{- end }}
|