225f77598a
Helm chart + Ansible role для Authelia 4.38: - Forward-auth для ingress-nginx через аннотации auth-url/auth-signin - OIDC provider: Gitea, Grafana, ArgoCD, MinIO, Vault, Nextcloud - SQLite default или PostgreSQL; опциональный Redis для сессий - RSA ключ OIDC генерируется автоматически если не задан в vault - ConfigMap authelia-forward-auth с готовыми аннотациями для любого сервиса - README: install, users, protect service, OIDC per-service, debug, test
25 lines
1022 B
YAML
25 lines
1022 B
YAML
---
|
|
# Authelia core secrets — mounted as files, read via AUTHELIA_*_FILE env vars.
|
|
# Contains: jwt_secret, session_secret, storage_encryption_key, oidc_hmac_secret,
|
|
# oidc_private_key (RSA PEM), db_password (optional), smtp_password (optional)
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "authelia.name" . }}-secrets
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "authelia.labels" . | nindent 4 }}
|
|
type: Opaque
|
|
stringData:
|
|
jwt_secret: {{ .Values.secrets.jwtSecret | quote }}
|
|
session_secret: {{ .Values.secrets.sessionSecret | quote }}
|
|
storage_encryption_key: {{ .Values.secrets.storageEncryptionKey | quote }}
|
|
oidc_hmac_secret: {{ .Values.secrets.oidcHmacSecret | quote }}
|
|
oidc_private_key: {{ .Values.secrets.oidcPrivateKey | quote }}
|
|
{{- if eq .Values.storage.type "postgresql" }}
|
|
db_password: {{ .Values.secrets.dbPassword | quote }}
|
|
{{- end }}
|
|
{{- if .Values.notifier.smtp.enabled }}
|
|
smtp_password: {{ .Values.secrets.smtpPassword | quote }}
|
|
{{- end }}
|