From 83241b26025e760a97e3d07c9911b3ac391a2781 Mon Sep 17 00:00:00 2001
From: Udo Waechter <udo@maketank.net>
Date: Wed, 3 Nov 2021 20:31:28 +0100
Subject: [PATCH] instructiones

---
 apps/authelia/README.md                    | 3 +++
 apps/authelia/configMaps/configuration.yml | 8 ++++----
 apps/authelia/deployment.yaml              | 6 ++++++
 3 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 apps/authelia/README.md

diff --git a/apps/authelia/README.md b/apps/authelia/README.md
new file mode 100644
index 0000000..0ceee60
--- /dev/null
+++ b/apps/authelia/README.md
@@ -0,0 +1,3 @@
+### Apply new config
+
+$ kubectl -n live-infra create configmap authelia-config --from-file=configMaps/ -o yaml --dry-run |kubectl apply -f -
diff --git a/apps/authelia/configMaps/configuration.yml b/apps/authelia/configMaps/configuration.yml
index 37e492e..81ed71b 100644
--- a/apps/authelia/configMaps/configuration.yml
+++ b/apps/authelia/configMaps/configuration.yml
@@ -7,14 +7,14 @@
 ## Certificates directory specifies where Authelia will load trusted certificates (public portion) from in addition to
 ## the system certificates store.
 ## They should be in base64 format, and have one of the following extensions: *.cer, *.crt, *.pem.
-# certificates_directory: /config/certificates
+certificates_directory: /etc/pki/pki
 
 ## The theme to display: light, dark, grey, auto.
 theme: dark
 
 ## The secret used to generate JWT tokens when validating user identity by email confirmation. JWT Secret can also be
 ## set using a secret: https://www.authelia.com/docs/configuration/secrets.html
-jwt_secret: a_very_important_secret2
+jwt_secret: hAnFzapSCusyF2W83JAg6PRqc6v7iQvN7sP3PQ70HAbPBshJzAMz 
 
 ## Default redirection URL
 ##
@@ -60,10 +60,10 @@ server:
   ## Authelia by default doesn't accept TLS communication on the server port. This section overrides this behaviour.
   tls:
     ## The path to the DER base64/PEM format private key.
-    key: ""
+    key: "/etc/pki/private.key"
 
     ## The path to the DER base64/PEM format public certificate.
-    certificate: ""
+    certificate: "/etc/pki/auth.lan.crt"
 
 ##
 ## Log Configuration
diff --git a/apps/authelia/deployment.yaml b/apps/authelia/deployment.yaml
index 30f9004..3a49db1 100644
--- a/apps/authelia/deployment.yaml
+++ b/apps/authelia/deployment.yaml
@@ -34,6 +34,8 @@ spec:
               mountPath: /config-nfs
             - name: authelia-config
               mountPath: /config
+            - name: pki
+              mountPath: /etc/pki
           ports:
             - name: http
               containerPort: 9091
@@ -64,6 +66,10 @@ spec:
           items:
           - key: configuration.yml
             path: configuration.yml
+      - name: pki
+        hostPath:
+          path: /etc/pki
+          type: Directory
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim