stoeff

apps/authelia/configMaps/configuration.yml

@@ -7,7 +7,7 @@
 ## Certificates directory specifies where Authelia will load trusted certificates (public portion) from in addition to
 ## the system certificates store.
 ## They should be in base64 format, and have one of the following extensions: *.cer, *.crt, *.pem.
-certificates_directory: /etc/pki/pki
+certificates_directory: /etc/pki/chain
 
 ## The theme to display: light, dark, grey, auto.
 theme: dark
@@ -60,17 +60,19 @@ server:
   ## Authelia by default doesn't accept TLS communication on the server port. This section overrides this behaviour.
   tls:
     ## The path to the DER base64/PEM format private key.
-    key: "/etc/pki/private.key"
+    #key: "/etc/pki/private.key"
+    key: ""
 
     ## The path to the DER base64/PEM format public certificate.
-    certificate: "/etc/pki/auth.lan.crt"
+    #certificate: "/etc/pki/auth.lan.crt"
+    certificate : ""
 
 ##
 ## Log Configuration
 ##
 log:
   ## Level of verbosity for logs: info, debug, trace.
-  level: info
+  level: debug
 
   ## Format the logs are written as: json, text.
   format: text

apps/authelia/deployment.yaml

@@ -117,6 +117,9 @@ spec:
       targetPort: http
       protocol: TCP
       name: http
+    - port: 443
+      targetPort: http
+      name: https
   selector:
       app: authelia
       release: latest
@@ -127,8 +130,8 @@ metadata:
     name: authelia
     annotations:
       kubernetes.io/ingress.class: nginx
-      nginx.ingress.kubernetes.io/auth-url: http://authelia.live-infra.svc.cluster.local/api/verify
-      nginx.ingress.kubernetes.io/auth-signin: http://auth.lan
+      nginx.ingress.kubernetes.io/auth-url: https://authelia.live-infra.svc.cluster.local/api/verify
+      nginx.ingress.kubernetes.io/auth-signin: https://auth.lan
       nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
       nginx.ingress.kubernetes.io/auth-snippet: |
         proxy_set_header X-Forwarded-Method $request_method;