#we use postgresql: #create database authelia; #create user authelia with encrypted password 'secret'; #grant all privileges on database authelia to authelia; apiVersion: apps/v1 kind: Deployment metadata: name: authelia labels: app: authelia release: latest spec: replicas: 1 selector: matchLabels: app: authelia release: latest template: metadata: labels: app: authelia release: latest spec: containers: - name: authelia image: authelia/authelia:latest env: #- name: AUTHELIA_SERVER_PORT # value: "9091" - name: TZ value: "Europe/Berlin" volumeMounts: - name: authelia mountPath: /config-nfs - name: authelia-config mountPath: /config - name: pki mountPath: /etc/pki ports: - name: http containerPort: 9091 protocol: TCP livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "1000Mi" cpu: "1500m" enableServiceLinks: false volumes: - name: authelia persistentVolumeClaim: claimName: authelia - name: authelia-config configMap: name: authelia-config items: - key: configuration.yml path: configuration.yml - name: pki hostPath: path: /etc/pki type: Directory --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: authelia labels: app: authelia spec: storageClassName: nfs-ssd-ebin02 accessModes: - ReadWriteOnce resources: requests: storage: 100Mi --- apiVersion: v1 kind: PersistentVolume metadata: name: authelia spec: storageClassName: "nfs-ssd-ebin02" nfs: path: /data/raid1-ssd/k8s-data/authelia server: ebin02 capacity: storage: 100Mi accessModes: - ReadWriteOnce volumeMode: Filesystem persistentVolumeReclaimPolicy: Retain claimRef: kind: PersistentVolumeClaim name: authelia namespace: live-infra --- apiVersion: v1 kind: Service metadata: name: authelia labels: app: authelia spec: ports: - port: 80 targetPort: http protocol: TCP name: http - port: 443 targetPort: http name: https selector: app: authelia release: latest --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: authelia annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/auth-url: https://authelia.live-infra.svc.cluster.local/api/verify nginx.ingress.kubernetes.io/auth-signin: https://auth.lan nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Method $request_method; nginx.ingress.kubernetes.io/configuration-snippet: | proxy_set_header X-Forwarded-Method $request_method; spec: rules: - host: auth.lan http: paths: - backend: service: name: authelia port: name: http path: / pathType: Prefix - host: secure.auth.lan http: paths: - backend: service: name: authelia port: name: http path: / pathType: Prefix - host: public.auth.lan http: paths: - backend: service: name: authelia port: name: http path: / pathType: Prefix