173 lines
3.9 KiB
YAML
173 lines
3.9 KiB
YAML
#we use postgresql:
|
|
#create database authelia;
|
|
#create user authelia with encrypted password 'secret';
|
|
#grant all privileges on database authelia to authelia;
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: authelia
|
|
labels:
|
|
app: authelia
|
|
release: latest
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: authelia
|
|
release: latest
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: authelia
|
|
release: latest
|
|
spec:
|
|
containers:
|
|
- name: authelia
|
|
image: authelia/authelia:latest
|
|
env:
|
|
#- name: AUTHELIA_SERVER_PORT
|
|
# value: "9091"
|
|
- name: TZ
|
|
value: "Europe/Berlin"
|
|
volumeMounts:
|
|
- name: authelia
|
|
mountPath: /config-nfs
|
|
- name: authelia-config
|
|
mountPath: /config
|
|
- name: pki
|
|
mountPath: /etc/pki
|
|
ports:
|
|
- name: http
|
|
containerPort: 9091
|
|
protocol: TCP
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
resources:
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "250m"
|
|
limits:
|
|
memory: "1000Mi"
|
|
cpu: "1500m"
|
|
enableServiceLinks: false
|
|
volumes:
|
|
- name: authelia
|
|
persistentVolumeClaim:
|
|
claimName: authelia
|
|
- name: authelia-config
|
|
configMap:
|
|
name: authelia-config
|
|
items:
|
|
- key: configuration.yml
|
|
path: configuration.yml
|
|
- name: pki
|
|
hostPath:
|
|
path: /etc/pki
|
|
type: Directory
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: authelia
|
|
labels:
|
|
app: authelia
|
|
spec:
|
|
storageClassName: nfs-ssd-ebin02
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 100Mi
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: authelia
|
|
spec:
|
|
storageClassName: "nfs-ssd-ebin02"
|
|
nfs:
|
|
path: /data/raid1-ssd/k8s-data/authelia
|
|
server: ebin02
|
|
capacity:
|
|
storage: 100Mi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
volumeMode: Filesystem
|
|
persistentVolumeReclaimPolicy: Retain
|
|
claimRef:
|
|
kind: PersistentVolumeClaim
|
|
name: authelia
|
|
namespace: live-infra
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: authelia
|
|
labels:
|
|
app: authelia
|
|
spec:
|
|
ports:
|
|
- port: 80
|
|
targetPort: http
|
|
protocol: TCP
|
|
name: http
|
|
- port: 443
|
|
targetPort: http
|
|
name: https
|
|
selector:
|
|
app: authelia
|
|
release: latest
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: authelia
|
|
annotations:
|
|
kubernetes.io/ingress.class: nginx
|
|
nginx.ingress.kubernetes.io/auth-url: https://authelia.live-infra.svc.cluster.local/api/verify
|
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.lan
|
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
|
nginx.ingress.kubernetes.io/auth-snippet: |
|
|
proxy_set_header X-Forwarded-Method $request_method;
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
proxy_set_header X-Forwarded-Method $request_method;
|
|
spec:
|
|
rules:
|
|
- host: auth.lan
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: authelia
|
|
port:
|
|
name: http
|
|
path: /
|
|
pathType: Prefix
|
|
- host: secure.auth.lan
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: authelia
|
|
port:
|
|
name: http
|
|
path: /
|
|
pathType: Prefix
|
|
- host: public.auth.lan
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: authelia
|
|
port:
|
|
name: http
|
|
path: /
|
|
pathType: Prefix
|
|
|