REFACTOR(authelia): integrate ingress in values

- Move config.yaml, middleware.yaml, rbac.yaml to manifests/ - Add ingress configuration to helm-values.yaml - Remove separate ingress.yaml
2026-01-06 15:12:22 +09:00
parent 6fbf2b16c2
commit 875dbbc42c
6 changed files with 16 additions and 30 deletions
--- a/authelia/manifests/config.yaml
+++ b/authelia/manifests/config.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: authelia-config
+  namespace: authelia
+data:
+  users_database.yml: |
+    # Authelia Users Database
+    # Generate password hash: docker run --rm authelia/authelia:latest authelia crypto hash generate argon2
+    users:
+      admin:
+        disabled: false
+        displayname: "Admin"
+        email: "bluemayne0213@icloud.com"
+        password: "$argon2id$v=19$m=65536,t=3,p=4$PHApThq3PclXyjhly4bAwA$ZdC+5EEshnK/MDsQb2fUfpujG3ujcFM7APmqrMgXjsE"
+        groups:
+          - admins
--- a/authelia/manifests/middleware.yaml
+++ b/authelia/manifests/middleware.yaml
@@ -0,0 +1,14 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authelia-auth
+  namespace: authelia
+spec:
+  forwardAuth:
+    address: http://authelia.authelia.svc.cluster.local/api/authz/forward-auth
+    trustForwardHeader: true
+    authResponseHeaders:
+      - Remote-User
+      - Remote-Groups
+      - Remote-Email
+      - Remote-Name
--- a/authelia/manifests/rbac.yaml
+++ b/authelia/manifests/rbac.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: oidc-admin-authelia
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: "https://auth0213.kro.kr#admin"