From a22f4240b58276b87c23197ef3a93f0338f942ea Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Tue, 30 Dec 2025 22:38:50 +0900 Subject: [PATCH] FIX(authelia): authelia secret keys - to dot notation --- authelia/helm-values.yaml | 26 ++++---------------------- authelia/ingress.yaml | 4 ++-- authelia/users-database.yaml | 2 +- authelia/vault/authelia-secrets.yaml | 10 ++++------ 4 files changed, 11 insertions(+), 31 deletions(-) diff --git a/authelia/helm-values.yaml b/authelia/helm-values.yaml index ff4eb21..faebe36 100644 --- a/authelia/helm-values.yaml +++ b/authelia/helm-values.yaml @@ -1,9 +1,6 @@ # Authelia Helm Values # Chart: https://charts.authelia.com -# Domain configuration -domain: mayne0213.kro.kr - # Ingress - disabled, using separate ingress.yaml ingress: enabled: false @@ -47,9 +44,8 @@ configMap: # Session configuration session: cookies: - - domain: mayne0213.kro.kr - authelia_url: https://auth.mayne0213.kro.kr - default_redirection_url: https://mayne.kro.kr + - domain: kro.kr + subdomain: auth0213 # Storage - PostgreSQL (CNPG cluster) storage: @@ -62,21 +58,7 @@ configMap: # Access control rules access_control: - default_policy: deny - rules: - # Bypass for public services - - domain: - - mayne.kro.kr - - "*.jaejadle.kro.kr" - - "*.joossameng.kro.kr" - - "*.jovies.kro.kr" - - "*.minjo0213.kro.kr" - - "*.todo0213.kro.kr" - policy: bypass - # One factor for admin services - - domain: - - "*.mayne0213.kro.kr" - policy: one_factor + default_policy: one_factor # Notifier - filesystem (no email) notifier: @@ -87,7 +69,7 @@ configMap: # TOTP configuration totp: enabled: true - issuer: mayne0213.kro.kr + issuer: mayne.kro.kr # Identity providers (OIDC) - can be enabled later identity_providers: diff --git a/authelia/ingress.yaml b/authelia/ingress.yaml index 88199c5..f78e676 100644 --- a/authelia/ingress.yaml +++ b/authelia/ingress.yaml @@ -9,10 +9,10 @@ spec: ingressClassName: traefik tls: - hosts: - - auth.mayne0213.kro.kr + - auth0213.kro.kr secretName: authelia-tls rules: - - host: auth.mayne0213.kro.kr + - host: auth0213.kro.kr http: paths: - path: / diff --git a/authelia/users-database.yaml b/authelia/users-database.yaml index 602f057..094869c 100644 --- a/authelia/users-database.yaml +++ b/authelia/users-database.yaml @@ -11,7 +11,7 @@ data: admin: disabled: false displayname: "Admin" - email: admin@mayne0213.kro.kr + email: admin@mayne.kro.kr password: "$argon2id$v=19$m=65536,t=3,p=4$PHApThq3PclXyjhly4bAwA$ZdC+5EEshnK/MDsQb2fUfpujG3ujcFM7APmqrMgXjsE" groups: - admins diff --git a/authelia/vault/authelia-secrets.yaml b/authelia/vault/authelia-secrets.yaml index 430184e..9529e13 100644 --- a/authelia/vault/authelia-secrets.yaml +++ b/authelia/vault/authelia-secrets.yaml @@ -12,16 +12,15 @@ spec: name: authelia-secrets creationPolicy: Owner data: - # Authelia secrets - - secretKey: JWT_TOKEN + - secretKey: jwt.token remoteRef: key: cluster-infrastructure/authelia property: JWT_SECRET - - secretKey: SESSION_ENCRYPTION_KEY + - secretKey: session.encryption.key remoteRef: key: cluster-infrastructure/authelia property: SESSION_SECRET - - secretKey: STORAGE_ENCRYPTION_KEY + - secretKey: storage.encryption.key remoteRef: key: cluster-infrastructure/authelia property: STORAGE_ENCRYPTION_KEY @@ -29,8 +28,7 @@ spec: remoteRef: key: cluster-infrastructure/authelia property: JWT_SECRET - # PostgreSQL password - - secretKey: STORAGE_POSTGRES_PASSWORD + - secretKey: storage.postgres.password.txt remoteRef: key: databases/postgresql property: APP_PASSWORD