FIX(authelia): authelia secret keys

- to dot notation
2025-12-30 22:38:50 +09:00
parent 9081778d80
commit a22f4240b5
4 changed files with 11 additions and 31 deletions
--- a/authelia/helm-values.yaml
+++ b/authelia/helm-values.yaml
@@ -1,9 +1,6 @@
 # Authelia Helm Values
 # Chart: https://charts.authelia.com

-# Domain configuration
-domain: mayne0213.kro.kr
-
 # Ingress - disabled, using separate ingress.yaml
 ingress:
  enabled: false
@@ -47,9 +44,8 @@ configMap:
  # Session configuration
  session:
    cookies:
-      - domain: mayne0213.kro.kr
-        authelia_url: https://auth.mayne0213.kro.kr
-        default_redirection_url: https://mayne.kro.kr
+      - domain: kro.kr
+        subdomain: auth0213

  # Storage - PostgreSQL (CNPG cluster)
  storage:
@@ -62,21 +58,7 @@ configMap:

  # Access control rules
  access_control:
-    default_policy: deny
-    rules:
-      # Bypass for public services
-      - domain:
-          - mayne.kro.kr
-          - "*.jaejadle.kro.kr"
-          - "*.joossameng.kro.kr"
-          - "*.jovies.kro.kr"
-          - "*.minjo0213.kro.kr"
-          - "*.todo0213.kro.kr"
-        policy: bypass
-      # One factor for admin services
-      - domain:
-          - "*.mayne0213.kro.kr"
-        policy: one_factor
+    default_policy: one_factor

  # Notifier - filesystem (no email)
  notifier:
@@ -87,7 +69,7 @@ configMap:
  # TOTP configuration
  totp:
    enabled: true
-    issuer: mayne0213.kro.kr
+    issuer: mayne.kro.kr

  # Identity providers (OIDC) - can be enabled later
  identity_providers:
--- a/authelia/ingress.yaml
+++ b/authelia/ingress.yaml
@@ -9,10 +9,10 @@ spec:
  ingressClassName: traefik
  tls:
    - hosts:
-        - auth.mayne0213.kro.kr
+        - auth0213.kro.kr
      secretName: authelia-tls
  rules:
-    - host: auth.mayne0213.kro.kr
+    - host: auth0213.kro.kr
      http:
        paths:
          - path: /
--- a/authelia/users-database.yaml
+++ b/authelia/users-database.yaml
@@ -11,7 +11,7 @@ data:
      admin:
        disabled: false
        displayname: "Admin"
-        email: admin@mayne0213.kro.kr
+        email: admin@mayne.kro.kr
        password: "$argon2id$v=19$m=65536,t=3,p=4$PHApThq3PclXyjhly4bAwA$ZdC+5EEshnK/MDsQb2fUfpujG3ujcFM7APmqrMgXjsE"
        groups:
          - admins
--- a/authelia/vault/authelia-secrets.yaml
+++ b/authelia/vault/authelia-secrets.yaml
@@ -12,16 +12,15 @@ spec:
    name: authelia-secrets
    creationPolicy: Owner
  data:
-    # Authelia secrets
-    - secretKey: JWT_TOKEN
+    - secretKey: jwt.token
      remoteRef:
        key: cluster-infrastructure/authelia
        property: JWT_SECRET
-    - secretKey: SESSION_ENCRYPTION_KEY
+    - secretKey: session.encryption.key
      remoteRef:
        key: cluster-infrastructure/authelia
        property: SESSION_SECRET
-    - secretKey: STORAGE_ENCRYPTION_KEY
+    - secretKey: storage.encryption.key
      remoteRef:
        key: cluster-infrastructure/authelia
        property: STORAGE_ENCRYPTION_KEY
@@ -29,8 +28,7 @@ spec:
      remoteRef:
        key: cluster-infrastructure/authelia
        property: JWT_SECRET
-    # PostgreSQL password
-    - secretKey: STORAGE_POSTGRES_PASSWORD
+    - secretKey: storage.postgres.password.txt
      remoteRef:
        key: databases/postgresql
        property: APP_PASSWORD