From f8d383f02e16844b251eb40d2c7cc8136ecdee34 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Tue, 30 Dec 2025 22:11:18 +0900 Subject: [PATCH] REFACTOR(postgresql): switch authelia - to pg storage, fix secr... --- authelia/helm-values.yaml | 15 +++++++-------- authelia/vault/authelia-secrets.yaml | 10 ++++++++++ 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/authelia/helm-values.yaml b/authelia/helm-values.yaml index 01c1105..ff4eb21 100644 --- a/authelia/helm-values.yaml +++ b/authelia/helm-values.yaml @@ -51,11 +51,14 @@ configMap: authelia_url: https://auth.mayne0213.kro.kr default_redirection_url: https://mayne.kro.kr - # Storage - local SQLite (lightweight) + # Storage - PostgreSQL (CNPG cluster) storage: - local: + postgres: enabled: true - path: /data/db.sqlite3 + address: tcp://postgresql-rw.postgresql.svc.cluster.local:5432 + database: authelia + username: app + timeout: 5s # Access control rules access_control: @@ -95,8 +98,4 @@ configMap: secret: existingSecret: authelia-secrets -# Persistence for SQLite database -persistence: - enabled: true - storageClass: longhorn - size: 1Gi +# No persistence needed - using PostgreSQL diff --git a/authelia/vault/authelia-secrets.yaml b/authelia/vault/authelia-secrets.yaml index 49b8a00..63acf12 100644 --- a/authelia/vault/authelia-secrets.yaml +++ b/authelia/vault/authelia-secrets.yaml @@ -12,6 +12,7 @@ spec: name: authelia-secrets creationPolicy: Owner data: + # Authelia secrets - secretKey: JWT_TOKEN remoteRef: key: cluster-infrastructure/authelia @@ -24,3 +25,12 @@ spec: remoteRef: key: cluster-infrastructure/authelia property: STORAGE_ENCRYPTION_KEY + - secretKey: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_HMAC_KEY + remoteRef: + key: cluster-infrastructure/authelia + property: JWT_SECRET + # PostgreSQL password + - secretKey: STORAGE_POSTGRES_PASSWORD + remoteRef: + key: databases/postgresql + property: password