# Authelia Helm Values # Chart: https://charts.authelia.com # Ingress - disabled, using separate ingress.yaml ingress: enabled: false # Pod configuration pod: replicas: 1 resources: requests: cpu: 25m memory: 64Mi limits: memory: 128Mi extraVolumes: - name: users-database configMap: name: authelia-config - name: oidc-clients secret: secretName: authelia-oidc-clients extraVolumeMounts: - name: users-database mountPath: /config/users_database.yml subPath: users_database.yml readOnly: true - name: oidc-clients mountPath: /secrets/oidc readOnly: true # ConfigMap configuration configMap: # Authentication backend - file-based users authentication_backend: file: enabled: true path: /config/users_database.yml password: algorithm: argon2 argon2: variant: argon2id iterations: 3 memory: 65536 parallelism: 4 key_length: 32 salt_length: 16 # Session configuration session: cookies: - domain: kro.kr subdomain: auth0213 # Storage - PostgreSQL (CNPG cluster) storage: postgres: enabled: true address: tcp://postgresql-rw.postgresql.svc.cluster.local:5432 database: authelia username: bluemayne timeout: 5s # Access control rules access_control: default_policy: one_factor # Notifier - filesystem (no email) notifier: filesystem: enabled: true filename: /data/notification.txt # TOTP configuration totp: enabled: true issuer: mayne.kro.kr # Identity providers (OIDC) identity_providers: oidc: enabled: true cors: endpoints: - authorization - token - revocation - introspection - userinfo allowed_origins_from_client_redirect_uris: true clients: - client_id: minio client_name: MinIO Console client_secret: '{{ secret "/secrets/oidc/MINIO_CLIENT_SECRET" }}' authorization_policy: one_factor redirect_uris: - https://minio.minio0213.kro.kr/oauth_callback - https://minio0213.kro.kr/oauth_callback scopes: - openid - profile - email token_endpoint_auth_method: client_secret_post # Secret configuration - use existing secret from Vault secret: existingSecret: authelia-secrets # No persistence needed - using PostgreSQL