From 00f8b62dd963e9668c4079c99d88e7409d303f73 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Wed, 31 Dec 2025 00:20:11 +0900
Subject: [PATCH] REFACTOR(authelia): remove kanidm

- and restore authelia
- Delete kanidm folder
- Remove oauth2-proxy from velero
- Restore velero ingress to use authelia middleware
- Update kustomization.yaml to use authelia instead of kanidm
---
 velero/ingress.yaml       |  5 +--
 velero/kustomization.yaml |  1 -
 velero/oauth2-proxy.yaml  | 70 ---------------------------------------
 3 files changed, 3 insertions(+), 73 deletions(-)
 delete mode 100644 velero/oauth2-proxy.yaml

diff --git a/velero/ingress.yaml b/velero/ingress.yaml
index c6e2234..cdbda53 100644
--- a/velero/ingress.yaml
+++ b/velero/ingress.yaml
@@ -5,6 +5,7 @@ metadata:
   namespace: velero
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
 spec:
   ingressClassName: traefik
   tls:
@@ -19,6 +20,6 @@ spec:
             pathType: Prefix
             backend:
               service:
-                name: oauth2-proxy
+                name: velero-ui
                 port:
-                  number: 4180
+                  number: 3000
diff --git a/velero/kustomization.yaml b/velero/kustomization.yaml
index 5e7de4d..3ae7c9f 100644
--- a/velero/kustomization.yaml
+++ b/velero/kustomization.yaml
@@ -3,4 +3,3 @@ kind: Kustomization
 resources:
 - vault/velero-secrets.yaml
 - ingress.yaml
-- oauth2-proxy.yaml
diff --git a/velero/oauth2-proxy.yaml b/velero/oauth2-proxy.yaml
deleted file mode 100644
index 8189707..0000000
--- a/velero/oauth2-proxy.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: oauth2-proxy-secret
-  namespace: velero
-type: Opaque
-stringData:
-  cookie-secret: "abcdefghijklmnopqrstuvwxyz123456"
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: oauth2-proxy
-  namespace: velero
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: oauth2-proxy
-  template:
-    metadata:
-      labels:
-        app: oauth2-proxy
-    spec:
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 1000
-        seccompProfile:
-          type: RuntimeDefault
-      containers:
-      - name: oauth2-proxy
-        image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop: ["ALL"]
-        args:
-        - --provider=oidc
-        - --oidc-issuer-url=https://auth.mayne.kro.kr/oauth2/openid/velero
-        - --client-id=velero
-        - --client-secret=b2GxS9Cswx5M33REUG7VWcMq0LdV760Y0P9H38cXZfMXGGv4
-        - --cookie-secret=abcdefghijklmnopqrstuvwxyz123456
-        - --email-domain=*
-        - --upstream=http://velero-ui:3000
-        - --http-address=0.0.0.0:4180
-        - --redirect-url=https://velero0213.kro.kr/oauth2/callback
-        - --cookie-secure=true
-        - --ssl-insecure-skip-verify=true
-        - --skip-provider-button=true
-        - --code-challenge-method=S256
-        ports:
-        - containerPort: 4180
-        resources:
-          requests:
-            cpu: 10m
-            memory: 32Mi
-          limits:
-            memory: 64Mi
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: oauth2-proxy
-  namespace: velero
-spec:
-  selector:
-    app: oauth2-proxy
-  ports:
-  - port: 4180
-    targetPort: 4180