REFACTOR(authelia): remove kanidm

- and restore authelia - Delete kanidm folder - Remove oauth2-proxy from velero - Restore velero ingress to use authelia middleware - Update kustomization.yaml to use authelia instead of kanidm
2025-12-31 00:20:11 +09:00
parent 8545e1984b
commit 00f8b62dd9
3 changed files with 3 additions and 73 deletions
--- a/velero/ingress.yaml
+++ b/velero/ingress.yaml
@@ -5,6 +5,7 @@ metadata:
  namespace: velero
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
 spec:
  ingressClassName: traefik
  tls:
@@ -19,6 +20,6 @@ spec:
            pathType: Prefix
            backend:
              service:
-                name: oauth2-proxy
+                name: velero-ui
                port:
-                  number: 4180
+                  number: 3000
--- a/velero/kustomization.yaml
+++ b/velero/kustomization.yaml
@@ -3,4 +3,3 @@ kind: Kustomization
 resources:
 - vault/velero-secrets.yaml
 - ingress.yaml
 - oauth2-proxy.yaml
--- a/velero/oauth2-proxy.yaml
+++ b/velero/oauth2-proxy.yaml
@@ -1,70 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: oauth2-proxy-secret
  namespace: velero
 type: Opaque
 stringData:
  cookie-secret: "abcdefghijklmnopqrstuvwxyz123456"
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: oauth2-proxy
  namespace: velero
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: oauth2-proxy
  template:
    metadata:
      labels:
        app: oauth2-proxy
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault
      containers:
      - name: oauth2-proxy
        image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: ["ALL"]
        args:
        - --provider=oidc
        - --oidc-issuer-url=https://auth.mayne.kro.kr/oauth2/openid/velero
        - --client-id=velero
        - --client-secret=b2GxS9Cswx5M33REUG7VWcMq0LdV760Y0P9H38cXZfMXGGv4
        - --cookie-secret=abcdefghijklmnopqrstuvwxyz123456
        - --email-domain=*
        - --upstream=http://velero-ui:3000
        - --http-address=0.0.0.0:4180
        - --redirect-url=https://velero0213.kro.kr/oauth2/callback
        - --cookie-secure=true
        - --ssl-insecure-skip-verify=true
        - --skip-provider-button=true
        - --code-challenge-method=S256
        ports:
        - containerPort: 4180
        resources:
          requests:
            cpu: 10m
            memory: 32Mi
          limits:
            memory: 64Mi
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: oauth2-proxy
  namespace: velero
 spec:
  selector:
    app: oauth2-proxy
  ports:
  - port: 4180
    targetPort: 4180