apiVersion: v1 kind: Pod metadata: name: glyph spec: containers: - name: glyph image: registry.karaolidis.com/karaolidis/glyph:latest volumeMounts: - name: glyph-config mountPath: /etc/glyph - name: authelia-users mountPath: /etc/authelia/users command: [ "glyph", "--config", "/etc/glyph/default.yml", --log-config, "/etc/glyph/log4rs.yml", ] - name: authelia image: docker.io/authelia/authelia:latest volumeMounts: - name: authelia-config mountPath: /etc/authelia - name: authelia-users mountPath: /etc/authelia/users - name: authelia-storage mountPath: /var/lib/authelia command: [ "/bin/sh", "-c", "cp /etc/authelia/users.yml /etc/authelia/users/users.yml && exec authelia --config /etc/authelia/configuration.yml", ] - name: traefik image: docker.io/library/traefik:latest args: - "--providers.file.directory=/etc/traefik/dynamic" - "--providers.file.watch=true" - "--entrypoints.websecure.address=:443" ports: - containerPort: 443 hostPort: 443 volumeMounts: - name: traefik-config mountPath: /etc/traefik/dynamic volumes: - name: glyph-config configMap: name: glyph-config - name: authelia-config configMap: name: authelia-config - name: authelia-users emptyDir: {} - name: authelia-storage emptyDir: {} - name: traefik-config configMap: name: traefik-config --- apiVersion: v1 kind: ConfigMap metadata: name: glyph-config data: default.yml: | server: host: https://app.glyph.local database: host: postgresql port: 5432 user: glyph password: glyph database: glyph oauth: issuer_url: https://id.glyph.local client_id: glyph client_secret: insecure_secret admin_group: admins insecure: true authelia: user_database: /etc/authelia/users/users.yml log4rs.yml: | appenders: stdout: kind: console encoder: pattern: "{d} {h({l})} {M}::{L} - {m}{n}" root: level: info appenders: - stdout --- apiVersion: v1 kind: ConfigMap metadata: name: authelia-config data: configuration.yml: | log: level: "debug" identity_validation: reset_password: jwt_secret: "jwt_secret" authentication_backend: file: path: "/etc/authelia/users/users.yml" session: secret: "session_secret" cookies: - domain: "glyph.local" authelia_url: "https://id.glyph.local" storage: encryption_key: "very_very_very_long_encryption_key" local: path: "/var/lib/authelia/db.sqlite3" notifier: filesystem: filename: "/var/lib/authelia/notification.txt" access_control: default_policy: "one_factor" identity_providers: oidc: hmac_secret: "this_is_a_secret_abc123abc123abc" jwks: - key: | -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5T/dW/Sd2xhkM viVbr1SeNHWq2VdioIbWSwn3rX3O3qJ/QhyXF7rRKW1iGkocPgl+IPxhabW7GbUx 3J35i9q9m8g+hk0M5Ob5eSHD7LX1VJ2arTSpYyjS70ZrSKbeAmgrMeCVkX1cqdD2 qPTXii4/fhQ0MLazh1Donrdi4dq8GUETu6eHTJ3oeWuAxNSxTlQmBrK+/k43oSYY wq2WSQmzHHequVsP6UXKvbkX688FobrKfnwTZ+vzIUF3JvfYNKweaEDYaZebcCbe qpiIAcVBzNuZQZkV+gtlVqPSjWsN05O4NWi7xME/NwJmfyesA2VZ3Nf5VtaYdc8S /TPSC/+3AgMBAAECggEAFhmce1IsoIRxMgJZQo0Z5SuHdEKATUGsuFDHAF6UmD/C lwpY44dlHxMMOadopY6bzjV73oLfX/q/D70U//uhsNGBI5JxDPPIPKypY2F5tSeM C4l9iXf1w0Ddn+d7CGi2vfQFqdYUjSEEIUPhaJ/Q8n8u71HMmtjX7tjC28w+AbGN X1KrYk36cqFpZSQATdbkDYfQJWxBhsgEb1VpzwdmhZC5MERhZ/uK6Xykxt0MTAhx ITSxW4wBKYDEMXkOQUuVqirNDdkYA/Eue7HTFsN9Xxl79p/qaP60BOiFJ8Tmq9cc RzZW0dkBeuOyyQOWOEX7XNivGrN44I4l9AYHsFYMpQKBgQD/36d5Ur/vTwpP+/pZ gU1W+KwQuEnodlF03t4kR75uMHGt+D38m1WxiCRO6kf6VEa4aVtNFwUuTUCbGHIs c2XuuZ5pTQyhKlt3U+YDoQXbEVrjOOZhyZ93AwG1hksYs5n6xXAn5RVCa0UHrgLQ pLJxgc7f9uE9aGx735PGLK/EywKBgQC5Z2RgnVQmtzkSzIlc0DmGpJaqTiOSXs6+ V/MTERDySbHEX/59Eu7V1pSDzXgOJtCFG1mRzAM09EmdWWtR3AE1qefw7ejhpEkH cm639mtmTV8pcZ2+Zo8NFaGnsrIH/5R1bUtFUd5DTQfw0QcyzT9luXMp+WOzgpNj bia5Jfo/RQKBgQD6jVkC9kK35R/l/onBB1piJZLntG260dElre68e/w/DfTjM8gP CVQ6SWO0WrksqUWu4oviyv3pvv/aX2+9kypnPx+dYTNSxZVXHbKILy76ut3Szi7Z 5oLeGPWdeOkkQQowgxE2H55XsY6g3IYpJH0PpNqceLVKWmyQR/f+AFgFTQKBgQCw AvjnQ9Uk4CK9txHc3A0QxuYGDiJ1Da6GQ6aO/k+xRMcP3/YQtU2qEolxyzljbfPd ucZBxIVy20ubps1crFk1ofSA5MuGk1mFSVzVJop1V5S1Gpifrmu2B0gtlVawgzFk fXrM91jjWZjlRPvpfbLnFrS/L3Q4cgkMhwEaGnTFZQKBgCXvH8sKsGPH0LpCJimL Z6MrWcdbCBBKwYucAYb11FphmoEY7DOUZwtyABOotkg0k7cLdIMCyKlCOz/2PMZX WW298aPi6K4zL1CnDUcIb8tS6j5IeHcCOa1pjBO+DfIqv8vK2YG/887alRnzvf6y zzwIoNbKdEh838UReLyyMT6j -----END PRIVATE KEY----- clients: - client_id: "glyph" client_secret: "$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng" # The digest of 'insecure_secret'. redirect_uris: - "https://app.glyph.local/api/auth/callback" authorization_policy: "one_factor" users.yml: | users: glyph: displayname: "glyph" password: "$argon2id$v=19$m=65536,t=3,p=4$lobLBhv2SKyVZZZCl+e8Lg$VzPmcTksXBNlJfeztMUqMDgdU47qT5bB1Gk+QHigASQ" # The digest of 'glyph'. groups: - "admins" --- apiVersion: v1 kind: ConfigMap metadata: name: traefik-config data: traefik.yml: | http: routers: authelia: rule: "Host(`id.glyph.local`)" entryPoints: - websecure service: authelia-service tls: {} glyph: rule: "Host(`app.glyph.local`)" entryPoints: - websecure service: glyph-service tls: {} services: authelia-service: loadBalancer: servers: - url: "http://authelia:9091" glyph-service: loadBalancer: servers: - url: "http://glyph:8080"