karaolidis/glyph
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-07-31. You can view files and clone it, but cannot push or open issues or pull requests.
Files
ec7055d5ffab6f4635055db2069f0a4c643c1bdd
glyph/support/manifest.yaml
Nikolaos Karaolidis ec7055d5ff Initial commit 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-06-04 22:50:18 +01:00

221 lines
6.4 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Pod
metadata:
name: glyph
spec:
containers:
- name: glyph
image: registry.karaolidis.com/karaolidis/glyph:latest
volumeMounts:
- name: glyph-config
mountPath: /etc/glyph
- name: authelia-users
mountPath: /etc/authelia/users
command:
[
"glyph",
"--config",
"/etc/glyph/default.yml",
--log-config,
"/etc/glyph/log4rs.yml",
]
- name: authelia
image: docker.io/authelia/authelia:latest
volumeMounts:
- name: authelia-config
mountPath: /etc/authelia
- name: authelia-users
mountPath: /etc/authelia/users
- name: authelia-storage
mountPath: /var/lib/authelia
command:
[
"/bin/sh",
"-c",
"cp /etc/authelia/users.yml /etc/authelia/users/users.yml && exec authelia --config /etc/authelia/configuration.yml",
]
- name: traefik
image: docker.io/library/traefik:latest
args:
- "--providers.file.directory=/etc/traefik/dynamic"
- "--providers.file.watch=true"
- "--entrypoints.websecure.address=:443"
ports:
- containerPort: 443
hostPort: 443
volumeMounts:
- name: traefik-config
mountPath: /etc/traefik/dynamic
volumes:
- name: glyph-config
configMap:
name: glyph-config
- name: authelia-config
configMap:
name: authelia-config
- name: authelia-users
emptyDir: {}
- name: authelia-storage
emptyDir: {}
- name: traefik-config
configMap:
name: traefik-config
---
apiVersion: v1
kind: ConfigMap
metadata:
name: glyph-config
data:
default.yml: |
server:
host: https://app.glyph.local
database:
host: postgresql
port: 5432
user: glyph
password: glyph
database: glyph
oauth:
issuer_url: https://id.glyph.local
client_id: glyph
client_secret: insecure_secret
admin_group: admins
insecure: true
authelia:
user_database: /etc/authelia/users/users.yml
log4rs.yml: |
appenders:
stdout:
kind: console
encoder:
pattern: "{d} {h({l})} {M}::{L} - {m}{n}"
root:
level: info
appenders:
- stdout
---
apiVersion: v1
kind: ConfigMap
metadata:
name: authelia-config
data:
configuration.yml: |
log:
level: "debug"
identity_validation:
reset_password:
jwt_secret: "jwt_secret"
authentication_backend:
file:
path: "/etc/authelia/users/users.yml"
session:
secret: "session_secret"
cookies:
- domain: "glyph.local"
authelia_url: "https://id.glyph.local"
storage:
encryption_key: "very_very_very_long_encryption_key"
local:
path: "/var/lib/authelia/db.sqlite3"
notifier:
filesystem:
filename: "/var/lib/authelia/notification.txt"
access_control:
default_policy: "one_factor"
identity_providers:
oidc:
hmac_secret: "this_is_a_secret_abc123abc123abc"
jwks:
- key: |
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5T/dW/Sd2xhkM
viVbr1SeNHWq2VdioIbWSwn3rX3O3qJ/QhyXF7rRKW1iGkocPgl+IPxhabW7GbUx
3J35i9q9m8g+hk0M5Ob5eSHD7LX1VJ2arTSpYyjS70ZrSKbeAmgrMeCVkX1cqdD2
qPTXii4/fhQ0MLazh1Donrdi4dq8GUETu6eHTJ3oeWuAxNSxTlQmBrK+/k43oSYY
wq2WSQmzHHequVsP6UXKvbkX688FobrKfnwTZ+vzIUF3JvfYNKweaEDYaZebcCbe
qpiIAcVBzNuZQZkV+gtlVqPSjWsN05O4NWi7xME/NwJmfyesA2VZ3Nf5VtaYdc8S
/TPSC/+3AgMBAAECggEAFhmce1IsoIRxMgJZQo0Z5SuHdEKATUGsuFDHAF6UmD/C
lwpY44dlHxMMOadopY6bzjV73oLfX/q/D70U//uhsNGBI5JxDPPIPKypY2F5tSeM
C4l9iXf1w0Ddn+d7CGi2vfQFqdYUjSEEIUPhaJ/Q8n8u71HMmtjX7tjC28w+AbGN
X1KrYk36cqFpZSQATdbkDYfQJWxBhsgEb1VpzwdmhZC5MERhZ/uK6Xykxt0MTAhx
ITSxW4wBKYDEMXkOQUuVqirNDdkYA/Eue7HTFsN9Xxl79p/qaP60BOiFJ8Tmq9cc
RzZW0dkBeuOyyQOWOEX7XNivGrN44I4l9AYHsFYMpQKBgQD/36d5Ur/vTwpP+/pZ
gU1W+KwQuEnodlF03t4kR75uMHGt+D38m1WxiCRO6kf6VEa4aVtNFwUuTUCbGHIs
c2XuuZ5pTQyhKlt3U+YDoQXbEVrjOOZhyZ93AwG1hksYs5n6xXAn5RVCa0UHrgLQ
pLJxgc7f9uE9aGx735PGLK/EywKBgQC5Z2RgnVQmtzkSzIlc0DmGpJaqTiOSXs6+
V/MTERDySbHEX/59Eu7V1pSDzXgOJtCFG1mRzAM09EmdWWtR3AE1qefw7ejhpEkH
cm639mtmTV8pcZ2+Zo8NFaGnsrIH/5R1bUtFUd5DTQfw0QcyzT9luXMp+WOzgpNj
bia5Jfo/RQKBgQD6jVkC9kK35R/l/onBB1piJZLntG260dElre68e/w/DfTjM8gP
CVQ6SWO0WrksqUWu4oviyv3pvv/aX2+9kypnPx+dYTNSxZVXHbKILy76ut3Szi7Z
5oLeGPWdeOkkQQowgxE2H55XsY6g3IYpJH0PpNqceLVKWmyQR/f+AFgFTQKBgQCw
AvjnQ9Uk4CK9txHc3A0QxuYGDiJ1Da6GQ6aO/k+xRMcP3/YQtU2qEolxyzljbfPd
ucZBxIVy20ubps1crFk1ofSA5MuGk1mFSVzVJop1V5S1Gpifrmu2B0gtlVawgzFk
fXrM91jjWZjlRPvpfbLnFrS/L3Q4cgkMhwEaGnTFZQKBgCXvH8sKsGPH0LpCJimL
Z6MrWcdbCBBKwYucAYb11FphmoEY7DOUZwtyABOotkg0k7cLdIMCyKlCOz/2PMZX
WW298aPi6K4zL1CnDUcIb8tS6j5IeHcCOa1pjBO+DfIqv8vK2YG/887alRnzvf6y
zzwIoNbKdEh838UReLyyMT6j
-----END PRIVATE KEY-----
clients:
- client_id: "glyph"
client_secret: "$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng" # The digest of 'insecure_secret'.
redirect_uris:
- "https://app.glyph.local/api/auth/callback"
authorization_policy: "one_factor"
users.yml: |
users:
glyph:
displayname: "glyph"
password: "$argon2id$v=19$m=65536,t=3,p=4$lobLBhv2SKyVZZZCl+e8Lg$VzPmcTksXBNlJfeztMUqMDgdU47qT5bB1Gk+QHigASQ" # The digest of 'glyph'.
groups:
- "admins"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-config
data:
traefik.yml: |
http:
routers:
authelia:
rule: "Host(`id.glyph.local`)"
entryPoints:
- websecure
service: authelia-service
tls: {}
glyph:
rule: "Host(`app.glyph.local`)"
entryPoints:
- websecure
service: glyph-service
tls: {}
services:
authelia-service:
loadBalancer:
servers:
- url: "http://authelia:9091"
glyph-service:
loadBalancer:
servers:
- url: "http://glyph:8080"
Reference in New Issue View Git Blame Copy Permalink