241 lines
6.9 KiB
YAML
241 lines
6.9 KiB
YAML
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: glyph
|
|
spec:
|
|
containers:
|
|
- name: glyph
|
|
image: registry.karaolidis.com/karaolidis/glyph:latest
|
|
volumeMounts:
|
|
- name: glyph-config
|
|
mountPath: /etc/glyph
|
|
- name: authelia-users
|
|
mountPath: /etc/authelia/users
|
|
command:
|
|
[
|
|
"glyph",
|
|
"--config",
|
|
"/etc/glyph/default.yml",
|
|
--log-config,
|
|
"/etc/glyph/log4rs.yml",
|
|
]
|
|
|
|
- name: postgresql
|
|
image: docker.io/library/postgres:latest
|
|
env:
|
|
- name: POSTGRES_DB
|
|
value: glyph
|
|
- name: POSTGRES_USER
|
|
value: glyph
|
|
- name: POSTGRES_PASSWORD
|
|
value: glyph
|
|
ports:
|
|
- containerPort: 5432
|
|
hostPort: 5432
|
|
|
|
- name: redis
|
|
image: docker.io/library/redis:latest
|
|
|
|
- name: authelia
|
|
image: docker.io/authelia/authelia:latest
|
|
volumeMounts:
|
|
- name: authelia-config
|
|
mountPath: /etc/authelia
|
|
- name: authelia-users
|
|
mountPath: /etc/authelia/users
|
|
- name: authelia-storage
|
|
mountPath: /var/lib/authelia
|
|
command:
|
|
[
|
|
"/bin/sh",
|
|
"-c",
|
|
"cp /etc/authelia/users.yml /etc/authelia/users/users.yml && exec authelia --config /etc/authelia/configuration.yml",
|
|
]
|
|
|
|
- name: traefik
|
|
image: docker.io/library/traefik:latest
|
|
args:
|
|
- "--providers.file.directory=/etc/traefik/dynamic"
|
|
- "--providers.file.watch=true"
|
|
- "--entrypoints.websecure.address=:443"
|
|
ports:
|
|
- containerPort: 443
|
|
hostPort: 443
|
|
volumeMounts:
|
|
- name: traefik-config
|
|
mountPath: /etc/traefik/dynamic
|
|
|
|
volumes:
|
|
- name: glyph-config
|
|
configMap:
|
|
name: glyph-config
|
|
- name: authelia-config
|
|
configMap:
|
|
name: authelia-config
|
|
- name: authelia-users
|
|
emptyDir: {}
|
|
- name: authelia-storage
|
|
emptyDir: {}
|
|
- name: traefik-config
|
|
configMap:
|
|
name: traefik-config
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: glyph-config
|
|
data:
|
|
default.yml: |
|
|
server:
|
|
host: https://app.glyph.local
|
|
|
|
database:
|
|
host: postgresql
|
|
port: 5432
|
|
user: glyph
|
|
password: glyph
|
|
database: glyph
|
|
|
|
oauth:
|
|
issuer_url: https://id.glyph.local
|
|
client_id: glyph
|
|
client_secret: insecure_secret
|
|
admin_group: admins
|
|
insecure: true
|
|
|
|
authelia:
|
|
user_database: /etc/authelia/users/users.yml
|
|
|
|
redis:
|
|
host: redis
|
|
port: 6379
|
|
|
|
log4rs.yml: |
|
|
appenders:
|
|
stdout:
|
|
kind: console
|
|
encoder:
|
|
pattern: "{d} {h({l})} {M}::{L} - {m}{n}"
|
|
|
|
root:
|
|
level: info
|
|
appenders:
|
|
- stdout
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: authelia-config
|
|
data:
|
|
configuration.yml: |
|
|
log:
|
|
level: "debug"
|
|
|
|
identity_validation:
|
|
reset_password:
|
|
jwt_secret: "jwt_secret"
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: "/etc/authelia/users/users.yml"
|
|
|
|
session:
|
|
secret: "session_secret"
|
|
cookies:
|
|
- domain: "glyph.local"
|
|
authelia_url: "https://id.glyph.local"
|
|
|
|
storage:
|
|
encryption_key: "very_very_very_long_encryption_key"
|
|
|
|
local:
|
|
path: "/var/lib/authelia/db.sqlite3"
|
|
|
|
notifier:
|
|
filesystem:
|
|
filename: "/var/lib/authelia/notification.txt"
|
|
|
|
access_control:
|
|
default_policy: "one_factor"
|
|
|
|
identity_providers:
|
|
oidc:
|
|
hmac_secret: "this_is_a_secret_abc123abc123abc"
|
|
jwks:
|
|
- key: |
|
|
-----BEGIN PRIVATE KEY-----
|
|
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5T/dW/Sd2xhkM
|
|
viVbr1SeNHWq2VdioIbWSwn3rX3O3qJ/QhyXF7rRKW1iGkocPgl+IPxhabW7GbUx
|
|
3J35i9q9m8g+hk0M5Ob5eSHD7LX1VJ2arTSpYyjS70ZrSKbeAmgrMeCVkX1cqdD2
|
|
qPTXii4/fhQ0MLazh1Donrdi4dq8GUETu6eHTJ3oeWuAxNSxTlQmBrK+/k43oSYY
|
|
wq2WSQmzHHequVsP6UXKvbkX688FobrKfnwTZ+vzIUF3JvfYNKweaEDYaZebcCbe
|
|
qpiIAcVBzNuZQZkV+gtlVqPSjWsN05O4NWi7xME/NwJmfyesA2VZ3Nf5VtaYdc8S
|
|
/TPSC/+3AgMBAAECggEAFhmce1IsoIRxMgJZQo0Z5SuHdEKATUGsuFDHAF6UmD/C
|
|
lwpY44dlHxMMOadopY6bzjV73oLfX/q/D70U//uhsNGBI5JxDPPIPKypY2F5tSeM
|
|
C4l9iXf1w0Ddn+d7CGi2vfQFqdYUjSEEIUPhaJ/Q8n8u71HMmtjX7tjC28w+AbGN
|
|
X1KrYk36cqFpZSQATdbkDYfQJWxBhsgEb1VpzwdmhZC5MERhZ/uK6Xykxt0MTAhx
|
|
ITSxW4wBKYDEMXkOQUuVqirNDdkYA/Eue7HTFsN9Xxl79p/qaP60BOiFJ8Tmq9cc
|
|
RzZW0dkBeuOyyQOWOEX7XNivGrN44I4l9AYHsFYMpQKBgQD/36d5Ur/vTwpP+/pZ
|
|
gU1W+KwQuEnodlF03t4kR75uMHGt+D38m1WxiCRO6kf6VEa4aVtNFwUuTUCbGHIs
|
|
c2XuuZ5pTQyhKlt3U+YDoQXbEVrjOOZhyZ93AwG1hksYs5n6xXAn5RVCa0UHrgLQ
|
|
pLJxgc7f9uE9aGx735PGLK/EywKBgQC5Z2RgnVQmtzkSzIlc0DmGpJaqTiOSXs6+
|
|
V/MTERDySbHEX/59Eu7V1pSDzXgOJtCFG1mRzAM09EmdWWtR3AE1qefw7ejhpEkH
|
|
cm639mtmTV8pcZ2+Zo8NFaGnsrIH/5R1bUtFUd5DTQfw0QcyzT9luXMp+WOzgpNj
|
|
bia5Jfo/RQKBgQD6jVkC9kK35R/l/onBB1piJZLntG260dElre68e/w/DfTjM8gP
|
|
CVQ6SWO0WrksqUWu4oviyv3pvv/aX2+9kypnPx+dYTNSxZVXHbKILy76ut3Szi7Z
|
|
5oLeGPWdeOkkQQowgxE2H55XsY6g3IYpJH0PpNqceLVKWmyQR/f+AFgFTQKBgQCw
|
|
AvjnQ9Uk4CK9txHc3A0QxuYGDiJ1Da6GQ6aO/k+xRMcP3/YQtU2qEolxyzljbfPd
|
|
ucZBxIVy20ubps1crFk1ofSA5MuGk1mFSVzVJop1V5S1Gpifrmu2B0gtlVawgzFk
|
|
fXrM91jjWZjlRPvpfbLnFrS/L3Q4cgkMhwEaGnTFZQKBgCXvH8sKsGPH0LpCJimL
|
|
Z6MrWcdbCBBKwYucAYb11FphmoEY7DOUZwtyABOotkg0k7cLdIMCyKlCOz/2PMZX
|
|
WW298aPi6K4zL1CnDUcIb8tS6j5IeHcCOa1pjBO+DfIqv8vK2YG/887alRnzvf6y
|
|
zzwIoNbKdEh838UReLyyMT6j
|
|
-----END PRIVATE KEY-----
|
|
|
|
clients:
|
|
- client_id: "glyph"
|
|
client_secret: "$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng" # The digest of 'insecure_secret'.
|
|
redirect_uris:
|
|
- "https://app.glyph.local/api/auth/callback"
|
|
authorization_policy: "one_factor"
|
|
users.yml: |
|
|
users:
|
|
glyph:
|
|
displayname: "glyph"
|
|
password: "$argon2id$v=19$m=65536,t=3,p=4$lobLBhv2SKyVZZZCl+e8Lg$VzPmcTksXBNlJfeztMUqMDgdU47qT5bB1Gk+QHigASQ" # The digest of 'glyph'.
|
|
groups:
|
|
- "admins"
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: traefik-config
|
|
data:
|
|
traefik.yml: |
|
|
http:
|
|
routers:
|
|
authelia:
|
|
rule: "Host(`id.glyph.local`)"
|
|
entryPoints:
|
|
- websecure
|
|
service: authelia-service
|
|
tls: {}
|
|
|
|
glyph:
|
|
rule: "Host(`app.glyph.local`)"
|
|
entryPoints:
|
|
- websecure
|
|
service: glyph-service
|
|
tls: {}
|
|
|
|
services:
|
|
authelia-service:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://authelia:9091"
|
|
|
|
glyph-service:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://glyph:8080"
|