--- # Source: authelia/templates/configMap.yaml apiVersion: v1 kind: ConfigMap metadata: name: authelia labels: app.kubernetes.io/name: authelia app.kubernetes.io/instance: authelia app.kubernetes.io/version: 4.38.16 app.kubernetes.io/managed-by: Helm helm.sh/chart: authelia-0.9.9 data: configuration.yaml: | --- # yaml-language-server: $schema=https://www.authelia.com/schemas/v4.38/json-schema/configuration.json theme: 'light' default_2fa_method: '' server: address: 'tcp://0.0.0.0:9091/' asset_path: '' headers: csp_template: '' buffers: read: 4096 write: 4096 timeouts: read: '6 seconds' write: '6 seconds' idle: '30 seconds' endpoints: enable_pprof: false enable_expvars: false authz: auth-request: implementation: 'AuthRequest' ext-authz: implementation: 'ExtAuthz' forward-auth: implementation: 'ForwardAuth' log: level: 'info' format: 'text' file_path: '' keep_stdout: true telemetry: metrics: enabled: false identity_validation: elevated_session: code_lifespan: '5 minutes' elevation_lifespan: '10 minutes' characters: 8 require_second_factor: false skip_second_factor: false reset_password: jwt_lifespan: '5 minutes' jwt_algorithm: 'HS256' totp: disable: false issuer: 'Authelia' skew: 1 secret_size: 32 algorithm: 'SHA1' digits: 6 period: 30 allowed_algorithms: - 'SHA1' allowed_digits: - 6 allowed_periods: - 30 webauthn: disable: false display_name: 'Authelia' attestation_conveyance_preference: 'indirect' user_verification: 'preferred' timeout: '60 seconds' ntp: address: 'udp://time.cloudflare.com:123' version: 4 max_desync: '3 seconds' disable_startup_check: false disable_failure: false authentication_backend: password_reset: disable: false custom_url: '' file: path: '/config/users_database.yml' watch: false search: email: false case_insensitive: false password: algorithm: 'argon2' argon2: variant: 'argon2id' iterations: 3 memory: 65536 parallelism: 4 key_length: 32 salt_length: 16 scrypt: iterations: 16 block_size: 8 parallelism: 1 key_length: 32 salt_length: 16 pbkdf2: variant: 'sha512' iterations: 310000 salt_length: 16 sha2crypt: variant: 'sha512' iterations: 50000 salt_length: 16 bcrypt: variant: 'standard' cost: 12 password_policy: standard: enabled: false min_length: 8 max_length: 0 require_uppercase: false require_lowercase: false require_number: false require_special: false zxcvbn: enabled: false min_score: 0 session: name: 'authelia_session' same_site: 'lax' inactivity: '5 minutes' expiration: '1 hour' remember_me: '1 month' cookies: - domain: 'nc.landry.land' authelia_url: 'https://auth.nc.landry.land' regulation: max_retries: 3 find_time: '2 minutes' ban_time: '5 minutes' storage: notifier: disable_startup_check: true access_control: default_policy: 'two_factor' ... --- # Source: authelia/templates/persistentVolumeClaim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: authelia labels: app.kubernetes.io/name: authelia app.kubernetes.io/instance: authelia app.kubernetes.io/version: 4.38.16 app.kubernetes.io/managed-by: Helm helm.sh/chart: authelia-0.9.9 spec: accessModes: - ReadWriteOnce resources: requests: storage: 100Mi --- # Source: authelia/templates/service.yaml apiVersion: v1 kind: Service metadata: name: authelia labels: app.kubernetes.io/name: authelia app.kubernetes.io/instance: authelia app.kubernetes.io/version: 4.38.16 app.kubernetes.io/managed-by: Helm helm.sh/chart: authelia-0.9.9 spec: type: ClusterIP sessionAffinity: None selector: app.kubernetes.io/name: authelia app.kubernetes.io/instance: authelia ports: - name: http protocol: TCP port: 80 targetPort: http --- # Source: authelia/templates/deployment.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: authelia labels: app.kubernetes.io/name: authelia app.kubernetes.io/instance: authelia app.kubernetes.io/version: 4.38.16 app.kubernetes.io/managed-by: Helm helm.sh/chart: authelia-0.9.9 spec: selector: matchLabels: app.kubernetes.io/name: authelia app.kubernetes.io/instance: authelia revisionHistoryLimit: 5 minReadySeconds: 0 updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 25% template: metadata: labels: app.kubernetes.io/name: authelia app.kubernetes.io/instance: authelia app.kubernetes.io/version: 4.38.16 app.kubernetes.io/managed-by: Helm helm.sh/chart: authelia-0.9.9 annotations: authelia.com/checksum-config: 006bc5d2a8e6cd74f00c0997a5f019130c7fcf03d794081d7dab493cba204888 spec: hostNetwork: false hostPID: false hostIPC: false affinity: nodeAffinity: {} podAffinity: {} podAntiAffinity: {} enableServiceLinks: false containers: - name: authelia image: ghcr.io/authelia/authelia:4.38.16 imagePullPolicy: IfNotPresent command: ["authelia"] resources: limits: cpu: "4.00" memory: 2Gi requests: cpu: "0.25" memory: 50Mi env: - name: AUTHELIA_SERVER_DISABLE_HEALTHCHECK value: "true" - name: AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE value: '/secrets/internal/identity_validation.reset_password.jwt.hmac.key' - name: AUTHELIA_SESSION_SECRET_FILE value: '/secrets/internal/session.encryption.key' - name: AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE value: '/secrets/internal/storage.encryption.key' - name: X_AUTHELIA_CONFIG value: '/configuration.yaml' - name: X_AUTHELIA_CONFIG_FILTERS value: template startupProbe: failureThreshold: 6 httpGet: path: /api/health port: http scheme: HTTP initialDelaySeconds: 10 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 livenessProbe: failureThreshold: 5 httpGet: path: /api/health port: http scheme: HTTP initialDelaySeconds: 0 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 5 httpGet: path: /api/health port: http scheme: HTTP initialDelaySeconds: 0 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 ports: - name: http containerPort: 9091 protocol: TCP volumeMounts: - mountPath: /config name: authelia readOnly: false - mountPath: /configuration.yaml name: config readOnly: true subPath: configuration.yaml - mountPath: /secrets/internal name: secrets readOnly: true volumes: - name: authelia persistentVolumeClaim: claimName: authelia - name: config configMap: name: authelia items: - key: configuration.yaml path: configuration.yaml - name: secrets secret: secretName: authelia items: - key: identity_validation.reset_password.jwt.hmac.key path: identity_validation.reset_password.jwt.hmac.key - key: session.encryption.key path: session.encryption.key - key: storage.encryption.key path: storage.encryption.key --- # Source: authelia/templates/ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: authelia labels: app.kubernetes.io/name: authelia app.kubernetes.io/instance: authelia app.kubernetes.io/version: 4.38.16 app.kubernetes.io/managed-by: Helm helm.sh/chart: authelia-0.9.9 annotations: kubernetes.io/tls-acme: "true" spec: rules: - host: 'auth.nc.landry.land' http: paths: - path: / pathType: Prefix backend: service: name: authelia port: number: 80 tls: - hosts: - 'auth.nc.landry.land' secretName: authelia-tls