davad/argo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
argo/apps/authelia/base/authelia.custom.yaml
David Landry 6db291e66c fix(authelia): disable notifier for now
2024-10-09 16:38:04 -04:00

355 lines
9.1 KiB
YAML
Raw Blame History

---
# Source: authelia/templates/configMap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: authelia
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: authelia
app.kubernetes.io/version: 4.38.16
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.9
data:
configuration.yaml: |
---
# yaml-language-server: $schema=https://www.authelia.com/schemas/v4.38/json-schema/configuration.json
theme: 'light'
default_2fa_method: ''
server:
address: 'tcp://0.0.0.0:9091/'
asset_path: ''
headers:
csp_template: ''
buffers:
read: 4096
write: 4096
timeouts:
read: '6 seconds'
write: '6 seconds'
idle: '30 seconds'
endpoints:
enable_pprof: false
enable_expvars: false
authz:
auth-request:
implementation: 'AuthRequest'
ext-authz:
implementation: 'ExtAuthz'
forward-auth:
implementation: 'ForwardAuth'
log:
level: 'info'
format: 'text'
file_path: ''
keep_stdout: true
telemetry:
metrics:
enabled: false
identity_validation:
elevated_session:
code_lifespan: '5 minutes'
elevation_lifespan: '10 minutes'
characters: 8
require_second_factor: false
skip_second_factor: false
reset_password:
jwt_lifespan: '5 minutes'
jwt_algorithm: 'HS256'
totp:
disable: false
issuer: 'Authelia'
skew: 1
secret_size: 32
algorithm: 'SHA1'
digits: 6
period: 30
allowed_algorithms:
- 'SHA1'
allowed_digits:
- 6
allowed_periods:
- 30
webauthn:
disable: false
display_name: 'Authelia'
attestation_conveyance_preference: 'indirect'
user_verification: 'preferred'
timeout: '60 seconds'
ntp:
address: 'udp://time.cloudflare.com:123'
version: 4
max_desync: '3 seconds'
disable_startup_check: false
disable_failure: false
authentication_backend:
password_reset:
disable: false
custom_url: ''
file:
path: '/config/users_database.yml'
watch: false
search:
email: false
case_insensitive: false
password:
algorithm: 'argon2'
argon2:
variant: 'argon2id'
iterations: 3
memory: 65536
parallelism: 4
key_length: 32
salt_length: 16
scrypt:
iterations: 16
block_size: 8
parallelism: 1
key_length: 32
salt_length: 16
pbkdf2:
variant: 'sha512'
iterations: 310000
salt_length: 16
sha2crypt:
variant: 'sha512'
iterations: 50000
salt_length: 16
bcrypt:
variant: 'standard'
cost: 12
password_policy:
standard:
enabled: false
min_length: 8
max_length: 0
require_uppercase: false
require_lowercase: false
require_number: false
require_special: false
zxcvbn:
enabled: false
min_score: 0
session:
name: 'authelia_session'
same_site: 'lax'
inactivity: '5 minutes'
expiration: '1 hour'
remember_me: '1 month'
cookies:
- domain: 'nc.landry.land'
authelia_url: 'https://auth.nc.landry.land'
regulation:
max_retries: 3
find_time: '2 minutes'
ban_time: '5 minutes'
storage:
notifier:
disable_startup_check: true
access_control:
default_policy: 'two_factor'
...
---
# Source: authelia/templates/persistentVolumeClaim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: authelia
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: authelia
app.kubernetes.io/version: 4.38.16
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.9
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
---
# Source: authelia/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: authelia
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: authelia
app.kubernetes.io/version: 4.38.16
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.9
spec:
type: ClusterIP
sessionAffinity: None
selector:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: authelia
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
# Source: authelia/templates/deployment.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: authelia
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: authelia
app.kubernetes.io/version: 4.38.16
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.9
spec:
selector:
matchLabels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: authelia
revisionHistoryLimit: 5
minReadySeconds: 0
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
template:
metadata:
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: authelia
app.kubernetes.io/version: 4.38.16
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.9
annotations:
authelia.com/checksum-config: 006bc5d2a8e6cd74f00c0997a5f019130c7fcf03d794081d7dab493cba204888
spec:
hostNetwork: false
hostPID: false
hostIPC: false
affinity:
nodeAffinity: {}
podAffinity: {}
podAntiAffinity: {}
enableServiceLinks: false
containers:
- name: authelia
image: ghcr.io/authelia/authelia:4.38.16
imagePullPolicy: IfNotPresent
command: ["authelia"]
resources:
limits:
cpu: "4.00"
memory: 2Gi
requests:
cpu: "0.25"
memory: 50Mi
env:
- name: AUTHELIA_SERVER_DISABLE_HEALTHCHECK
value: "true"
- name: AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE
value: '/secrets/internal/identity_validation.reset_password.jwt.hmac.key'
- name: AUTHELIA_SESSION_SECRET_FILE
value: '/secrets/internal/session.encryption.key'
- name: AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE
value: '/secrets/internal/storage.encryption.key'
- name: X_AUTHELIA_CONFIG
value: '/configuration.yaml'
- name: X_AUTHELIA_CONFIG_FILTERS
value: template
startupProbe:
failureThreshold: 6
httpGet:
path: /api/health
port: http
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
failureThreshold: 5
httpGet:
path: /api/health
port: http
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
failureThreshold: 5
httpGet:
path: /api/health
port: http
scheme: HTTP
initialDelaySeconds: 0
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
ports:
- name: http
containerPort: 9091
protocol: TCP
volumeMounts:
- mountPath: /config
name: authelia
readOnly: false
- mountPath: /configuration.yaml
name: config
readOnly: true
subPath: configuration.yaml
- mountPath: /secrets/internal
name: secrets
readOnly: true
volumes:
- name: authelia
persistentVolumeClaim:
claimName: authelia
- name: config
configMap:
name: authelia
items:
- key: configuration.yaml
path: configuration.yaml
- name: secrets
secret:
secretName: authelia
items:
- key: identity_validation.reset_password.jwt.hmac.key
path: identity_validation.reset_password.jwt.hmac.key
- key: session.encryption.key
path: session.encryption.key
- key: storage.encryption.key
path: storage.encryption.key
---
# Source: authelia/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: authelia
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: authelia
app.kubernetes.io/version: 4.38.16
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.9
annotations:
kubernetes.io/tls-acme: "true"
spec:
rules:
- host: 'auth.nc.landry.land'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: authelia
port:
number: 80
tls:
- hosts:
- 'auth.nc.landry.land'
secretName: authelia-tls
Reference in a new issue View git blame Copy permalink