viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add authelia in dev mode but then disabled because didnt get it to solve my problem [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2024-08-10 13:26:49 +00:00
parent c684b321cc
commit 9e568496be
4 changed files with 169 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

29
kek.yaml
View file

@ -1,29 +0,0 @@
apiVersion: mysql.presslabs.org/v1alpha1
kind: MysqlCluster
metadata:
name: mysql-cluster
spec:
mysqlVersion: "5.7"
replicas: 1
secretName: cluster-secret
mysqlConf:
# read_only: 0 # mysql forms a single transaction for each sql statement, autocommit for each statement
# automatic_sp_privileges: "ON" # automatically grants the EXECUTE and ALTER ROUTINE privileges to the creator of a stored routine
# auto_generate_certs: "ON" # Auto Generation of Certificate
# auto_increment_increment: 1 # Auto Incrementing value from +1
# auto_increment_offset: 1 # Auto Increment Offset
# binlog-format: "STATEMENT" # contains various options such ROW(SLOW,SAFE) STATEMENT(FAST,UNSAFE), MIXED(combination of both)
# wait_timeout: 31536000 # 28800 number of seconds the server waits for activity on a non-interactive connection before closing it, You might encounter MySQL server has gone away error, you then tweak this value acccordingly
# interactive_timeout: 28800 # The number of seconds the server waits for activity on an interactive connection before closing it.
# max_allowed_packet: "512M" # Maximum size of MYSQL Network protocol packet that the server can create or read 4MB, 8MB, 16MB, 32MB
# max-binlog-size: 1073741824 # binary logs contains the events that describe database changes, this parameter describe size for the bin_log file.
# log_output: "TABLE" # Format in which the logout will be dumped
# master-info-repository: "TABLE" # Format in which the master info will be dumped
# relay_log_info_repository: "TABLE" # Format in which the relay info will be dumped
volumeSpec:
persistentVolumeClaim:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

165
modules/kubernetes/authelia/main.tf
View file

@ -15,14 +15,163 @@ module "tls_secret" {
tls_secret_name = var.tls_secret_name
}
resource "helm_release" "authelia" {
namespace = "authelia"
create_namespace = true
name = "authelia"
atomic = true
# resource "helm_release" "authelia" {
# namespace = "authelia"
# create_namespace = true
# name = "authelia"
# atomic = true
repository = "https://charts.authelia.com"
chart = "authelia"
# repository = "https://charts.authelia.com"
# chart = "authelia"
# version = "4.38.9"
values = [templatefile("${path.module}/values.yaml", {})]
# values = [templatefile("${path.module}/values.yaml", {})]
# }
resource "kubernetes_config_map" "configuration" {
metadata {
name = "configuration"
namespace = "authelia"
labels = {
app = "configuration"
}
annotations = {
"reloader.stakater.com/match" = "true"
}
}
data = {
# "configuration.yml" = yamldecode(file("${path.module}/configuration.yml"))
"configuration.yml" = file("${path.module}/configuration.yml")
"users_database.yml" = file("${path.module}/users_database.yml")
}
}
resource "kubernetes_deployment" "authelia" {
metadata {
name = "authelia"
namespace = "authelia"
labels = {
app = "authelia"
}
annotations = {
"reloader.stakater.com/search" = "true"
}
}
spec {
replicas = 1
selector {
match_labels = {
app = "authelia"
}
}
template {
metadata {
labels = {
app = "authelia"
}
}
spec {
container {
image = "authelia/authelia:4.38"
name = "authelia"
# command = ["tail", "-f", "/etc/passwd"]
port {
container_port = 9091
}
port {
container_port = 8080
}
volume_mount {
name = "config"
# mount_path = "/etc/authelia/configuration.yml"
mount_path = "/config/configuration.yml"
sub_path = "configuration.yml"
}
volume_mount {
name = "users-database"
# mount_path = "/etc/authelia/users_database.yml"
mount_path = "/config/users_database.yml"
sub_path = "users_database.yml"
}
}
volume {
name = "config"
config_map {
name = "configuration"
}
}
volume {
name = "users-database"
config_map {
name = "configuration"
}
}
}
}
}
}
resource "kubernetes_service" "authelia" {
metadata {
name = "authelia"
namespace = "authelia"
labels = {
"app" = "authelia"
}
}
spec {
selector = {
app = "authelia"
}
port {
name = "http"
port = 80
protocol = "TCP"
# target_port = 8080
target_port = 9091
}
}
}
resource "kubernetes_ingress_v1" "authelia" {
metadata {
name = "authelia"
namespace = "authelia"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/affinity" = "cookie"
# "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
# "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
}
}
spec {
tls {
hosts = ["auth.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "auth.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "authelia"
port {
number = 80
}
}
}
}
}
}
}
}

10
modules/kubernetes/authelia/users_database.yml Normal file
View file

@ -0,0 +1,10 @@
users:
authelia:
disabled: false
displayname: "Viktor"
# Password is authelia
password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # yamllint disable-line rule:line-length
email: me@viktorbarzin.me
groups:
- admins
- dev

4
modules/kubernetes/authelia/values.yaml
View file

@ -86,11 +86,11 @@ service:
# myLabel: myValue
port: 80
nodePort: 30091
#nodePort: 30091
# clusterIP:
ingress:
enabled: false
enabled: true
annotations: {}
# annotations: