Skip to content

Commit

Permalink
feat(authelia): add Argo CD client
Browse files Browse the repository at this point in the history
  • Loading branch information
vehagn committed Sep 15, 2024
1 parent 8b5d9dc commit 05fc5d2
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 10 deletions.
21 changes: 21 additions & 0 deletions k8s/infra/auth/authelia/http-route.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: authelia
namespace: authelia
spec:
parentRefs:
- name: external
namespace: gateway
- name: internal
namespace: gateway
hostnames:
- "authelia.stonegarden.dev"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: authelia
port: 80
1 change: 1 addition & 0 deletions k8s/infra/auth/authelia/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ namespace: authelia
resources:
- ns.yaml
- lldap-credentials.yaml
- http-route.yaml

helmCharts:
- name: authelia
Expand Down
64 changes: 54 additions & 10 deletions k8s/infra/auth/authelia/values.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# https://github.com/authelia/chartrepo/blob/master/charts/authelia/values.yaml
image:
registry: ghcr.io
repository: authelia/authelia
Expand All @@ -11,30 +12,30 @@ configMap:
# upgrade to 'two_factor' later
default_policy: 'one_factor'
rules:
- domain_regex: '^.*\.stonegarden.dev$'
policy: 'one_factor'
- domain_regex: '^.*\.stonegarden.dev$'
policy: 'one_factor'

authentication_backend:
ldap:
enabled: true
implementation: 'lldap'
address: 'ldap://lldap.lldap.svc.cluster.local'
base_dn: 'DC=stonegarden,DC=dev'
#users_filter: '(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))'
#additional_users_dn: 'OU=people'
#groups_filter: '(member={dn})'
additional_groups_dn: 'OU=groups'
base_dn: 'dc=stonegarden,dc=dev'
users_filter: '(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))'
additional_users_dn: 'ou=people'
groups_filter: '(member={dn})'
additional_groups_dn: 'ou=groups'
user: 'UID=authelia,OU=people,DC=stonegarden,DC=dev'
password:
secret_name: 'lldap-auth'
value: 'password'

# file:
# enabled: true
# file:
# enabled: true

session:
cookies:
- subdomain: auth
- subdomain: authelia
domain: stonegarden.dev

storage:
Expand All @@ -49,6 +50,49 @@ configMap:
filesystem:
enabled: true

identity_providers:
oidc:
## Enables this in the config map. Currently in beta stage.
## See https://www.authelia.com/r/openid-connect/
enabled: true
jwks:
- key_id: ''
algorithm: 'RS256'
use: 'sig'
key:
path: '/secrets/oidc.jwk.RS256.pem'
certificate_chain:
path: '/secrets.oidc.jwk.RS256.crt'
clients:
- client_id: 'argocd'
client_secret: #'$pbkdf2-sha512$310000$ms/OlHdUjXSdHDW7xdgVhQ$6HN.cN9/MlttyYmXHMRU4JB0Ngqjs5ErSi1UIkH5k9qmMq2qHnueRrLwUjXTdMmOj6lCOAd1l2pA08VUTScPNw'
# value: '$pbkdf2-sha512$310000$ms/OlHdUjXSdHDW7xdgVhQ$6HN.cN9/MlttyYmXHMRU4JB0Ngqjs5ErSi1UIkH5k9qmMq2qHnueRrLwUjXTdMmOj6lCOAd1l2pA08VUTScPNw'
path: '/secrets/oidc.client.argocd.value'
client_name: 'Argo CD'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://argocd.stonegarden.dev/auth/callback'
scopes:
- 'openid'
- 'groups'
- 'email'
- 'profile'
userinfo_signed_response_alg: 'none'
- client_id: 'argocd-cli'
client_name: 'Argo CD (CLI)'
public: true
authorization_policy: 'one_factor'
redirect_uris:
- 'http://localhost:8085/auth/callback'
scopes:
- 'openid'
- 'groups'
- 'email'
- 'profile'
- 'offline_access'
userinfo_signed_response_alg: 'none'

secret:
additionalSecrets:
lldap-auth:
Expand Down

0 comments on commit 05fc5d2

Please sign in to comment.