wip

authelia/configmap-inspector.yml

@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: configmap-inspector
+  namespace: authelia
+spec:
+  containers:
+    - image: registry.wayl.one/devtainer:slim
+      name: pvc-inspector
+      command: ["sleep", "300"]
+
+      volumeMounts:
+        - mountPath: /configmap
+          name: configmap
+        - mountPath: /config
+          name: config
+  volumes:
+    - name: configmap
+      projected:
+        sources:
+          - configMap:
+              name: configuration
+          - configMap:
+              name: users
+
+    - name: config
+      persistentVolumeClaim:
+        claimName: config
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: config
+  name: config
+  namespace: authelia
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+status: {}

authelia/deployment.yaml

@@ -0,0 +1,132 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o deployment.yaml -n authelia
+    kompose.service.expose: auth.wayl.one
+    kompose.version: 1.31.2 (a92241f79)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: authelia
+  name: authelia
+  namespace: authelia
+spec:
+  ports:
+    - name: "9091"
+      port: 9091
+      targetPort: 9091
+    - name: 9091-tcp
+      port: 9091
+      targetPort: 9091
+  selector:
+    io.kompose.service: authelia
+status:
+  loadBalancer: {}
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  creationTimestamp: null
+  name: authelia
+  namespace: authelia
+spec: {}
+status: {}
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o deployment.yaml -n authelia
+    kompose.service.expose: auth.wayl.one
+    kompose.version: 1.31.2 (a92241f79)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: authelia
+  name: authelia
+  namespace: authelia
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: authelia
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -o deployment.yaml -n authelia
+        kompose.service.expose: auth.wayl.one
+        kompose.version: 1.31.2 (a92241f79)
+      creationTimestamp: null
+      labels:
+        io.kompose.network/authelia-default: "true"
+        io.kompose.service: authelia
+    spec:
+      containers:
+        - env:
+            - name: TZ
+              value: America/Chicago
+          image: authelia/authelia
+          name: authelia
+          ports:
+            - containerPort: 9091
+              protocol: TCP
+          resources: {}
+          volumeMounts:
+            - mountPath: /config
+              name: config
+      restartPolicy: Always
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: config
+status: {}
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -o deployment.yaml -n authelia
+    kompose.service.expose: auth.wayl.one
+    kompose.version: 1.31.2 (a92241f79)
+  creationTimestamp: null
+  labels:
+    io.kompose.service: authelia
+  name: authelia
+  namespace: authelia
+spec:
+  rules:
+    - host: auth.wayl.one
+      http:
+        paths:
+          - backend:
+              service:
+                name: authelia
+                port:
+                  number: 9091
+            path: /
+            pathType: Prefix
+status:
+  loadBalancer: {}
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: config
+  name: config
+  namespace: authelia
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+status: {}
+

authelia/docker-compose.yml

@@ -0,0 +1,21 @@
+version: "3"
+services:
+  authelia:
+    image: authelia/authelia
+    container_name: authelia
+    volumes:
+      - config:/config
+    ports:
+      - 9091
+
+    expose:
+      - 9091
+    environment:
+      - TZ=America/Chicago
+    healthcheck:
+      disable: true
+    labels:
+      kompose.service.expose: auth.wayl.one
+      # kompose.volume.type: configMap
+volumes:
+  config:

authelia/justfile

@@ -0,0 +1,31 @@
+default: cred convert deploy viz
+update: convert patch
+
+create-ns:
+    kubectl create ns authelia
+cred:
+    kubectl get secret -n default regcred --output=yaml -o yaml | sed 's/namespace: default/namespace: authelia/' | kubectl apply -n authelia -f - && echo deployed secret || echo secret exists
+convert:
+    kompose convert -o deployment.yaml -n authelia
+deploy:
+    kubectl apply -f deployment.yaml
+delete:
+    kubectl delete all --all -n authelia --timeout=0s
+viz:
+    k8sviz -n authelia --kubeconfig $KUBECONFIG -t png -o authelia-k8s.png
+restart:
+    kubectl rollout restart -n authelia deployment/authelia
+
+patch:
+    kubectl patch -f deployment.yaml
+describe:
+    kubectl get deployment -n authelia
+    kubectl get rs -n authelia
+    kubectl get pod -n authelia
+    kubectl get svc -n authelia
+    kubectl get ing -n authelia
+
+describe-pod:
+    kubectl describe pod -n authelia
+logs:
+    kubectl logs --all-containers -l io.kompose.service=authelia-wayl-one -n authelia -f

authelia/middleware.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: forwardauth-authelia
+  namespace: authelia
+  labels:
+    app.kubernetes.io/instance: authelia
+    app.kubernetes.io/name: authelia
+spec:
+  forwardAuth:
+    address: http://authelia.authelia.svc/api/verify?rd=https%3A%2F%2Fwww.wayl.one%2F
+    authResponseHeaders:
+      - Remote-User
+      - Remote-Name
+      - Remote-Email
+      - Remote-Groups