From e8de92fd24c732267dc5493f96ef9d15b982a19f Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sun, 14 Feb 2021 20:38:24 +1100 Subject: [PATCH] refactor: move domain value Moves the configMap.domain to domain in the values.yaml and refactors some areas of the chart. --- charts/authelia/Chart.yaml | 2 +- charts/authelia/templates/_helpers.tpl | 6 +++++- charts/authelia/templates/configMap.yaml | 6 +++--- charts/authelia/values.yaml | 24 +++++++++++++----------- 4 files changed, 22 insertions(+), 16 deletions(-) diff --git a/charts/authelia/Chart.yaml b/charts/authelia/Chart.yaml index 6b117ff..55b9211 100644 --- a/charts/authelia/Chart.yaml +++ b/charts/authelia/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: authelia -version: 0.1.1 +version: 0.1.2 kubeVersion: ">= 1.13.0" description: Authelia is a Single Sign-On Multi-Factor portal for web apps type: application diff --git a/charts/authelia/templates/_helpers.tpl b/charts/authelia/templates/_helpers.tpl index 7727a84..f560099 100644 --- a/charts/authelia/templates/_helpers.tpl +++ b/charts/authelia/templates/_helpers.tpl @@ -198,7 +198,11 @@ Returns the smtp password or a randomly generated one Returns the ingress hostname */}} {{- define "authelia.ingressHost" -}} - {{- printf "%s.%s" (default "auth" .Values.ingress.subdomain) .Values.configMap.domain -}} + {{- if .Values.ingress.subdomain -}} + {{- printf "%s.%s" (default "auth" .Values.ingress.subdomain) .Values.domain -}} + {{- else -}} + {{- .Values.domain -}} + {{- end -}} {{- end -}} {{/* diff --git a/charts/authelia/templates/configMap.yaml b/charts/authelia/templates/configMap.yaml index a21c128..e256430 100644 --- a/charts/authelia/templates/configMap.yaml +++ b/charts/authelia/templates/configMap.yaml @@ -14,13 +14,13 @@ data: port: {{ default 9091 .Values.configMap.port }} theme: {{ default "light" .Values.configMap.theme }} log_level: {{ default "info" .Values.configMap.log_level }} - default_redirection_url: {{ default (printf "https://www.%s" .Values.configMap.domain) .Values.configMap.default_redirection_url }} + default_redirection_url: {{ default (printf "https://www.%s" .Values.domain) .Values.configMap.default_redirection_url }} {{- if (include "authelia.enabled.certificatesSecret" .) }} certificates_directory: /usr/app/certificates {{- end }} server: {{ toYaml .Values.configMap.server | nindent 6 }} totp: - issuer: {{ .Values.configMap.domain }} + issuer: {{ .Values.domain }} period: {{ default 30 .Values.configMap.totp.period }} skew: {{ default 1 .Values.configMap.totp.skew }} {{- with $duoApi := .Values.configMap.duo_api }} @@ -36,7 +36,7 @@ data: {{- end }} session: name: {{ default "authelia_session" .Values.configMap.session.name }} - domain: {{ .Values.configMap.domain }} + domain: {{ .Values.domain }} expiration: {{ default "1M" .Values.configMap.session.expiration }} inactivity: {{ default "5m" .Values.configMap.session.inactivity }} remember_me_duration: {{ default "1M" .Values.configMap.session.remember_me_duration }} diff --git a/charts/authelia/values.yaml b/charts/authelia/values.yaml index 2bb3271..27f7d60 100644 --- a/charts/authelia/values.yaml +++ b/charts/authelia/values.yaml @@ -25,6 +25,13 @@ extraLabels: { } # extraLabels: # myLabel: myValue +## Authelia Domain +## Should be the root domain you want to protect. +## For example if you have apps app1.example.com and app2.example.com it should be example.com +## This affects the ingress (partially sets the domain used) and configMap. +## Authelia must be served from the domain or a subdomain under it. +domain: example.com + service: annotations: { } # annotations: @@ -54,11 +61,11 @@ ingress: certManager: false rewriteTarget: true - ## Subdomain is the only thing required since we specify the domain as part of the configuration section. - ## Example: To get Authelia to listen on https://auth.example.com specify 'auth' for subdomain, - ## and specify example.com for the configuration.domain. - + ## Subdomain is the only thing required since we specify the domain as part of the root values of the chart. + ## Example: To get Authelia to listen on https://auth.example.com specify 'auth' for ingress.subdomain, + ## and specify example.com for the domain. subdomain: auth + tls: true tlsSecret: authelia-tls @@ -350,11 +357,6 @@ configMap: ## # port: 9091 - ## - ## Domain is used to set the domain for the session, and defaults for the default_redirection_url, and totp issuer. - ## - domain: example.com - ## Configuration options specific to the internal http server server: ## Buffers usually should be configured to be the same value. @@ -381,7 +383,7 @@ configMap: ## ## Note: this parameter is optional. If not provided, user won't ## be redirected upon successful authentication. - ## Default is https:// (value above in this chart). + ## Default is https://www. (value at the top of the values.yaml). ## # default_redirection_url: https://example.com @@ -391,7 +393,7 @@ configMap: totp: { } ## The issuer name displayed in the Authenticator application of your choice ## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names - ## Defaults to . + ## Defaults to . ## # issuer: example.com