mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Updated secrets.md with a functional DaemonSet (#1287)
* Updated secrets.md with a functional DaemonSet * changed TCP socket for API endpoints
This commit is contained in:
parent
4aa6fef97e
commit
86ecc03640
|
@ -23,7 +23,7 @@ containing the secret data. This file must be readable by the
|
|||
user the Authelia daemon is running as.
|
||||
|
||||
For instance the LDAP password can be defined in the configuration
|
||||
at the path **authentication_backend.ldap.password**, so this password
|
||||
at the path **authentication_backend.ldap.password**, so this password
|
||||
could alternatively be set using the environment variable called
|
||||
**AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE**.
|
||||
|
||||
|
@ -51,19 +51,19 @@ server. The UNIX permissions should probably be something like 600.
|
|||
|
||||
## Secrets exposed in an environment variable
|
||||
|
||||
**DEPRECATION NOTICE:** This backwards compatibility feature **has been removed** in 4.18.0+.
|
||||
**DEPRECATION NOTICE:** This backwards compatibility feature **has been removed** in 4.18.0+.
|
||||
|
||||
Prior to implementing file secrets you were able to define the
|
||||
values of secrets in the environment variables themselves
|
||||
in plain text instead of referencing a file. **This is no longer available
|
||||
as an option**, please see the table above for the file based replacements. See
|
||||
as an option**, please see the table above for the file based replacements. See
|
||||
[this article](https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/)
|
||||
for reasons why this was removed.
|
||||
|
||||
## Docker
|
||||
|
||||
Secrets can be provided in a `docker-compose.yml` either with Docker secrets or
|
||||
bind mounted secret files, examples of these are provided below.
|
||||
bind mounted secret files, examples of these are provided below.
|
||||
|
||||
|
||||
### Compose with Docker secrets
|
||||
|
@ -174,7 +174,7 @@ the same directory. You will need to edit the kustomization.yaml with your
|
|||
desired secrets after the equal signs. If you change the value before the
|
||||
equal sign you'll have to adjust the volumes section of the daemonset
|
||||
template (or deployment template if you're using it).
|
||||
|
||||
|
||||
```yaml
|
||||
#filename: ./kustomization.yaml
|
||||
generatorOptions:
|
||||
|
@ -211,6 +211,7 @@ apiVersion: apps/v1
|
|||
kind: DaemonSet
|
||||
metadata:
|
||||
name: authelia
|
||||
namespace: authelia
|
||||
labels:
|
||||
app: authelia
|
||||
spec:
|
||||
|
@ -239,32 +240,36 @@ spec:
|
|||
value: /app/secrets/ldap_password
|
||||
- name: AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
|
||||
value: /app/secrets/smtp_password
|
||||
- name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
|
||||
- name: AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE
|
||||
value: /app/secrets/sql_password
|
||||
- name: AUTHELIA_SESSION_REDIS_PASSWORD_FILE
|
||||
value: /app/secrets/redis_password
|
||||
- name: TZ
|
||||
value: America/Toronto
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
- name: authelia-port
|
||||
containerPort: 9091
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /api/configuration
|
||||
port: http
|
||||
initialDelaySeconds: 10
|
||||
path: /api/state
|
||||
port: authelia-port
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 5
|
||||
periodSeconds: 5
|
||||
failureThreshold: 4
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /api/configuration
|
||||
port: http
|
||||
path: /api/state
|
||||
port: authelia-port
|
||||
initialDelaySeconds: 60
|
||||
timeoutSeconds: 5
|
||||
periodSeconds: 30
|
||||
failureThreshold: 2
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /api/configuration
|
||||
port: http
|
||||
initialDelaySeconds: 10
|
||||
path: /api/state
|
||||
port: authelia-port
|
||||
initialDelaySeconds: 15
|
||||
timeoutSeconds: 5
|
||||
periodSeconds: 5
|
||||
failureThreshold: 5
|
||||
|
@ -274,9 +279,6 @@ spec:
|
|||
- mountPath: /app/secrets
|
||||
name: secrets
|
||||
readOnly: true
|
||||
- mountPath: /etc/localtime
|
||||
name: localtime
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
|
@ -302,7 +304,4 @@ spec:
|
|||
path: ldap_password
|
||||
- key: smtp_password
|
||||
path: smtp_password
|
||||
- name: localtime
|
||||
hostPath:
|
||||
path: /etc/localtime
|
||||
```
|
Loading…
Reference in New Issue
Block a user