Put secrets in env variables of Kubernetes Deployment.

This is preliminary work to bootstrap the Helm chart and rely on
the Kubernetes vault.

WARNING: those variables should never be set in the configuration
in a production environment. They have been set here for ease of
deployment and because this is a showcase.
This commit is contained in:
Clement Michaud 2020-01-21 22:03:55 +01:00 committed by Amir Zarrinkafsh
parent e92d3ced3a
commit c95c7210d8
2 changed files with 11 additions and 4 deletions

View File

@ -4,7 +4,6 @@
port: 80 port: 80
logs_level: debug logs_level: debug
jwt_secret: an_unsecure_secret
default_redirection_url: https://home.example.com:8080 default_redirection_url: https://home.example.com:8080
@ -20,7 +19,6 @@ authentication_backend:
group_name_attribute: cn group_name_attribute: cn
mail_attribute: mail mail_attribute: mail
user: cn=admin,dc=example,dc=com user: cn=admin,dc=example,dc=com
password: password
access_control: access_control:
default_policy: deny default_policy: deny
@ -74,7 +72,6 @@ access_control:
policy: two_factor policy: two_factor
session: session:
secret: unsecure_password
expiration: 3600 # 1 hour expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes inactivity: 300 # 5 minutes
domain: example.com domain: example.com
@ -93,7 +90,6 @@ storage:
port: 3306 port: 3306
database: authelia database: authelia
username: admin username: admin
password: password
notifier: notifier:
smtp: smtp:

View File

@ -24,6 +24,17 @@ spec:
volumeMounts: volumeMounts:
- name: config-volume - name: config-volume
mountPath: /etc/authelia mountPath: /etc/authelia
env:
# We set secrets directly here for ease of deployment but all secrets
# should be stored in the Kube Vault in production.
- name: AUTHELIA_JWT_SECRET
value: an_unsecure_secret
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD
value: password
- name: AUTHELIA_SESSION_SECRET
value: unsecure_password
- name: AUTHELIA_STORAGE_MYSQL_PASSWORD
value: password
volumes: volumes:
- name: config-volume - name: config-volume
configMap: configMap: