mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
76fa325f08
Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal.
131 lines
2.6 KiB
YAML
131 lines
2.6 KiB
YAML
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: test-app
|
|
namespace: authelia
|
|
labels:
|
|
k8s-app: test-app
|
|
spec:
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: test-app
|
|
spec:
|
|
containers:
|
|
- name: test-app
|
|
imagePullPolicy: Never
|
|
image: authelia-example-backend
|
|
ports:
|
|
- containerPort: 80
|
|
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: test-app-service
|
|
namespace: authelia
|
|
labels:
|
|
k8s-app: test-app
|
|
spec:
|
|
selector:
|
|
k8s-app: test-app
|
|
ports:
|
|
- port: 80
|
|
name: http
|
|
- port: 443
|
|
name: https
|
|
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: insecure-ingress
|
|
namespace: authelia
|
|
annotations:
|
|
kubernetes.io/ingress.class: "nginx"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
spec:
|
|
tls:
|
|
- secretName: test-app-tls
|
|
hosts:
|
|
- home.example.com
|
|
rules:
|
|
- host: home.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: secure-ingress
|
|
namespace: authelia
|
|
annotations:
|
|
kubernetes.io/ingress.class: "nginx"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/auth-url: "http://authelia-service.authelia.svc.cluster.local/api/verify"
|
|
nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/#/"
|
|
spec:
|
|
tls:
|
|
- secretName: test-app-tls
|
|
hosts:
|
|
- public.example.com
|
|
- admin.example.com
|
|
- dev.example.com
|
|
- mx1.mail.example.com
|
|
- mx2.mail.example.com
|
|
- singlefactor.example.com
|
|
rules:
|
|
- host: public.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: admin.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: dev.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: mx1.mail.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: mx2.mail.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: singlefactor.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
|