mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
b264e63235
* [DEV] Fix permission issue with dev workflow. nginx backend was facing permission denied errors because the permissions of the html files were too restricted. Moreover those files were added to the docker image while they could just be mounted as other services. * Fix Kubernetes integration test Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
154 lines
3.5 KiB
YAML
154 lines
3.5 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: test-app
|
|
namespace: authelia
|
|
labels:
|
|
app: test-app
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: test-app
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: test-app
|
|
spec:
|
|
containers:
|
|
- name: test-app
|
|
image: nginx:alpine
|
|
command: ["/entrypoint.sh"]
|
|
ports:
|
|
- containerPort: 80
|
|
volumeMounts:
|
|
- name: config-volume
|
|
mountPath: /entrypoint.sh
|
|
subPath: entrypoint.sh
|
|
- name: config-volume
|
|
mountPath: /etc/nginx/nginx.conf
|
|
subPath: nginx.conf
|
|
- name: config-volume
|
|
mountPath: /tmp/html.tar.gz
|
|
subPath: html.tar.gz
|
|
volumes:
|
|
- name: config-volume
|
|
configMap:
|
|
name: nginx-config
|
|
items:
|
|
- key: entrypoint.sh
|
|
path: entrypoint.sh
|
|
mode: 0755
|
|
- key: nginx.conf
|
|
path: nginx.conf
|
|
- key: html.tar.gz
|
|
path: html.tar.gz
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: test-app-service
|
|
namespace: authelia
|
|
labels:
|
|
app: test-app
|
|
spec:
|
|
selector:
|
|
app: test-app
|
|
ports:
|
|
- port: 80
|
|
name: http
|
|
- port: 443
|
|
name: https
|
|
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: insecure-ingress
|
|
namespace: authelia
|
|
annotations:
|
|
kubernetes.io/ingress.class: "nginx"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
spec:
|
|
tls:
|
|
- secretName: test-app-tls
|
|
hosts:
|
|
- home.example.com
|
|
rules:
|
|
- host: home.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: secure-ingress
|
|
namespace: authelia
|
|
annotations:
|
|
kubernetes.io/ingress.class: "nginx"
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/auth-url: "https://authelia-service.authelia.svc.cluster.local/api/verify"
|
|
nginx.ingress.kubernetes.io/auth-signin: "https://login.example.com:8080/"
|
|
spec:
|
|
tls:
|
|
- secretName: test-app-tls
|
|
hosts:
|
|
- public.example.com
|
|
- admin.example.com
|
|
- dev.example.com
|
|
- mx1.mail.example.com
|
|
- mx2.mail.example.com
|
|
- singlefactor.example.com
|
|
rules:
|
|
- host: public.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: admin.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: dev.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: mx1.mail.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: mx2.mail.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|
|
- host: singlefactor.example.com
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: test-app-service
|
|
servicePort: 80
|