Put secrets in env variables of Kubernetes Deployment.
This is preliminary work to bootstrap the Helm chart and rely on the Kubernetes vault. WARNING: those variables should never be set in the configuration in a production environment. They have been set here for ease of deployment and because this is a showcase.pull/570/head
parent
e92d3ced3a
commit
c95c7210d8
|
@ -4,7 +4,6 @@
|
|||
|
||||
port: 80
|
||||
logs_level: debug
|
||||
jwt_secret: an_unsecure_secret
|
||||
|
||||
default_redirection_url: https://home.example.com:8080
|
||||
|
||||
|
@ -20,7 +19,6 @@ authentication_backend:
|
|||
group_name_attribute: cn
|
||||
mail_attribute: mail
|
||||
user: cn=admin,dc=example,dc=com
|
||||
password: password
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
|
@ -74,7 +72,6 @@ access_control:
|
|||
policy: two_factor
|
||||
|
||||
session:
|
||||
secret: unsecure_password
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
domain: example.com
|
||||
|
@ -93,7 +90,6 @@ storage:
|
|||
port: 3306
|
||||
database: authelia
|
||||
username: admin
|
||||
password: password
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
|
|
|
@ -24,6 +24,17 @@ spec:
|
|||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/authelia
|
||||
env:
|
||||
# We set secrets directly here for ease of deployment but all secrets
|
||||
# should be stored in the Kube Vault in production.
|
||||
- name: AUTHELIA_JWT_SECRET
|
||||
value: an_unsecure_secret
|
||||
- name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD
|
||||
value: password
|
||||
- name: AUTHELIA_SESSION_SECRET
|
||||
value: unsecure_password
|
||||
- name: AUTHELIA_STORAGE_MYSQL_PASSWORD
|
||||
value: password
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
|
|
Loading…
Reference in New Issue