diff --git a/k8s/authelia/templates/configmap.yaml b/k8s/authelia/templates/configmap.yaml index 8c0090b..6316a93 100644 --- a/k8s/authelia/templates/configmap.yaml +++ b/k8s/authelia/templates/configmap.yaml @@ -12,11 +12,11 @@ data: identity_validation: reset_password: - jwt_secret: "$JWT_SECRET" # Injected via env/file + jwt_secret: "" session: name: authelia_session - secret: "$SESSION_SECRET" # Injected via env/file + secret: "" expiration: 3600 inactivity: 900 cookies: @@ -24,7 +24,7 @@ data: authelia_url: {{ .Values.authelia_url | quote }} storage: - encryption_key: "$STORAGE_ENCRYPTION_KEY" # Injected via env/file + encryption_key: "" local: path: /var/lib/authelia/db.sqlite3 @@ -43,7 +43,7 @@ data: address: "submission://{{ .Values.config.notifier.smtp.host }}:{{ .Values.config.notifier.smtp.port }}" sender: {{ .Values.config.notifier.smtp.sender | quote }} username: {{ .Values.config.notifier.smtp.username | quote }} - password: "$SMTP_PASSWORD" # Injected via env/file + password: "" webauthn: display_name: {{ .Values.config.webauthn.display_name | quote }} diff --git a/k8s/authelia/templates/deployment.yaml b/k8s/authelia/templates/deployment.yaml index 1148725..2f903af 100644 --- a/k8s/authelia/templates/deployment.yaml +++ b/k8s/authelia/templates/deployment.yaml @@ -4,6 +4,8 @@ metadata: name: authelia spec: replicas: {{ .Values.replicaCount }} + strategy: + type: Recreate selector: matchLabels: app: authelia @@ -12,6 +14,7 @@ spec: labels: app: authelia spec: + enableServiceLinks: false containers: - name: authelia image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -20,28 +23,22 @@ spec: - name: http containerPort: 9091 env: - - name: AUTHELIA_SERVER_ADDRESS - value: "tcp://0.0.0.0:9091" - - name: PUID - value: "1000" - - name: PGID - value: "1000" - - name: JWT_SECRET + - name: AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET valueFrom: secretKeyRef: name: authelia-secrets key: jwt_secret - - name: SESSION_SECRET + - name: AUTHELIA_SESSION_SECRET valueFrom: secretKeyRef: name: authelia-secrets key: session_secret - - name: STORAGE_ENCRYPTION_KEY + - name: AUTHELIA_STORAGE_ENCRYPTION_KEY valueFrom: secretKeyRef: name: authelia-secrets key: storage_encryption_key - - name: SMTP_PASSWORD + - name: AUTHELIA_NOTIFIER_SMTP_PASSWORD valueFrom: secretKeyRef: name: authelia-secrets diff --git a/k8s/authelia/values-staging.yaml b/k8s/authelia/values-staging.yaml index d794954..5954726 100644 --- a/k8s/authelia/values-staging.yaml +++ b/k8s/authelia/values-staging.yaml @@ -1,9 +1,10 @@ ingress: + enabled: true hosts: - host: idp.staging.jamkazam.com paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix authelia_url: https://idp.staging.jamkazam.com domain: staging.jamkazam.com diff --git a/scripts/fast-deploy-console b/scripts/fast-deploy-console index 7a5bc18..8602255 100755 --- a/scripts/fast-deploy-console +++ b/scripts/fast-deploy-console @@ -1,34 +1,64 @@ #!/bin/bash set -e -# scripts/fast-deploy-infra.sh +# scripts/fast-deploy-console # Quickly updates Console, Authelia, and Ingress-Nginx bypassing CI/CD. ENV=${1:-staging} -CONTEXT="lke-video-$ENV" # Adjust this if your context names differ + +# Use the directory where the script is located to find the project root +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" echo "🚀 Fast-deploying infra components to $ENV..." +echo "📍 Project Root: $PROJECT_ROOT" + +# Function to adopt existing resources into Helm +adopt_resource() { + local kind=$1 + local name=$2 + local ns=$3 + local release=$4 + + if kubectl get "$kind" "$name" -n "$ns" &>/dev/null; then + echo "🏗️ Adopting $kind/$name into Helm release $release..." + kubectl label "$kind" "$name" -n "$ns" "app.kubernetes.io/managed-by=Helm" --overwrite + kubectl annotate "$kind" "$name" -n "$ns" "meta.helm.sh/release-name=$release" --overwrite + kubectl annotate "$kind" "$name" -n "$ns" "meta.helm.sh/release-namespace=$ns" --overwrite + fi +} # 1. Update Authelia echo "📦 Updating Authelia..." -helm upgrade --install authelia k8s/authelia - --namespace authelia - --create-namespace - -f k8s/authelia/values.yaml - -f k8s/authelia/values-$ENV.yaml +# Adopt all resources including PVCs +adopt_resource secret authelia-secrets authelia authelia +adopt_resource configmap authelia-config authelia authelia +adopt_resource service authelia authelia authelia +adopt_resource deployment authelia authelia authelia +adopt_resource ingress authelia authelia authelia +adopt_resource pvc authelia-data authelia authelia + +helm upgrade --install authelia "$PROJECT_ROOT/k8s/authelia" \ + --namespace authelia \ + --create-namespace \ + -f "$PROJECT_ROOT/k8s/authelia/values.yaml" \ + -f "$PROJECT_ROOT/k8s/authelia/values-$ENV.yaml" # 2. Update Console (The Wiki) echo "📦 Updating Console..." -helm upgrade --install console k8s/console - --namespace console - --create-namespace - -f k8s/console/values-$ENV.yaml +adopt_resource secret console-html console console +adopt_resource service console console console +adopt_resource deployment console console console +adopt_resource ingress console console console -# 3. Optional: Update Ingress-Nginx (usually static, but good to have) +helm upgrade --install console "$PROJECT_ROOT/k8s/console" \ + --namespace console \ + --create-namespace \ + -f "$PROJECT_ROOT/k8s/console/values-$ENV.yaml" + +# 3. Optional: Update Ingress-Nginx if [[ "$2" == "--with-ingress" ]]; then echo "📦 Updating Ingress-Nginx..." - # Note: This uses the official repo but local values pattern if we had one - # For now, we'll just trigger a restart to pick up any config changes if needed kubectl rollout restart deployment/ingress-nginx-controller -n ingress-nginx fi