feat(auth): Deploying traefik-forward-auth with Helm chart

2025-11-01 18:37:52 +00:00 · 2023-04-10 14:43:24 +02:00
parent e6cad43b4b
commit 9d5a579793
9 changed files with 34 additions and 116 deletions
--- a/apps/arr/auth.yaml
+++ b/apps/arr/auth.yaml
@@ -0,0 +1,32 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: auth-arr
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: applications
+  source:
+    repoURL: https://github.com/vehagn/homelab
+    path: helm/application
+    helm:
+      values: |-
+        name: auth
+        namespace: arr
+        authOnly: true
+        auth:
+          host: auth-arr
+          cookieDomain: stonegarden.dev
+          cookieName: _arr_auth
+          whitelist:
+            - veghag@gmail.com
+  destination:
+    namespace: arr
+    name: in-cluster
+  syncPolicy:
+    automated:
+      selfHeal: true
+      prune: true
+    syncOptions:
+      - CreateNamespace=true
--- a/apps/arr/ingress.yaml
+++ b/apps/arr/ingress.yaml
@@ -6,13 +6,6 @@ spec:
  entryPoints:
    - websecure
  routes:
-    - match: Host(`auth-arr.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: traefik-forward-auth
-          port: 4181
-      middlewares:
-        - name: traefik-forward-auth
    - match: Host(`torrent.stonegarden.dev`)
      kind: Rule
      services:
@@ -20,19 +13,5 @@ spec:
          port: 8112
      middlewares:
        - name: traefik-forward-auth
-    - match: Host(`sonarr.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: sonarr
-          port: 8989
-      middlewares:
-        - name: traefik-forward-auth
-    - match: Host(`radarr.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: radarr
-          port: 7878
-      middlewares:
-        - name: traefik-forward-auth
  tls:
    certResolver: letsencrypt
--- a/apps/arr/kustomization.yaml
+++ b/apps/arr/kustomization.yaml
@@ -4,7 +4,7 @@ kind: Kustomization
 resources:
  - cm-common-env.yaml
  - ingress.yaml
-  - traefik-forward-auth
+  - auth.yaml
  - torrent
  - prowlarr.yaml
  - sonarr.yaml
--- a/apps/arr/radarr.yaml
+++ b/apps/arr/radarr.yaml
@@ -20,7 +20,7 @@ spec:
            hostPath: /disk/etc/radarr
            mountPath: /config
        service:
-          containerPort: 8686
+          containerPort: 7878
      valueFiles:
        - ../../apps/arr/common-values.yaml
  destination:
--- a/apps/arr/traefik-forward-auth/configs/traefik-forward-auth.ini
+++ b/apps/arr/traefik-forward-auth/configs/traefik-forward-auth.ini
@@ -1,5 +0,0 @@
-cookie-name = "_arr_auth"
-log-level = "error"
-cookie-domain = "stonegarden.dev"
-auth-host = "auth-arr.stonegarden.dev"
-whitelist = "veghag@gmail.com"
--- a/apps/arr/traefik-forward-auth/deployment.yaml
+++ b/apps/arr/traefik-forward-auth/deployment.yaml
@@ -1,51 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: traefik-forward-auth
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: traefik-forward-auth
-  strategy:
-    type: Recreate
-  template:
-    spec:
-      terminationGracePeriodSeconds: 60
-      containers:
-        - image: thomseddon/traefik-forward-auth:2
-          name: traefik-forward-auth
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 4181
-              protocol: TCP
-          env:
-            - name: CONFIG
-              value: "/config"
-            - name: PROVIDERS_GOOGLE_CLIENT_ID
-              valueFrom:
-                secretKeyRef:
-                  name: traefik-forward-auth-secrets
-                  key: google-client-id
-            - name: PROVIDERS_GOOGLE_CLIENT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: traefik-forward-auth-secrets
-                  key: google-client-secret
-            - name: SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: traefik-forward-auth-secrets
-                  key: secret
-          volumeMounts:
-            - name: configs
-              mountPath: /config
-              subPath: traefik-forward-auth.ini
-
-      volumes:
-        - name: configs
-          configMap:
-            name: configs
-        - name: traefik-forward-auth-secrets
-          secret:
-            secretName: traefik-forward-auth-secrets
--- a/apps/arr/traefik-forward-auth/kustomization.yaml
+++ b/apps/arr/traefik-forward-auth/kustomization.yaml
@@ -1,16 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: arr
-
-commonLabels:
-  app: traefik-forward-auth
-
-resources:
-  - service.yaml
-  - deployment.yaml
-  - middleware.yaml
-
-configMapGenerator:
-  - name: configs
-    files:
-      - configs/traefik-forward-auth.ini
--- a/apps/arr/traefik-forward-auth/middleware.yaml
+++ b/apps/arr/traefik-forward-auth/middleware.yaml
@@ -1,10 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: traefik-forward-auth
-spec:
-  forwardAuth:
-    address: http://traefik-forward-auth.arr.svc.cluster.local:4181
-    authResponseHeaders:
-      - X-Forwarded-User
-    trustForwardHeader: true
--- a/apps/arr/traefik-forward-auth/service.yaml
+++ b/apps/arr/traefik-forward-auth/service.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: traefik-forward-auth
-spec:
-  type: ClusterIP
-  selector:
-    app: traefik-forward-auth
-  ports:
-    - name: auth-http
-      port: 4181