mirror of
https://github.com/optim-enterprises-bv/homelab.git
synced 2025-10-30 01:22:31 +00:00
feat(netbird): change oidc provider to authelia
This makes it possible to decommission keycloak and crossplane
This commit is contained in:
Vegard Hagen
@@ -73,6 +73,7 @@ configMap:
|
||||
certificate_chain: { path: /secrets/ecdsa-jwk/tls.crt }
|
||||
cors:
|
||||
allowed_origins_from_client_redirect_uris: true
|
||||
endpoints: [ userinfo, authorization, token, revocation, introspection ]
|
||||
clients:
|
||||
- client_id: argocd
|
||||
client_secret:
|
||||
@@ -100,6 +101,16 @@ configMap:
|
||||
redirect_uris: [ http://localhost:8000, http://localhost:18000 ]
|
||||
scopes: [ openid, groups, email, profile, offline_access ]
|
||||
userinfo_signed_response_alg: none
|
||||
- client_id: netbird
|
||||
client_name: NetBird
|
||||
public: true
|
||||
authorization_policy: two_factor
|
||||
audience: [ netbird ]
|
||||
redirect_uris:
|
||||
- http://localhost:53000
|
||||
- https://netbird.stonegarden.dev/callback
|
||||
- https://netbird.stonegarden.dev/silent-callback
|
||||
scopes: [ openid, profile, email, offline_access, netbird-api ]
|
||||
|
||||
secret:
|
||||
additionalSecrets:
|
||||
|
||||
@@ -22,13 +22,13 @@ spec:
|
||||
type: RuntimeDefault
|
||||
containers:
|
||||
- name: coturn
|
||||
image: coturn/coturn:4.6.2-r8 # renovate github-releases=coturn/coturn
|
||||
image: coturn/coturn:4.6.2-r8 # renovate github-releases=coturn/coturn versioning=loose
|
||||
args:
|
||||
- --listening-ip=$(LISTENING_IP)
|
||||
- --listening-port=$(LISTENING_PORT)
|
||||
- --tls-listening-port=$(TLS_LISTENING_PORT)
|
||||
- --realm=$(REALM)
|
||||
- --user="$(NETBIRD_COTURN_USER):$(NETBIRD_COTURN_PASSWORD)"
|
||||
- --user="$(NETBIRD_USER):$(NETBIRD_PASSWORD)"
|
||||
- --lt-cred-mech
|
||||
- --cert=/usr/local/etc/tls.crt
|
||||
- --pkey=/usr/local/etc/tls.key
|
||||
|
||||
@@ -5,8 +5,8 @@ metadata:
|
||||
namespace: coturn
|
||||
spec:
|
||||
encryptedData:
|
||||
NETBIRD_COTURN_PASSWORD: AgA/61HXTm74qjOpXkLIcws+CNQUq6T/jIiJtfb37SuhpOjR0X3nr6+Y0M2A9P3V2IXiiZSxOQrbGtJEj8fre/IIprH/Rk/ElZSQmhJaHrUo3HJUx4extslIN2Ei2VxLbnujpT6AlHaDGLkU0PIX9+ikD1fPba3u2EO2SQ728FRrudC2mVcGWvqDDPwvnowjQV7OV5x+wPE7DQ96cAeEsirF/uZj5/d8NmQxQ2/Xs8qKgESt9W31hgCTuUNjN/5SEhpu7n9gv2Nxkq8F6nJvJIkDO5/iSFVIGCvxXsLrv3CIlmU9QLCA+vu0JHJPSXGFDZofcEESDafXQwa/I74371uH4xcp1TkdigRE5GK/zfDaFQQgkI/wbWv2LeKHETJaWSZ2ax3LAc7ftRVb6MlWBDxEmJV4ihYy2PCdw6Of+hAsgVpHAu/Mff9JL760Oie6Lfh38e2qVEbmJ1hdzFOSzaYFWFZ8aB6Nh8HBMBWVe2PrNg+Qy5jXOJ/nS0qOl8m9bii0OE2KFrnS/PHGqnCF8lIAfUITUBI9NR56ydYxKb12gG3hesUfWG3PrnH+LPW8Z9l+P3CbUrZOqpgYQ3SkiStOpogPoDQ2TnCTcJUqjC6ZUPq3KOxEHDmz9anofp+DLJKkvRzfTdfdJgStN/2YbxTpEECw/+vx+VmiKs5TjvGH5Ypxec2XLMZhm/6Bk/Rj6Zc2EPX7+JAdCRmhoElEXy8AKprFy+6a8v1F/D1CMHJzutoL7wT1OARr
|
||||
NETBIRD_COTURN_USER: AgBL0RSmQaVGKJMkJuEBn0hPfQQjrj8ezVoIA7FlkY8G0w3cigGPa1G0KWQ3SgJ/8c31fPKLLQflwc28pWvw5A1ePSJNccAwmdCuI0pQ270N+2R1D+QzQwtAgq2CZRfSK7OdQXZ0MD59pDNCCseF2/w+aOCasBIKCDKSTTJ/NBsuHifkNzmuyLZkaptpIfCTaKIIboLQIH9rZgFJ//uBx09SGETcErh456p8cQgIcc7+yhvlTGm7Uu48cMQf+Kdd1eJL/YCZKArV9qQWV9ZH1YM6P0i+YgDpKJfwjliJ1CxJNC6hS3zYDxBoIY6EN393gRJnAIdUmfeYXYT/naMEjc73t78KOXPfMvfWRLUx+q3wHEpaRCILBHEH0zFShe6c+p0xBwP9SCtr0Lso62f4sRCindBZMquZbSkpUwRT3qxLSShQLeAjeKLzO0yxkmFK2j4LVaQw0x9jpebLmFdPYPwAM5wj21pBXtMprgLb7zyu55LrSE9Uu2Cdn5DPRjRygwtIzUEu+0l8NgFo4gbzl04i+0tV9VaGhP+qL98u1aDHK0GiDKj71t8Q1R9WkInwOW6ULCrWpHAIPWZBJ9RV8T5I3YXBhoWyyx+GxRWUhKoq5KvL8TXwTHZBkLBfIc/fPSbUZ0HEZiSq9LuBqYdxEiZ1p6VbEsQUMa3WbzsVw5J7GYb53ghw3xIFZiAUJRRiM1tRbwRIMr0Y
|
||||
NETBIRD_PASSWORD: AgCSANuCiynyFeiRsWbHflay74tMsZ7lUiTRo0j7rcZmloSvvzQPYR+jdcubdagXaoskGHr50AplXE+2nv1VZ4GJl3Ik66YgwRkI2qdQtyIpKFq2650sVHQSSE7CqPnkIRD5/1UllSlVuBdb9E3bMbVB7nI6jqxxNRokfVN3yvVC3I0Xxqlb7FnYxwqqp1LsOkEdb0wWNNdAWS5V88px5U5d7azMhwexJuF+DBhRP+A5wqxaMvcoqPOBd22AsLiHC/pxThIq6yf/vUQSd1oBEcBhOqQVKsLWdRHBclKeoEjrx9sflaF7QAFlTiqHU3SqrnSU9owTyVxoytHCXQu3UwWEfn3AvseQ/uyDvxPBCYIILAv3CfuIwzbBpj7IR6OBWuJRRLVa4EUKo30tzglo34ZQc9/499KUqjgqNFw5NUrOmcpl+V7Q4O0xju/GGU8ykkHukR7KCT22yqhzbTNNepwnyvKPx4OEHUBiujf03fqJphSTdwvkfLDJgFW+Zfq7xsk3KVYBxU+ENA4425qKFgPWheIE13Gca5OOWD8KTc4rquBG0eL4B4CYUBb9Yyo3t8SePlrtjbQzoC6UU9YihXCMlWcYfnVzJfpWxPNsRll/2aptwz0THRLNNk4RdOJtGcQIcmFplEsvgP4v8f2pt0lDM6SfwwmqUAR/RYnNwa1IzuvjiUSyfMABuTUe3lB9zO/97HsHgt19DqlUOQMxFbVXSlo9mxMJ5nycJvVn+0HP4xx/srCxRgxo
|
||||
NETBIRD_USER: AgCCz+ai0Oj2UjXQjwhoLX3Sr4QNig5vqiBmnN+S9dFU7tgVWX55T6WgWQA7Z2UfOpRI5sbJYJCEdXhhsBinfIhosg5JWPAlcxnW1qUEdFU1j2F1COSjRzZyJShCvW/h9jiGoUu94DYLNAE146qqQrjkYB5JMZEtaB2qJJBaeZNYTIzKQbrmZuc8YNJIIt6trfDAG48zDBWobLF0InW+xNsdGDgTIJIyer0ecgIsqMy1sGVGORLT/vIsDpQZYwcdaYm67t8C49qUhlsq7qBY1pMxGi98Wm92n7xgAfeu1k0nDq3LQ1rxVRBY2TrwKYcmrsmKzxPpCw8/KO/hVVcLOIELyUDtE5zHohSZs/Qq/C7xIPOMK9zjj+7wDkZpJPesinWCHZAk7qjXBMKwKTz9YXBcDOQ36OQU21GQC9jxFTHcd5vzlTplZ7Wa5qT9swKZuyvQR6Bis1jZsRKqt4F/IfxdZii5rCCb9YL42YDYpDtC/Ar5kw0CARryVTpIFhyU0Sn+7i82P2uG86QZC/0X+Is3CPdL4sqHj1JEkxWlPQhh+4FH8MhdPJjvHRwUQ7dVjIrQsmUbajM5Dmqpr7k7lkxUAzzkH9VDSFmzkRc4lltpV7npIopZNLoKXoY2QK3EnHXWtkNWYL6JMRbB/TsmQ89s1DB13cgVRA69gUX1LDMbdufzWypAevCY2GkP+U2u5Z2b86rV1LiC
|
||||
template:
|
||||
metadata:
|
||||
name: netbird-credentials
|
||||
|
||||
@@ -1,13 +1,16 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: agent-setup-key
|
||||
namespace: netbird
|
||||
spec:
|
||||
encryptedData:
|
||||
NB_SETUP_KEY: AgCf/R+4ARcoG/r0tApenFw4cIaLdHPJcSB2vbK/3Hll1AGTqHEyZvfWAU2HIeTr8MGGZpB5Fg9TyDcJ3rM340QspgmK4nf8mppQoJo/GP5fM/QWvXyRyb1RPgS+5U3faiawStDWYsf2tugB+OLxPx4V4ZYtldF8dMgsUFk5o3Spja6+jhC19ZCq136RrgO5oS7Tgns20XuyYqc/LwapjNdmBHUiEXajnz1egTL71GFRrhspWPTaOhpHPoV9ZU1rpi1ZtY12sazrjsu3WvnBHzqrsutZm7aX9vUDA3r5zB2E6c5Q2gI4nEACT6Kbvl8FjSgAYkkSWXcjsbNSZ8YfWolSrVPGGc5f6eMdk52b32ednyfXEdi+kx+JOmLguXJiPljEqmJ3EcHmvHDsoQN1cY9+FkGCgVHXgXAgRxnhJ/kOHyK/JGYrAz2g64owfYKr1W+BB9BVIvqY4nVZ9sj71AymQx1ABxxAg/oNDUuI4k2PfoVUd2j9EK6drVpDscPz9z/pCreCvSwACPznSbMAgkeCdwSxf/kaSzCxxscv/j1mP+mCp8i8vmXZkaVxQEWCh1jZVzP6VL9RDSxhGAV3Neq9FJy8x3Gegn8A1mhjoOkYQHPtgpZHvwtMdPTM3lpyPuoBXdT/sHtHnHLtq5383K0O3J57DgjGM0vp5TzszE0E5XqV+ynxq6bghKWUA209I8Q1WO+Q785xrHg5+aExjxKE50vIhjyjfm+1fKa7YZ6pqMEuzvw=
|
||||
NB_SETUP_KEY: AgATDxsu2H2WWQnbGFJ8IaYjIApaW1p2Ir85lMxYH63QCeiLqcRaYG+VYhd1xJcUvSDXnBn0e+0phSs7NcmXP/SExvt01o0YPYh4dOecLtPudSPl7eldSR9+i0bXSSqVsbm1cYnJ5fRhdSt+TfOR/RzLt7geK6BUggjh1gJ2N1eYSK5J52vGhr8j7JJ/4+JLJQK33PCRJjCKMAcz/x4yNhyBE4MFpFTRQ7dW3K0HXYe/i2nmKxxN1EtMVmTYCWX0bOr008+BForgtFMC68lWxoS3PGnWE0ejE3saGuz1EqmLhftb3UZr/luc8IknJcmzzdNApc7K4iYXXpOFvWVfLwOve3sp/m6Wlu1qEautaH3P9qnf5D9KOiNRgK1t/B3tu1bJTdK9uzgKpCGTQ+RSLA9gQG1EAvZApe1+FsGsQckiDoh3GFsNMXrZWJdkQKDmfJXfk79Z0Tc1myrRItpjbNnofFOzkaMVdI8fjdUng6+US8nmwDWsEQeuMWTrBiHWCtybk9bsW+dL7cQsGfun4UuxMXNuJIVhH0FtVrZcwK3Jw0UuP0tjAa/pfcT0AJwcfXGFpiK381vDG9SgGdIehDlE70HciCSza2iSdYj5DrbMxCLIvddcPrSSvFZvRQMqEAcaSXkmfPXZOGaB8yMQt7fSJEjn76U61q39Xhp/I0V50FX5aeJehs9zjEVkGCZcmwRyaC8+7p9JLWQBw+Wp/Eetc9d6zfu/ZAEW6hfi7lgP2RV1F4M=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: agent-setup-key
|
||||
namespace: netbird
|
||||
type: Opaque
|
||||
|
||||
@@ -7,7 +7,7 @@ configMapGenerator:
|
||||
literals:
|
||||
# variables: https://github.com/netbirdio/dashboard/blob/main/config.json
|
||||
- AUTH_AUDIENCE="netbird"
|
||||
- AUTH_AUTHORITY="https://keycloak.stonegarden.dev/realms/homelab"
|
||||
- AUTH_AUTHORITY="https://authelia.stonegarden.dev"
|
||||
- AUTH_CLIENT_ID="netbird"
|
||||
- AUTH_REDIRECT_URI="/callback"
|
||||
- AUTH_SILENT_REDIRECT_URI="/silent-callback"
|
||||
@@ -15,6 +15,7 @@ configMapGenerator:
|
||||
- USE_AUTH0="false"
|
||||
- NETBIRD_MGMT_API_ENDPOINT="https://netbird.stonegarden.dev"
|
||||
- NETBIRD_MGMT_GRPC_API_ENDPOINT="https://netbird.stonegarden.dev"
|
||||
- NETBIRD_TOKEN_SOURCE="idToken"
|
||||
|
||||
resources:
|
||||
- deployment.yaml
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Stuns": [
|
||||
{
|
||||
"Proto": "udp",
|
||||
"URI": "${NETBIRD_STUN_URI}",
|
||||
"URI": "${STUN_URI}",
|
||||
"Username": "",
|
||||
"Password": null
|
||||
}
|
||||
@@ -11,9 +11,9 @@
|
||||
"Turns": [
|
||||
{
|
||||
"Proto": "udp",
|
||||
"URI": "${NETBIRD_TURN_URI}",
|
||||
"Username": "${NETBIRD_COTURN_USER}",
|
||||
"Password": "${NETBIRD_COTURN_PASSWORD}"
|
||||
"URI": "${TURN_URI}",
|
||||
"Username": "${COTURN_USER}",
|
||||
"Password": "${COTURN_PASSWORD}"
|
||||
}
|
||||
],
|
||||
"CredentialsTTL": "12h",
|
||||
@@ -21,60 +21,60 @@
|
||||
"TimeBasedCredentials": false
|
||||
},
|
||||
"Relay": {
|
||||
"Addresses": ["${NETBIRD_RELAY_URI}"],
|
||||
"Addresses": ["${RELAY_URI}"],
|
||||
"CredentialsTTL": "24h",
|
||||
"Secret": "${NB_AUTH_SECRET}"
|
||||
},
|
||||
"Signal": {
|
||||
"Proto": "${NETBIRD_SIGNAL_PROTOCOL}",
|
||||
"URI": "${NETBIRD_SIGNAL_URI}",
|
||||
"Proto": "${SIGNAL_PROTOCOL}",
|
||||
"URI": "${SIGNAL_URI}",
|
||||
"Username": "",
|
||||
"Password": null
|
||||
},
|
||||
"Datadir": "",
|
||||
"HttpConfig": {
|
||||
"Address": "0.0.0.0:80",
|
||||
"AuthAudience": "${NETBIRD_AUTH_AUDIENCE}",
|
||||
"AuthUserIDClaim": "${NETBIRD_AUTH_USER_ID_CLAIM:-sub}",
|
||||
"CertFile": "${NETBIRD_MGMT_API_CERT_FILE}",
|
||||
"CertKey": "${NETBIRD_MGMT_API_CERT_KEY_FILE}",
|
||||
"OIDCConfigEndpoint": "${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT}"
|
||||
"AuthAudience": "${AUTH_AUDIENCE}",
|
||||
"AuthUserIDClaim": "${AUTH_USER_ID_CLAIM:-sub}",
|
||||
"CertFile": "${MGMT_API_CERT_FILE}",
|
||||
"CertKey": "${MGMT_API_CERT_KEY_FILE}",
|
||||
"OIDCConfigEndpoint": "${AUTH_OIDC_CONFIGURATION_ENDPOINT:-${AUTH_AUTHORITY}/.well-known/openid-configuration}"
|
||||
},
|
||||
"IdpManagerConfig": {
|
||||
"ManagerType": "${NETBIRD_IDP_MANAGER_TYPE:-none}",
|
||||
"ManagerType": "${IDP_MANAGER_TYPE:-none}",
|
||||
"ClientConfig": {
|
||||
"Issuer": "${NETBIRD_AUTH_AUTHORITY}",
|
||||
"TokenEndpoint": "${NETBIRD_AUTH_TOKEN_ENDPOINT}",
|
||||
"ClientID": "${NETBIRD_IDP_MGMT_CLIENT_ID}",
|
||||
"ClientSecret": "${NETBIRD_IDP_MGMT_CLIENT_SECRET}",
|
||||
"Issuer": "${AUTH_AUTHORITY}",
|
||||
"TokenEndpoint": "${AUTH_TOKEN_ENDPOINT}",
|
||||
"ClientID": "${IDP_MGMT_CLIENT_ID}",
|
||||
"ClientSecret": "${IDP_MGMT_CLIENT_SECRET}",
|
||||
"GrantType": "client_credentials"
|
||||
},
|
||||
"ExtraConfig": ${NETBIRD_IDP_MGMT_EXTRA_CONFIG:-null}
|
||||
"ExtraConfig": ${IDP_MGMT_EXTRA_CONFIG:-null}
|
||||
},
|
||||
"DeviceAuthorizationFlow": {
|
||||
"Provider": "${NETBIRD_AUTH_DEVICE_AUTH_PROVIDER}",
|
||||
"Provider": "${AUTH_DEVICE_AUTH_PROVIDER}",
|
||||
"ProviderConfig": {
|
||||
"Audience": "${NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE}",
|
||||
"Audience": "${AUTH_DEVICE_AUTH_AUDIENCE:-${AUTH_AUDIENCE}}",
|
||||
"AuthorizationEndpoint": "",
|
||||
"Domain": "${NETBIRD_AUTH_DEVICE_AUTH_AUTHORITY}",
|
||||
"ClientID": "${NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID}",
|
||||
"DeviceAuthEndpoint": "${NETBIRD_AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT}",
|
||||
"TokenEndpoint": "${NETBIRD_AUTH_DEVICE_AUTH_TOKEN_ENDPOINT}",
|
||||
"Scope": "${NETBIRD_AUTH_DEVICE_AUTH_SCOPE}",
|
||||
"UseIDToken": ${NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN:-false}
|
||||
"Domain": "${AUTH_DEVICE_AUTH_AUTHORITY:-${AUTH_AUTHORITY}}",
|
||||
"ClientID": "${AUTH_DEVICE_AUTH_CLIENT_ID:-${AUTH_CLIENT_ID}}",
|
||||
"DeviceAuthEndpoint": "${AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT:-${AUTH_DEVICE_AUTH_AUTHORITY:-${AUTH_AUTHORITY}}/protocol/openid-connect/auth}",
|
||||
"TokenEndpoint": "${AUTH_DEVICE_AUTH_TOKEN_ENDPOINT:-${AUTH_DEVICE_AUTH_AUTHORITY:-${AUTH_AUTHORITY}}/protocol/openid-connect/token}",
|
||||
"Scope": "${AUTH_DEVICE_AUTH_SCOPE}",
|
||||
"UseIDToken": ${AUTH_DEVICE_AUTH_USE_ID_TOKEN:-true}
|
||||
}
|
||||
},
|
||||
"PKCEAuthorizationFlow": {
|
||||
"ProviderConfig": {
|
||||
"Audience": "${NETBIRD_AUTH_AUDIENCE}",
|
||||
"ClientID": "${NETBIRD_AUTH_CLIENT_ID}",
|
||||
"ClientSecret": "${NETBIRD_AUTH_CLIENT_SECRET}",
|
||||
"Audience": "${AUTH_AUDIENCE}",
|
||||
"ClientID": "${AUTH_CLIENT_ID}",
|
||||
"ClientSecret": "${AUTH_CLIENT_SECRET}",
|
||||
"Domain": "",
|
||||
"AuthorizationEndpoint": "${NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT}",
|
||||
"TokenEndpoint": "${NETBIRD_AUTH_TOKEN_ENDPOINT}",
|
||||
"Scope": "${NETBIRD_AUTH_SUPPORTED_SCOPES}",
|
||||
"RedirectURLs": ${NETBIRD_AUTH_PKCE_REDIRECT_URLS},
|
||||
"UseIDToken": ${NETBIRD_AUTH_PKCE_USE_ID_TOKEN:-false}
|
||||
"AuthorizationEndpoint": "${AUTH_PKCE_AUTHORIZATION_ENDPOINT:-${AUTH_AUTHORITY}/api/oidc/authorization}",
|
||||
"TokenEndpoint": "${AUTH_TOKEN_ENDPOINT:-${AUTH_AUTHORITY}/api/oidc/token}",
|
||||
"Scope": "${AUTH_SUPPORTED_SCOPES}",
|
||||
"RedirectURLs": ${AUTH_PKCE_REDIRECT_URLS:-[ "http://localhost:53000" ]},
|
||||
"UseIDToken": ${AUTH_PKCE_USE_ID_TOKEN:-true}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,8 +5,8 @@ metadata:
|
||||
namespace: netbird
|
||||
spec:
|
||||
encryptedData:
|
||||
NETBIRD_COTURN_PASSWORD: AgDqQcK00P3BzxGLFtZI7o/eCdH0hL8E98vyecAMmUl+aI6mx0bK4J6yo39C0y8twTzTtkZEQVAsgK+bS+KxmHxyJVQj09CG+pUdrzKWTti1ZD/D4YdYx/zsSMrHri/Ks+p9wEymSOiFTGMmk8H5/W8xgUng5bY2OjsDEn+kxnvGhnW8JaunGBt3xm4/dE02y9z62RTDVnEEWo+Qoa64BMxYbIlmHk2hGYZYAzvDhLXjDlbgeUe38UnWA0FmjcfI8ClyY4NLvArwNYe7G6taZ7twjO7BiP179ZBq8kuYUNcQPsiA/ZC/a0H11yjL8B/KhwrW6ug/newbArTis/553+qLxnbcmTRA4jaJ1cCZ165R34Pkbv7HZwNs/EAawzOxcx348cA6ctoge0+wHVck1eo79e058okFqsMi0zpM7pKZ1tsYFqi3Bj1Ctixy1EQIeeG57/dPNR4OLB4dszxh2mo/ppq5WTLfiez3osUwQ0rdK5VSI7uau6a9c1XMF7CPRKvyWZUtOJ0JyeJwa9KWCLZvxkNVxyQQWagxwD0o2EuqsYws0uA93xowgdz+4L2u7Wif1nNqu8kAG3lUnomssroyRufTzq3QhfxWT67Edw/ZGMyAnlqOJ6SPX4rFoD/CjAuRSQ2kyeXZQGk0b2oAGTzbCsukDXf/kBqTuf6pjmjTuPvQcbrddGMYjd0VLUXFxD4c2vQXEfzLmmMF6sw4Kh7bJr5JbnLJRNFjCBk+mcLDms+7ngO5r/Eq
|
||||
NETBIRD_COTURN_USER: AgBiZPsjI4PznUYCXhqsVr9STp7S3WlhiMa8enpyZamm48nVDzcbtN+i75B5VUpvqM8Sa0WzQWiq5uJ6lwyRZELcXCUAeTQefIcLl3Qv3DPwfm5DHPFQLUkVNlfMbAfKG2cZB9T1xw58+xtUZPFuT+MGVGhzSJUP8m8eKMRrk6yr6a7gkwDkbNnhB6q1dyEOE4S1i906vunohG6a1ru+9GByipjILxCT9dq17MkJneSFxqRkzm26QE1uge6GNCGgHpabym7SdU0Cn34u8iLZnc04tnhL5yBZVGzH2EF8v+brqNm0SjnDbeBNKcZCS+JnaiCl1Ym4EfhYtfRKqw6+6+aJy+YxDQkR5JriCp6MclFBd0sw6+GqlMzVjWLj2DjWTH5yQIGu0NOlEHauBOko6uo0Hg2yhd1VqjTz7tISbF+I5+RAJMlr0L3a8Z0kRtOP4Mi+p8CCDw/vzK8fw4Q1m+VWAiskMihv3pCXjngJLmwfDt0lbNen6ojxwNetST3RR0ilJITxoGA+eyMeT5fDn2OVxUWPI0iqnmQeAQoisI7LQRBCcFPQooUFsN1jUHMrrgvgE0i2R2uYeokrERLaneH3WVuU/4o6u2rJwxWJeUXviLR2m52ZpGc5WI+bwIOu6/sMhDCv/hNx48Qe4lp4M+tiadTs7jaIi7c5vTLOE6yipeWQByRUAt2KWQbs1K6WrIimhO3+TDo4
|
||||
COTURN_PASSWORD: AgCgCe8fZnFhU8rmgEoFV62igjZgJbFUPzI7vPH/If2/ju5D8ACLaBmGkNYquLMEBp+GZS54gWJBp8OLNcENVAkOx+8BKjsCRyk2wJPEK71Zt6nAll28WXwhv6WiVBeIpsMnG0ob7C2/0TqD0ebJwafvJHNJLjdx6N1CaT4RyGY/n4nyRdXoZUYxuDqaE/fPbkhsdfjkPsXq+ve+d5uBejYyfaRKCmqIIrDe0KyPKxLMQXF9sUFi2rF4xy/eVO1KxkMqWk/KciBCswthge0y3Nk+b3CFFobSY219yMgEaWOTZBQ5xTHKyVJNtkWGf/i9nGAXPNbxQSV1VVTz8xxDDcVWswoLH2F+73CrjSjQ2qdd1B3sMZaQY/kjuj7z43x11765QgYEj7QQxjRLUvmj2jF4sUvp/B6j+iJN46pyeb6G78xOJyzr4Vs2oG/53T0qsR6XTgQih9/SvOAdX07w+I/zFPadhW/1XtGqR0Rqd1tPfjsCNFUKitVp+itcuNoqRsH30HL6uRSrq7Wm0W8VaZ11pD80mmzJLOTzI5pkARBsjksJGKDapZOiaIOhDgLm2S45WaC6xdhdYWkyA5wxzCa2dwuc+AkElrwVfAqTvR3Dm00apFgiGRCWYJomtiaQo19QEPuVvSiEupjQF7bn2+MPCTdTINCJZVy7O8O6whYhqFmtd7RVyJ2aAcHoikhyJCvTXdm9wTqKhIiErKs/wht4HuaPQAJLX03V5IV+mVBDSsWOQTB7rCm4
|
||||
COTURN_USER: AgDaVgHnnQayA67NukrkWSKB8464fJNv6SsvjmNvM8Y291a4cy6dvD1vexH1k5JBTldoAMQwFoSV7axYlLeJx91VD+dUxKK12I6vIT+Exk9vI1y5PWbMJCQA+9uADaKmrl1MquIyBnuCjemieFMX7QLWc5Jj8w0lHdiTwiIJNzl5Wa3FbV4YxNWxJTS67HSjlU6mXtIxVYKBKWmAvSutVchQptlukdpvKoHIsAdaMh5JYj1Ad+Uix8MwWGUppEHds1G9nV1HbwxhN5mCjI7F6CzqLflWhacCy3YhPTta11w4aSPcjI4yOr1Zerao9rwVH4Ec6Oetqy1mnhVx9lGy4NWYZm9kua9kcm859p66eDivHpJk2VFkck+I6oWludRjZpYaRawm2ByX0/gMEgAVS/4kGRpUq9AXzYySHRLymfwnDy7h4/+PiR7xxFOS417qD4sNVAprOsFmBYPFyxRmWD5JxpSv3/AJVLxvu1sOPfA9Ff33If04pEbPLlEWXT06247WykCdCJgu0Iie8kdrRTpRqiSjF7O1A+ftVX7N94fT106DOgCjtasFrWa5by4EEeTYNVmL9h4w2rbeKrLFRW47reWlCIdtHpP9+oKdCch9q3klG35SIvc1cx2MhVl4tyEV/fxPgaezfJrs27WwGjyqYT6pPNZwgApTFL0lPV8SXtKDjldR2ZuKundHa0JFXxa/1K2Be3Yk
|
||||
template:
|
||||
metadata:
|
||||
name: coturn-credentials
|
||||
|
||||
@@ -10,27 +10,29 @@ configMapGenerator:
|
||||
- name: management-auth-config
|
||||
namespace: netbird
|
||||
literals:
|
||||
- NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://keycloak.stonegarden.dev/realms/homelab/.well-known/openid-configuration"
|
||||
- NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="hosted"
|
||||
- NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE="netbird"
|
||||
- NETBIRD_AUTH_DEVICE_AUTH_AUTHORITY="https://keycloak.stonegarden.dev/realms/homelab"
|
||||
- NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="netbird"
|
||||
- NETBIRD_AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT="https://keycloak.stonegarden.dev/realms/homelab/protocol/openid-connect/auth"
|
||||
- NETBIRD_AUTH_DEVICE_AUTH_TOKEN_ENDPOINT="https://keycloak.stonegarden.dev/realms/homelab/protocol/openid-connect/token"
|
||||
- NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid"
|
||||
- NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN="false"
|
||||
- NETBIRD_AUTH_AUDIENCE="netbird"
|
||||
- NETBIRD_AUTH_CLIENT_ID="netbird"
|
||||
- NETBIRD_AUTH_PKCE_REDIRECT_URLS='[ "http://localhost:53000" ]'
|
||||
- NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access netbird-api"
|
||||
- AUTH_AUTHORITY="https://authelia.stonegarden.dev"
|
||||
# - AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authelia.stonegarden.dev/.well-known/openid-configuration"
|
||||
# - AUTH_DEVICE_AUTH_AUTHORITY="https://authelia.stonegarden.dev"
|
||||
# - AUTH_DEVICE_AUTH_PROVIDER="hosted"
|
||||
# - AUTH_DEVICE_AUTH_CLIENT_ID="netbird"
|
||||
# - AUTH_DEVICE_AUTH_AUDIENCE="netbird"
|
||||
# - AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT="https://authelia.stonegarden.dev/protocol/openid-connect/auth"
|
||||
# - AUTH_DEVICE_AUTH_TOKEN_ENDPOINT="https://authelia.stonegarden.dev/protocol/openid-connect/token"
|
||||
# - AUTH_DEVICE_AUTH_SCOPE="openid"
|
||||
# - AUTH_DEVICE_AUTH_USE_ID_TOKEN="false"
|
||||
- AUTH_CLIENT_ID="netbird"
|
||||
- AUTH_AUDIENCE="netbird"
|
||||
# - AUTH_PKCE_REDIRECT_URLS='[ "http://localhost:53000" ]'
|
||||
# - AUTH_PKCE_USE_ID_TOKEN=true
|
||||
- AUTH_SUPPORTED_SCOPES="openid profile email offline_access netbird-api"
|
||||
- name: management-connection-config
|
||||
namespace: netbird
|
||||
literals:
|
||||
- NETBIRD_RELAY_URI="rels://netbird.stonegarden.dev:443"
|
||||
- NETBIRD_SIGNAL_URI="netbird.stonegarden.dev:443"
|
||||
- NETBIRD_SIGNAL_PROTOCOL="https"
|
||||
- NETBIRD_STUN_URI="stun:coturn.stonegarden.dev:5349"
|
||||
- NETBIRD_TURN_URI="turn:coturn.stonegarden.dev:5349"
|
||||
- RELAY_URI="rels://netbird.stonegarden.dev:443"
|
||||
- SIGNAL_URI="netbird.stonegarden.dev:443"
|
||||
- SIGNAL_PROTOCOL="https"
|
||||
- STUN_URI="stun:coturn.stonegarden.dev:5349"
|
||||
- TURN_URI="turn:coturn.stonegarden.dev:5349"
|
||||
- name: management-runtime-config
|
||||
namespace: netbird
|
||||
literals:
|
||||
|
||||
Reference in New Issue
Block a user