refactor: move domain value

Moves the configMap.domain to domain in the values.yaml and refactors some areas of the chart.
authelia · Feb 14, 2021 · e8de92f · e8de92f
1 parent 04b711b
commit e8de92f
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 16 deletions.
diff --git a/charts/authelia/Chart.yaml b/charts/authelia/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: authelia
-version: 0.1.1
+version: 0.1.2
 kubeVersion: ">= 1.13.0"
 description: Authelia is a Single Sign-On Multi-Factor portal for web apps
 type: application

diff --git a/charts/authelia/templates/_helpers.tpl b/charts/authelia/templates/_helpers.tpl
@@ -198,7 +198,11 @@ Returns the smtp password or a randomly generated one
 Returns the ingress hostname
 */}}
 {{- define "authelia.ingressHost" -}}
-    {{- printf "%s.%s" (default "auth" .Values.ingress.subdomain) .Values.configMap.domain -}}
+    {{- if .Values.ingress.subdomain -}}
+        {{- printf "%s.%s" (default "auth" .Values.ingress.subdomain) .Values.domain -}}
+    {{- else -}}
+        {{- .Values.domain -}}
+    {{- end -}}
 {{- end -}}
 
 {{/*

diff --git a/charts/authelia/templates/configMap.yaml b/charts/authelia/templates/configMap.yaml
@@ -14,13 +14,13 @@ data:
     port: {{ default 9091 .Values.configMap.port }}
     theme: {{ default "light" .Values.configMap.theme }}
     log_level: {{ default "info" .Values.configMap.log_level  }}
-    default_redirection_url: {{ default (printf "https://www.%s" .Values.configMap.domain) .Values.configMap.default_redirection_url }}
+    default_redirection_url: {{ default (printf "https://www.%s" .Values.domain) .Values.configMap.default_redirection_url }}
     {{- if (include "authelia.enabled.certificatesSecret" .) }}
     certificates_directory: /usr/app/certificates
     {{- end }}
     server: {{ toYaml .Values.configMap.server | nindent 6 }}
     totp:
-      issuer: {{ .Values.configMap.domain }}
+      issuer: {{ .Values.domain }}
       period: {{ default 30 .Values.configMap.totp.period }}
       skew: {{ default 1 .Values.configMap.totp.skew }}
     {{- with $duoApi := .Values.configMap.duo_api }}
@@ -36,7 +36,7 @@ data:
     {{- end }}
     session:
       name: {{ default "authelia_session" .Values.configMap.session.name }}
-      domain: {{ .Values.configMap.domain }}
+      domain: {{ .Values.domain }}
       expiration: {{ default "1M" .Values.configMap.session.expiration }}
       inactivity: {{ default "5m" .Values.configMap.session.inactivity }}
       remember_me_duration: {{ default "1M" .Values.configMap.session.remember_me_duration }}

diff --git a/charts/authelia/values.yaml b/charts/authelia/values.yaml
@@ -25,6 +25,13 @@ extraLabels: { }
 # extraLabels:
 #   myLabel: myValue
 
+## Authelia Domain
+## Should be the root domain you want to protect.
+## For example if you have apps app1.example.com and app2.example.com it should be example.com
+## This affects the ingress (partially sets the domain used) and configMap.
+## Authelia must be served from the domain or a subdomain under it.
+domain: example.com
+
 service:
   annotations: { }
   # annotations:
@@ -54,11 +61,11 @@ ingress:
   certManager: false
   rewriteTarget: true
 
-  ## Subdomain is the only thing required since we specify the domain as part of the configuration section.
-  ## Example: To get Authelia to listen on https://auth.example.com specify 'auth' for subdomain,
-  ## and specify example.com for the configuration.domain.
-
+  ## Subdomain is the only thing required since we specify the domain as part of the root values of the chart.
+  ## Example: To get Authelia to listen on https://auth.example.com specify 'auth' for ingress.subdomain,
+  ## and specify example.com for the domain.
   subdomain: auth
+
   tls: true
   tlsSecret: authelia-tls
 
@@ -350,11 +357,6 @@ configMap:
   ##
   # port: 9091
 
-  ##
-  ## Domain is used to set the domain for the session, and defaults for the default_redirection_url, and totp issuer.
-  ##
-  domain: example.com
-
   ## Configuration options specific to the internal http server
   server:
     ## Buffers usually should be configured to be the same value.
@@ -381,7 +383,7 @@ configMap:
   ##
   ## Note: this parameter is optional. If not provided, user won't
   ## be redirected upon successful authentication.
-  ## Default is https://<config.domain> (value above in this chart).
+  ## Default is https://www.<domain> (value at the top of the values.yaml).
   ##
   # default_redirection_url: https://example.com
 
@@ -391,7 +393,7 @@ configMap:
   totp: { }
     ## The issuer name displayed in the Authenticator application of your choice
     ## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
-    ## Defaults to <config.domain>.
+    ## Defaults to <domain>.
     ##
     # issuer: example.com