From 2df378356501a6c5994716aa16fb80db459ab372 Mon Sep 17 00:00:00 2001 From: Seth Call Date: Mon, 16 Feb 2026 14:09:53 -0600 Subject: [PATCH] fix authelia attempt --- k8s/authelia/values-production.yaml | 3 +- k8s/console/templates/deployment.yaml | 10 ++- k8s/console/templates/secret.yaml | 96 +++++++++++++++++++++++++++ k8s/console/values-production.yaml | 2 +- k8s/console/values-staging.yaml | 2 +- 5 files changed, 108 insertions(+), 5 deletions(-) diff --git a/k8s/authelia/values-production.yaml b/k8s/authelia/values-production.yaml index 4d31407..415873c 100644 --- a/k8s/authelia/values-production.yaml +++ b/k8s/authelia/values-production.yaml @@ -1,9 +1,10 @@ ingress: + enabled: true hosts: - host: idp.jamkazam.com paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix authelia_url: https://idp.jamkazam.com domain: jamkazam.com diff --git a/k8s/console/templates/deployment.yaml b/k8s/console/templates/deployment.yaml index 700c289..62e66c9 100644 --- a/k8s/console/templates/deployment.yaml +++ b/k8s/console/templates/deployment.yaml @@ -19,9 +19,15 @@ spec: - containerPort: 80 volumeMounts: - name: html - mountPath: /usr/share/nginx/html/index.html - subPath: index.html + mountPath: /usr/share/nginx/html volumes: - name: html secret: secretName: console-html + items: + - key: index.html + path: index.html + - key: docs-index.html + path: docs/index.html + - key: docs-deployment.html + path: docs/deployment/index.html diff --git a/k8s/console/templates/secret.yaml b/k8s/console/templates/secret.yaml index 3f67a18..1cce4e4 100644 --- a/k8s/console/templates/secret.yaml +++ b/k8s/console/templates/secret.yaml @@ -16,6 +16,8 @@ stringData: .links { margin-top: 30px; display: grid; gap: 15px; } a { display: block; padding: 10px; background: #007bff; color: white; text-decoration: none; border-radius: 4px; transition: background 0.2s; } a:hover { background: #0056b3; } + .wiki-link { background: #28a745 !important; } + .wiki-link:hover { background: #218838 !important; } @@ -26,7 +28,101 @@ stringData: Identity Provider (Authelia) Monitoring (Grafana) Deployment (ArgoCD) + Internal Documentation (Wiki) + + docs-index.html: | + + + + JamKazam Internal Documentation + + + +
+
← Back to Console
+

JamKazam Internal Documentation

+

Welcome to the technical wiki for JamKazam infrastructure and development.

+ +
+

To add more pages, update secret.yaml and map them in deployment.yaml.

+
+ + + + docs-deployment.html: | + + + + Deployment Architecture - JamKazam Docs + + + +
+
← Back to Documentation
+

Deployment Architecture

+

This diagram shows how an HTTP request for console.jamkazam.com is routed through our Kubernetes environment.

+ 
+                                  1. Request: https://console.jamkazam.com/
+        ┌─────────┐              ────────────────────────────────────────▶
+        │         │
+        │ BROWSER │              6. Response: 200 OK (Console HTML)
+        │         │              ◀───────────────────────────────────────
+        └────┬────┘
+             │
+             ▼
+    ┌─────────────────────────┐
+    │  INGRESS CONTROLLER     │
+    │    (Nginx Ingress)      │
+    └────────┬───────▲────────┘
+             │       │
+             │       │ 2. Sub-request: Check Auth?
+             │       │    (auth-url: idp.jamkazam.com/api/authz/auth-request)
+             │       └───────────────────────┐
+             │                               │
+             │         ┌─────────────────────▼──────────────────────┐
+             │         │         AUTHELIA (idp.jamkazam.com)        │
+             │         │                                            │
+             │         │ 3. Check Session Cookie / Auth Status      │
+             │         └─────────────────────┬──────────────────────┘
+             │                               │
+             │         4. Auth Result:       │
+             │            200 OK (Authorized)│ OR 401/302 (Redirect to Login)
+             │         ◀─────────────────────┘
+             │
+             │ 5. Forward Request (if 200 OK)
+             │    (service: console, port: 80)
+             ▼
+    ┌─────────────────────────┐
+    │     CONSOLE SERVICE     │
+    │    (Nginx Container)    │
+    │                         │
+    │  Mount: /usr/share/     │
+    │  nginx/html/            │
+    └─────────────────────────┘
+
+
+ + diff --git a/k8s/console/values-production.yaml b/k8s/console/values-production.yaml index 2e518dd..843e600 100644 --- a/k8s/console/values-production.yaml +++ b/k8s/console/values-production.yaml @@ -14,7 +14,7 @@ ingress: className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-nginx-production - nginx.ingress.kubernetes.io/auth-url: "https://idp.jamkazam.com/api/authz/auth-request" + nginx.ingress.kubernetes.io/auth-url: "http://authelia.authelia.svc.cluster.local:9091/api/authz/auth-request" nginx.ingress.kubernetes.io/auth-signin: "https://idp.jamkazam.com/?rd=$escaped_request_uri" nginx.ingress.kubernetes.io/auth-response-headers: "Remote-User,Remote-Groups,Remote-Name,Remote-Email" tls: diff --git a/k8s/console/values-staging.yaml b/k8s/console/values-staging.yaml index 1c6b60b..99e8043 100644 --- a/k8s/console/values-staging.yaml +++ b/k8s/console/values-staging.yaml @@ -14,7 +14,7 @@ ingress: className: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-nginx-production - nginx.ingress.kubernetes.io/auth-url: "https://idp.staging.jamkazam.com/api/authz/auth-request" + nginx.ingress.kubernetes.io/auth-url: "http://authelia.authelia.svc.cluster.local:9091/api/authz/auth-request" nginx.ingress.kubernetes.io/auth-signin: "https://idp.staging.jamkazam.com/?rd=$escaped_request_uri" nginx.ingress.kubernetes.io/auth-response-headers: "Remote-User,Remote-Groups,Remote-Name,Remote-Email" tls: