diff --git a/k8s/infra/auth/authelia/values.yaml b/k8s/infra/auth/authelia/values.yaml index dcd79fe7..48aa5b46 100644 --- a/k8s/infra/auth/authelia/values.yaml +++ b/k8s/infra/auth/authelia/values.yaml @@ -75,43 +75,63 @@ configMap: allowed_origins_from_client_redirect_uris: true endpoints: [ userinfo, authorization, token, revocation, introspection ] clients: + - client_id: argocd client_secret: { path: /secrets/client-argocd/client_secret.txt } client_name: Argo CD public: false authorization_policy: two_factor + pre_configured_consent_duration: 1 month redirect_uris: - https://argocd.stonegarden.dev/auth/callback - https://argocd.stonegarden.dev/applications scopes: [ openid, groups, email, profile, offline_access ] userinfo_signed_response_alg: none id_token_signed_response_alg: ES256 + access_token_signed_response_alg: ES256 + - client_id: argocd-cli client_name: Argo CD (CLI) public: true authorization_policy: two_factor + pre_configured_consent_duration: 1 month redirect_uris: [ http://localhost:8085/auth/callback ] scopes: [ openid, groups, email, profile, offline_access ] - userinfo_signed_response_alg: none + id_token_signed_response_alg: ES256 + access_token_signed_response_alg: ES256 + - client_id: kubectl client_name: kubectl public: true authorization_policy: two_factor + pre_configured_consent_duration: 1 month + require_pkce: true redirect_uris: [ http://localhost:8000, http://localhost:18000 ] scopes: [ openid, groups, email, profile, offline_access ] - userinfo_signed_response_alg: none + id_token_signed_response_alg: ES256 + access_token_signed_response_alg: ES256 + - client_id: netbird client_secret: { path: /secrets/client-netbird/client_secret.txt } client_name: NetBird public: false authorization_policy: two_factor + pre_configured_consent_duration: 1 month + require_pkce: true + pkce_challenge_method: S256 audience: [ netbird ] redirect_uris: - http://localhost:53000 - https://netbird.stonegarden.dev/callback - https://netbird.stonegarden.dev/silent-callback - scopes: [ openid, profile, email ] + scopes: [ openid, profile, email, offline_access ] token_endpoint_auth_method: client_secret_post + id_token_signed_response_alg: ES256 + access_token_signed_response_alg: ES256 + userinfo_signed_response_alg: none + introspection_signed_response_alg: none + request_object_signing_alg: ES256 + token_endpoint_auth_signing_alg: ES256 secret: additionalSecrets: diff --git a/k8s/infra/vpn/netbird/agent/daemon-set.yaml b/k8s/infra/vpn/netbird/agent/daemon-set.yaml index 2e9df1d5..95a4038a 100644 --- a/k8s/infra/vpn/netbird/agent/daemon-set.yaml +++ b/k8s/infra/vpn/netbird/agent/daemon-set.yaml @@ -40,7 +40,7 @@ spec: mountPath: /var/lib/netbird resources: requests: - memory: 192Mi + memory: 128Mi cpu: 100m limits: memory: 256Mi diff --git a/k8s/infra/vpn/netbird/management/deployment.yaml b/k8s/infra/vpn/netbird/management/deployment.yaml index a93d705c..cdf75d17 100644 --- a/k8s/infra/vpn/netbird/management/deployment.yaml +++ b/k8s/infra/vpn/netbird/management/deployment.yaml @@ -80,7 +80,7 @@ spec: containerPort: 80 resources: requests: - memory: 256Mi + memory: 64Mi cpu: 200m limits: memory: 512Mi diff --git a/k8s/infra/vpn/netbird/relay/deployment.yaml b/k8s/infra/vpn/netbird/relay/deployment.yaml index 19128615..6933355d 100644 --- a/k8s/infra/vpn/netbird/relay/deployment.yaml +++ b/k8s/infra/vpn/netbird/relay/deployment.yaml @@ -35,3 +35,10 @@ spec: - containerPort: 80 name: relay protocol: TCP + resources: + requests: + memory: 16Mi + cpu: 10m + limits: + memory: 64Mi + cpu: 4000m \ No newline at end of file