Skip to content

Commit

Permalink
fix(netbird): clean up configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@vehagn
vehagn committed Jan 10, 2025
1 parent e658857 commit ae355bb
Show file tree
Hide file tree
Showing 17 changed files with 68 additions and 99 deletions.
12 changes: 12 additions & 0 deletions k8s/infra/auth/authelia/clients/argocd.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: client-argocd
namespace: authelia
spec:
encryptedData:
clientSecret: AgAn6O88yj/d04TfgnrynK9QZElubTyTtq5Dt/slVDgt2tQhqvJdZ+Ea96b9EhEc6vo+w5JwKzrLtHPPHB8ZW7ni9THerpOT0jZV1N8+CiQ2sx6qbK04PKdBOa4yIpdmnzXnHWETvm1zyJGbvZkOnCsrN+3uL4qZaQPcv7zV4w7onmlfNCZY6KWDbDiWiBNYggft19u2CYisZWhgBcGydDS3mch18sW9gZFUVWVlZYgRcxHCBcrttmq+o3yEFESi+bB7ZLLuBxgV9uq5Hdp5OUpmBr73CwNKdTaFWz4WMxH6jSwSmmG19miRhDce39iQauSR2I7PZ00JOwfFIvuI+Pnhhn0DwVOVZDkN8dtyrRjVY1qVqWfCsvBbCKfrjFAW7VyNUuarI3RqjnQjCU9K8vtvdN9UA/6vsvGdpkQNxrCgI/RPIVF/3HR4Onffu/QaSUUPgdhcN8Wz3yV+3chMR6B6VeBIybDiH7YPSKHLZt6z3CXY0o5Gox/KCoCDgBhLuZShGe5wWZ9bOJJFBlBS8ut/wXHwfkWsgGP6HmBXBf4u7hZxnmHWa3PkPAKmvSg+6jf3DaT8/syGYZJ/Za/ieTTFE/suPb5HMQFLOqqISrV6T9PUSD943QlDWUJizM+Vs8aiOOuUFmkDvhwbJ0m26Qsz34LbhUB1GGKINzDnGdIQ3CvHbpoxAcCSMRqn1Z/LD2I/fyX25wsvsMi2uvwQmVVXL+JDtDvN6L4PlyNjngCjfWLYruc7LfH2seMe7f6xT+2yD81kock4wiaUjWO3xK6wqT1pUsi0V5PRVy+m0cfPinNqr9+UhkHIvwHPwIORN5jtkkO9sY6cWixdrvjjE/ZBvpiKliO0el+yvdM4wKb/W7Za/Q==
template:
metadata:
name: client-argocd
namespace: authelia
12 changes: 12 additions & 0 deletions k8s/infra/auth/authelia/clients/netbird.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: client-netbird
namespace: authelia
spec:
encryptedData:
clientSecret: AgBA7WyqQn2uv01XhcLQk4eyPhco1qUTRsgsFpgQPzU5CD+zZhgzBhB9YXAVl4YnQqgeQfcstrLBYrPHNZfQZxa2JTdVFOvsJMBBYtAW/DvB5QOORRvd9/GsMfv0uP9G6h+whv3HlEDGIjStwIU+1gnhOP6LFuuPYMugEXRmNouQcCRlg6mllo96ZhY5h253nctaGSHQ6aWJq6AglaV/4NyHHFjI4oicTOW8+YyiIUs7ZGfSkC1393+LibHkk/lVjQwx6mjk/nbRXpc2DIYiT5cLILe474svxkaPMjLLoVjZh87RDH1JoLjj2Qu0IC98C6FW6oL+yfwPwaMXynRoVoenrF9W0/ivHfv0LTuOyUELFdH61hY86sGUubR/v8dYBWu74q3eDMuhgrLGV8cSTFD8xTkgRBFyfpR/Rt8vo2EOsBQrcHtLrDDd07TE8g7550WaDRg8R7I5mcDKmNSh7a5aOpTb7ZscrTd8WeaztPzID59Lp6UAEXwKN17j+HZDHYU1ZrEdPV1sKAYRdecXwDfDAujaP9uwwoI6J9AkyRZmOlrYXNPreV/eK207hsbWDUnUIm+1YY9DIPZzLpXmoYxCccF4rzJbqzqMGnFFJv7ZKiUDqDy5nRehEyYWV4YN+trRBk5vv9uAKV12X1lNkbkgGJR/ZIDA8wn6qiO9m00Bx6HV/6QJR/8PKmTrR3S1pemuCIvwfpKoAqR9X01+XaVvMUWJZQONVBzbQzZa5J0MsdX6RzOhSTL0cg2R7enrNZQMtlIf18dduPLk9cc37VwpQbVLhkuGZ2ytRTRrhAwZ9tgxBA3e4lDDxWcUrnO2qVcesX5tZq8CawD5HNR0L/N05/hFzxWRD4I/TiZMkwjU9cuAdQ==
template:
metadata:
name: client-netbird
namespace: authelia
3 changes: 2 additions & 1 deletion k8s/infra/auth/authelia/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,10 @@ resources:
- lldap-credentials.yaml
- cert-rsa-jwk.yaml
- cert-ecdsa-jwk.yaml
- oidc-argocd.yaml
- http-route.yaml
- cnpg-db.yaml
- clients/argocd.yaml
- clients/netbird.yaml

helmCharts:
- name: authelia
Expand Down
12 changes: 0 additions & 12 deletions k8s/infra/auth/authelia/oidc-argocd.yaml
View file

This file was deleted.

21 changes: 13 additions & 8 deletions k8s/infra/auth/authelia/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ configMap:
secret: { secret_name: crypto }

access_control:
default_policy: two_factor
default_policy: deny
rules:
- domain_regex: ^.*\.stonegarden.dev$
policy: two_factor
Expand Down Expand Up @@ -76,8 +76,7 @@ configMap:
endpoints: [ userinfo, authorization, token, revocation, introspection ]
clients:
- client_id: argocd
client_secret:
path: /secrets/oidc-argocd/clientSecret
client_secret: { path: /secrets/client-argocd/client_secret.txt }
client_name: Argo CD
public: false
authorization_policy: two_factor
Expand All @@ -102,15 +101,17 @@ configMap:
scopes: [ openid, groups, email, profile, offline_access ]
userinfo_signed_response_alg: none
- client_id: netbird
client_secret: { path: /secrets/client-netbird/client_secret.txt }
client_name: NetBird
public: true
public: false
authorization_policy: two_factor
audience: [ netbird ]
redirect_uris:
redirect_uris:
- http://localhost:53000
- https://netbird.stonegarden.dev/callback
- https://netbird.stonegarden.dev/silent-callback
scopes: [ openid, profile, email, offline_access, netbird-api ]
scopes: [ openid, profile, email ]
token_endpoint_auth_method: client_secret_post

secret:
additionalSecrets:
Expand Down Expand Up @@ -144,7 +145,11 @@ secret:
path: tls.key
- key: tls.crt
path: tls.crt
oidc-argocd:
client-argocd:
items:
- key: clientSecret
path: client_secret.txt
client-netbird:
items:
- key: clientSecret
path: clientSecret
path: client_secret.txt
14 changes: 14 additions & 0 deletions k8s/infra/vpn/netbird/authelia-oidc-credentials.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: authelia-oidc-credentials
namespace: netbird
spec:
encryptedData:
AUTH_CLIENT_ID: AgDWAMflM8a5j5O5E58U8Y9ebVJ1sTGlSFAyQBwbA5bgmTW5IpGZij+lYGl3b0vFgc9OIJZBpbqjBtw+4q+sqMDY+4PO/0M9S89mpHhDpX1wc12/AKHbMPNT8ZDzZ3oFIRInfBxKSjVdgMeF1yQTRV5LLe1+iRN6AzTmpFIH4HGGR0Ihcs71DvDLgvAWxpfxP5LHAzl8GU16D0Zcg3ghhI0jTx/o/qQBqVMmLHQg3FMvIgYk5YI2+E4yv/JErO6wDY3Ai4yW4gWWTO+VyGa1ZZE07+XiSMW0qg6NF+ytrTdGi28QP7r7DIeXsIkkfNY2w2kcgFg3rltX8xkpN2i//6ExA0a5Pvj5bkQ6NV/kFqEmv7jtJqj4izLQ3EAGmpimErJTluhea5xWTYbGreOi5PMMIosU63iFsohigx18lSG6/RoC9uMz5vqdZ84LHvX+dehXksbkBio5+UWOfd1xyFWgVYXh0fXddUXTcUX8XDQOj1CedxfaE9P1fsz5L2hmmd/0xwDX1F1Lek6x+yS6R7t+hqzincgIRqbj1vnxWNfKuTDU78sQjhLpCOZiOEB3geAPdWPnHl6MH5s8F2WkvChkv/MT5VMgX6auFNkHTBoDnWYoZzsdzU2bGJiqFLCzk/jChKZc5hpJoZ/osG3cIxroHzZT/scBjKQ3QNuqdFqyxYWnDk+43mF93snmiJSo1gOIaj0wc27B
AUTH_CLIENT_SECRET: AgCBw1xW3YKZHlEDEs1Cjby0/wDpZmiP9BgWVOY22Zd+FEB/CGF7lkwmGAK/sA0Cin6KFmpkqidyP7xOTl03O6J3GDVH0lQKkjgC7ReG0j5qyTT6ju69CnNn8KMf4s+PiIfXb9ES0aP1/nwH1rxtHDYhw62U1UQw5ZVfw8JmSdJFKQVXbC9894pQYDMZ0ypEm4QjO/snIeRuauzsnCX1HlpLUCvk/2fDmnhHr+0w9kebFgzTjphc7CAzweiFEcfqGc79hP5jwLeGxVu+2zCeOxewUQeR6Lf/RJp+zzkY31BLxk1r2lFknmTQqu1xETnlfjVHdd4Jxco5KyvCTA4EtiwPRdQzS+5RqtE5xr6w5ScIHnLvhZ8PxCXDSRO0jeavUYXev+1m14ri1frNcZ5SMo9zkWxmLB2NByrQ9k+FjN47HZyzJfyhVM05tJ7ojB+yv1C7y/5a2fmxONKlwwiQ24Ii7MtKhVBODv6QH2Bv+RpQ0iQWYws9082tu9JDIUi5wpVHNULkPcZIMd6fZb71Hj3+yCQENsB5/vPiju1dLsmbdLvL5RoYyibtcU6JysSOY6VbM5xrX4LMh4bd6CCF0qkmIquzCaZkgDvMQCWR9zDCewSKsws5P0qVC0x/jgXSGh0nJfqoMcAtA0MAGhsaXTagK76awL7yb6+XSa0AqUDsUXL7bgjKtV4+HUCMRbQHUIiv2Hfew93s71GxwJtn3vhJ9HHwL4TBO4QwctvH1p3PHHfIRYs9DIHT8LiiWhbG2zenBxU3kbI2TMpbGGDNLPOZ9UGEpnE5CQ0=
template:
metadata:
name: authelia-oidc-credentials
namespace: netbird
type: Opaque
0 ...etbird/management/coturn-credentials.yaml → ...infra/vpn/netbird/coturn-credentials.yaml
View file
File renamed without changes.
2 changes: 2 additions & 0 deletions k8s/infra/vpn/netbird/dashboard/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ spec:
envFrom:
- configMapRef:
name: dashboard-config
- secretRef:
name: authelia-oidc-credentials
ports:
- name: http
containerPort: 80
Expand Down
5 changes: 1 addition & 4 deletions k8s/infra/vpn/netbird/dashboard/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,9 @@ configMapGenerator:
# variables: https://github.com/netbirdio/dashboard/blob/main/config.json
- AUTH_AUDIENCE="netbird"
- AUTH_AUTHORITY="https://authelia.stonegarden.dev"
- AUTH_CLIENT_ID="netbird"
- AUTH_REDIRECT_URI="/callback"
- AUTH_SILENT_REDIRECT_URI="/silent-callback"
- AUTH_SUPPORTED_SCOPES="openid profile email offline_access netbird-api"
- AUTH_SUPPORTED_SCOPES="openid profile email"
- USE_AUTH0="false"
- NETBIRD_MGMT_API_ENDPOINT="https://netbird.stonegarden.dev"
- NETBIRD_MGMT_GRPC_API_ENDPOINT="https://netbird.stonegarden.dev"
Expand All @@ -20,5 +19,3 @@ configMapGenerator:
resources:
- deployment.yaml
- svc.yaml
- x-oidc-client.yaml
- oidc-scopes.yaml
11 changes: 0 additions & 11 deletions k8s/infra/vpn/netbird/dashboard/oidc-scopes.yaml
View file

This file was deleted.

30 changes: 0 additions & 30 deletions k8s/infra/vpn/netbird/dashboard/x-oidc-client.yaml
View file

This file was deleted.

3 changes: 3 additions & 0 deletions k8s/infra/vpn/netbird/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ kind: Kustomization
resources:
- ns.yaml
- http-route.yaml
- relay-secret.yaml
- coturn-credentials.yaml
- authelia-oidc-credentials.yaml
- agent
- dashboard
- management
Expand Down
34 changes: 6 additions & 28 deletions k8s/infra/vpn/netbird/management/config/management.json.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
"TimeBasedCredentials": false
},
"Relay": {
"Addresses": ["${RELAY_URI}"],
"Addresses": [ "${RELAY_URI}" ],
"CredentialsTTL": "24h",
"Secret": "${NB_AUTH_SECRET}"
},
Expand All @@ -34,44 +34,22 @@
"Datadir": "",
"HttpConfig": {
"Address": "0.0.0.0:80",
"AuthAudience": "${AUTH_AUDIENCE}",
"AuthAudience": "${AUTH_AUDIENCE:-${AUTH_CLIENT_ID}}",
"AuthUserIDClaim": "${AUTH_USER_ID_CLAIM:-sub}",
"CertFile": "${MGMT_API_CERT_FILE}",
"CertKey": "${MGMT_API_CERT_KEY_FILE}",
"OIDCConfigEndpoint": "${AUTH_OIDC_CONFIGURATION_ENDPOINT:-${AUTH_AUTHORITY}/.well-known/openid-configuration}"
},
"IdpManagerConfig": {
"ManagerType": "${IDP_MANAGER_TYPE:-none}",
"ClientConfig": {
"Issuer": "${AUTH_AUTHORITY}",
"TokenEndpoint": "${AUTH_TOKEN_ENDPOINT}",
"ClientID": "${IDP_MGMT_CLIENT_ID}",
"ClientSecret": "${IDP_MGMT_CLIENT_SECRET}",
"GrantType": "client_credentials"
},
"ExtraConfig": ${IDP_MGMT_EXTRA_CONFIG:-null}
},
"DeviceAuthorizationFlow": {
"Provider": "${AUTH_DEVICE_AUTH_PROVIDER}",
"ProviderConfig": {
"Audience": "${AUTH_DEVICE_AUTH_AUDIENCE:-${AUTH_AUDIENCE}}",
"AuthorizationEndpoint": "",
"Domain": "${AUTH_DEVICE_AUTH_AUTHORITY:-${AUTH_AUTHORITY}}",
"ClientID": "${AUTH_DEVICE_AUTH_CLIENT_ID:-${AUTH_CLIENT_ID}}",
"DeviceAuthEndpoint": "${AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT:-${AUTH_DEVICE_AUTH_AUTHORITY:-${AUTH_AUTHORITY}}/protocol/openid-connect/auth}",
"TokenEndpoint": "${AUTH_DEVICE_AUTH_TOKEN_ENDPOINT:-${AUTH_DEVICE_AUTH_AUTHORITY:-${AUTH_AUTHORITY}}/protocol/openid-connect/token}",
"Scope": "${AUTH_DEVICE_AUTH_SCOPE}",
"UseIDToken": ${AUTH_DEVICE_AUTH_USE_ID_TOKEN:-true}
}
},
"IdpManagerConfig": { },
"DeviceAuthorizationFlow": { },
"PKCEAuthorizationFlow": {
"ProviderConfig": {
"Audience": "${AUTH_AUDIENCE}",
"Audience": "${AUTH_AUDIENCE:-${AUTH_CLIENT_ID}}",
"ClientID": "${AUTH_CLIENT_ID}",
"ClientSecret": "${AUTH_CLIENT_SECRET}",
"Domain": "",
"AuthorizationEndpoint": "${AUTH_PKCE_AUTHORIZATION_ENDPOINT:-${AUTH_AUTHORITY}/api/oidc/authorization}",
"TokenEndpoint": "${AUTH_TOKEN_ENDPOINT:-${AUTH_AUTHORITY}/api/oidc/token}",
"TokenEndpoint": "${AUTH_PKCE_TOKEN_ENDPOINT:-${AUTH_AUTHORITY}/api/oidc/token}",
"Scope": "${AUTH_SUPPORTED_SCOPES}",
"RedirectURLs": ${AUTH_PKCE_REDIRECT_URLS:-[ "http://localhost:53000" ]},
"UseIDToken": ${AUTH_PKCE_USE_ID_TOKEN:-true}
Expand Down
2 changes: 2 additions & 0 deletions k8s/infra/vpn/netbird/management/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ spec:
name: management-auth-config
- configMapRef:
name: management-connection-config
- secretRef:
name: authelia-oidc-credentials
- secretRef:
name: relay-secret
- secretRef:
Expand Down
5 changes: 1 addition & 4 deletions k8s/infra/vpn/netbird/management/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,8 @@ configMapGenerator:
namespace: netbird
literals:
- AUTH_AUTHORITY="https://authelia.stonegarden.dev"
- AUTH_CLIENT_ID="netbird"
- AUTH_AUDIENCE="netbird"
- AUTH_USER_ID_CLAIM="preferred_username"
- AUTH_SUPPORTED_SCOPES="openid profile email offline_access netbird-api"
- AUTH_SUPPORTED_SCOPES="openid profile email"
- name: management-connection-config
namespace: netbird
literals:
Expand All @@ -33,4 +31,3 @@ resources:
- deployment.yaml
- svc.yaml
- pvc.yaml
- coturn-credentials.yaml
0 ...infra/vpn/netbird/relay/relay-secret.yaml → k8s/infra/vpn/netbird/relay-secret.yaml
View file
File renamed without changes.
1 change: 0 additions & 1 deletion k8s/infra/vpn/netbird/relay/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,4 @@ configMapGenerator:

resources:
- deployment.yaml
- relay-secret.yaml
- svc.yaml

0 comments on commit ae355bb

Please sign in to comment.