fix(deps): update helm release authelia to 0.8.58 #2167
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: TXg1TWc4WThXbW1QSFVVWmphczBLMFlqbHlnbFpXa0JKdzI5SFZlbXZndjBlVXhUUDZHd0FXZVNMZ2lPdEtMbUJ5SGY4WnB4Um1yNmFiSkVxSkpXdDE5eU1rcVJHQ3d0WUNvSXVvZXoxVDZXVGl6TXlqY0NXZ0wxZ3lBdVJLQWI=
+ SESSION_ENCRYPTION_KEY: aVNNZnhMbVd4NktRanRQUE5IWEd5TEZSNEpwTXhua1ptdHZtZmRGUURCZHZ0d3RvVjBsdTVsMHB2U0c2b2V3bU1kcTg2MzNSdHdjbVhnOXh3b2ZCdWRORG1CYVFQYzE2bE9welN0Unk5OTBPc2xYSmRLWDlNYmRjUVRaSXpPZ0Q=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: cf1ed69dd33ffe3ead0407d37a4b8e8228a923d84490314f3bd3eb51264064b5
+ checksum/configMap: 050f12d5c58d3d937e74fd1fb86f3ea1bb335bffa289010cbbf3a23c0c4a279f
+ checksum/secret: c7464a5d92f90432f941241ace974f52389e08bacb5c82c6f27f08f999dce930
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.36.9
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
4b55564 to
22311d7
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: NjBKMndhMnZuSFZ3UERRSTNtdWtoOElIZUFQSlhGMVhYbnV0a3NHQlFmd2plMnhzWTVPUEEyTTBvZnhaS0NTd2ZBY1MzTGxOVkZiTGNIUkxhandySndKRHlYb3lxVllCUE1kSnFKNENveFdMa0Jkb1lqZTJERDBwNXg0bWt3M2Y=
+ SESSION_ENCRYPTION_KEY: MVhtUlRPVmFZNllJeVFhUHZFQXlYNVRnd3YxNmdtckx1cm1sRk5uU3lJVG02VXFNOXlTMVhaeVRSMHZRcXQ4aU1mMGZQSW45MFhaTVpZdFU0MjdxOHVsbHdFYVF4cm1CUk54cHRrVkFGNWM0dHV0VU5NdEpHSlIzbThmVHlzS2Y=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 65536\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: '50000'\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: 843824cffe9f48688eb2354446095cd51ea530f276f7079ad05abeb107fa2166
+ checksum/configMap: 6890381cb8b4f46df2f3f8bfdc13accf567cf7c505734eb46733225ff24648eb
+ checksum/secret: 6d4585f57948658d77d5af3d3647d060d70d6c87d35ab2920fd75dfd30835874
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.0
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
22311d7 to
3a3cb08
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: bWdHVGZpbmk3M0VlNklQRW1PMWtQOEZZdk5kdEdvMzBPZHFTMWMxWFdndXdLUEpxTXE4ZEtBb1ZpWk4wU0ZCNVVwYWFBanlUZHdkR2NhZWJjZExIb3RBcW1Bb2Q1S1RGUVdwN0E5enlQbDdsdXZwcjlnWGxjQmt4SVg3dGlIV3A=
+ SESSION_ENCRYPTION_KEY: NzdDMmtlY1V4YkVOd2Y5aGtNWmdEakNEVUdXdExsMkRISEVVNnVQdXo2d1VDMlg2N1FPQ2FPSGd2MFFPbzBoZzJEczJHbWQ1eUJ5T0NrZnZYcHJKdTdqdWdyVThIeEpZR0wzODNOOTNyQWNINnl5d2RFYnRyaUhSV1loNGpjVXE=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 65536\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: '50000'\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: 329b0671df44e85dcfa43ef200423993404894c17892e94abd57f4ae6c603445
+ checksum/configMap: c317e37b1cc17955698d1944b7f597f4cfb083b37ae2ab85863fca819d2f6014
+ checksum/secret: e9d86e7032a47ee1d0f53b6c766f8c1e01d825d36c36b3a0759365e3038fcf73
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.0
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
3a3cb08 to
c0ad092
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: QU1GcXFwQm1jQ3pFM3NEakRZRlRMUG15aXoxNmI5cHFIRzlNa21QeHhCTHBUbDVvZVc3bXpaYmxaOVFzdTZrcXhPYUdhSVNOR2loZE9xRGNKVTNwNEpPRExVVk5tdFV3Uks5aXNiWG90VmJGcHkyQU5zMmNac3FxVjlSS0VnQm8=
+ SESSION_ENCRYPTION_KEY: UW9XNWdmOFJoRW9xY1BjdGRkOHRNZVE3d1g2VDJFdkNDSWpubXN5U1NVWjAwYjNuT2NhdkhyZU5zc2V3N1FLRlRsYW1CamNldlpDZWpmeTNxOEFQcnZuUlFwckxMcU44eWZZOGQwdzh0WENXa2ZINEptZ3FIdDVnR3VpRldSNm4=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 65536\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: '50000'\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: 4838605cf626a580e4f9097156d032dfd38f70cad2dd8c9871066f5f46e6d3d6
+ checksum/configMap: a07711bc212c5aa124016d825ece20e1b2cec5bd1a886556942e517329233922
+ checksum/secret: 27eb590fde56b4dc77927b2a3e2262e067dc8a5c9f44c108fa1ed3b2f1ffb4ac
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.0
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
c0ad092 to
a4f16d5
Compare
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: eXRTaVB6MTF1S1BXd1g4eWtIZlJhNVhUeEZOa1p6TXlCNDNCR2N4UWVMekhyYkVGeTdmemU2MWREZlVpSUdEdHY5Vk1BZmF2MmRIV2ZteDVGS0FnVTNXVnQxZHlhbXJBVWxBV3RXWlhydW4yNFZoYlBGTG9STmplNTVUUHVUU0I=
+ SESSION_ENCRYPTION_KEY: VWlNYk5qV2NGcE01V2U1bW1YRFJXQ2VVMDV4cG9aN2dwUWVneWt6anFmVFpTdzNWNFBpS0pnR0pCcEV3Q1hWN3F0YnE4a3R5OXhPVUpCQjc5UEdGYVlaR05HMEJEc2d2RnpXaVYyb05uZXJXSWYxcWh0UkU5dXVrakRKc1QxOVo=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: '50000'\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: e07cfb8598ce8fe26e007a773ea01330bd9571077de24e16906a929bb690c459
+ checksum/configMap: f65768e37dd3cb7f7b9df64df3ed1922b1440b202d4a8355d8b77ef21acd8ff2
+ checksum/secret: 7d8926759a10b11079ece9e8bbecc676f0ef3920e21013a7404638846fe792a1
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.0
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
a4f16d5 to
43c0dd9
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: MEw0QlRrRWdxZWF5SWRXU0FNRUNBT3lYZkFudG9YaU9Uc0V0bzU1SVpUdExNcGZlYW1hWjN6Q1gzTWNpQ3ZQUVpKVWRlRXJ2Ykh3eGIwbjZobnhHR0h1TWk4VmJkYlJUUVQwQTFWcVZvVFQ1ZUI3Nkk4ZGNXV01Da1JXZ1lYWWk=
+ SESSION_ENCRYPTION_KEY: NWI0V3czS3hKRkNDaTQ2VlJzelBhQnVka1RiNDd2bXVDamtyQUNwQWxjYUV4eVJlYTFtN2RQMVRYcHFsT2xIRHl2cEN2MzFXblNZYVU5ck9kYVZwYWxxbEJWUnZOMk00azhsS2doSDhoZk14SVlBSTFWNW9aNzNPRWZXWVA0VnU=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: 50000\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: 7a1d27f38369fcf3c57611de5d8364a439845f377609142ee3f03891f0d227eb
+ checksum/configMap: 6edd3d26d228c3cf8c544fe9695221a415705ce8e134401d211a355368cb0917
+ checksum/secret: 4996daa71f909b8c92598d3e783da71ff0b4ce822997ee71722a04e9044cd9e9
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.0
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
43c0dd9 to
9a40709
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: ZTFVSGZwbll1ZVQ5ZTlwWE9aU2FsSVF5N0VOQkswMXhlalRHeU0zU2dFQnJBaTJmSmc3ZVBMWjAyaEg5eGYyc3hFWkM4dEZSMUVjaFZBM055ZUpiQVU3U1YxVEJpckl3cmFFck9CdWNQbm1ialBrQzdxc3BZMGZVTHFLb3FOUm4=
+ SESSION_ENCRYPTION_KEY: NWVjWlN4RE9oMFlaRUpsdG5pY3Exd2xNTERvdlJTVE45WWNWdk1FcGNadkFNOThFV3FwT3dkRHA3ZzVLdmFSWlFaWXJQY0NqWTFFWTJpYjZteGpndGZxVmR1YVlOQlk5eFQ0Z05VM0JBOWk5djFVRnNQeVA4dE5XODVkMjA1Mmw=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: 50000\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: 1a9960e63f9afd91022e916b6eba9f6a3aa5befcbf9efa9a2070379264cadf16
+ checksum/config: b019f8990795b1900d367ccb3275f1c820460981f7516ef04c16bf671ac250bc
+ checksum/secret: 695b841ed414a83948fe997ac604210ab8e794b3d97f25dd85a2093aabbc797d
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.2
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
9a40709 to
812600f
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: RFNtRWk4NlY5dmNOVWxpOTZUUnNCQUhNeUhweGM5ZjZsaHp2UGd0RWVPSkZvRHc1RGxqRmh0UVptZWE1Z21XU1lVUU1pdG9kdHc2UWRncnU3QVQ0T1VpYTNod2R2a3hhcVFCSWt6d3NtdEoxczlYQnBFb1NUbEZuNkxzMW1XSWM=
+ SESSION_ENCRYPTION_KEY: ZnU0UUlpN0hkQ1YwWGNDM0tFeGVoaWtqMlBXOGQ5UDVkbWZVaWJxclI2SzFZbVMyV3JqeldGVVhGQTlDZGNCMEZLTkNINzNCT2JrUU1BS2VLZFZMNWdKNG41V2U0Y2Y3Sm9WOWl0eW1Gd1F1Y3k3QjVKVlZqbUhaOHphRmU0ajQ=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: 50000\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: b7c07414fdddb0e0162bdcdd0bb59fa342ff53926a02d0626183f131b0ca74f1
+ checksum/config: 2c32cf150737d3212af891a390f3858205574877e350b33e750bf8105072c1ef
+ checksum/secret: 33f63f7201d1c9d7b0865da27f05eec7aeacbf829241690c591c6fbdb06e0626
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.3
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
812600f to
3c4d2be
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: WmhJN3hHYUNWZkgwRk1kWWh4VVY3YkM5TDg1ZGlkRUxKOHhKbUV6eUZnS0NzNEV2RjhRV2NHdEVnOXF1YkFZTHFoTTRoZFM3Z2R6NVFicnMzY1JQRlIyeHRnYUpuUDlxRFRYZW55V0hmbWNBUUpuSDhMS0xlTlk0YWNva3hzSzc=
+ SESSION_ENCRYPTION_KEY: bE9NejJXR3pnNlNjMGZUQ21aVlMyZm4xNDM3dmtyeXp6cVJYSm5CNGRMOGs0dEFVajZQRmxUSUxhTXh5bEkwb1k1VzJyVWRJaFlFTWZLZlRodThPVk5SQWo0dXkzeW5XclBXMXc0UFprTmdqY0RHTWszcVVvRk14QlRzcm9wN2Y=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: 50000\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: ad639964659a9332a29662ea7bf631360bce85f836ed9c1e07081377a06f4ad2
+ checksum/config: d400bd55dd5defb7d791512c58d36d5a18d5c0660c9ecd84ff7bbd81d27a4ddb
+ checksum/secret: d02338b35328f54a4341c83ea13d11ac881a382cfa64771942dcec1e8ef94db2
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.5
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
3c4d2be to
ad9c2fb
Compare
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: N1QyczlLc3lUa2xZQ0JsYnlBS09Bc3hreHkyUEhkYzE0WGNoQ3FmY2pjVFFlMXIwc0ZyMWdUUmUxSmpHZ3NWZ0hLcXpqTjZGcnF0eEdHeFJxbDQzdW56ajZheTlVMlVIQWtkMnpuMlBheUNuV2RCTUF0ZkNnV0RqZGRjMkJJOHU=
+ SESSION_ENCRYPTION_KEY: cWpad1BFejZ6STJIbDNjV1ZaeUJ4YWFzNWczNUpJaUZTc1hyMnVqMmJGaWxBUG1WOWQzc092dHF6c1FDd2RMc2VLa3VHekFqcDZ4RjZhTjRVR0s0VG9PMGxCdFNoU1FvZG9WSEMxOXlaMUY0OFZ4WWhxSzRoOXNoOEIxNVJkdk0=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: 50000\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: c6638e5ac1732c38825feb379214d898e415ac6ebdf741c39eb8cdff0977dfb8
+ checksum/config: b9d8c7dc98361e50f4939974dbc16cb5db46d4ad130087b36db8f54584be092d
+ checksum/secret: 87083ad4e18ef881f0eb29a56c60f6da6812efb37f667ea956ba114ba4fd998f
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.5
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
ad9c2fb to
ec6dc15
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: aUFSYnZBdG1Mam1SbnJneHdKeHFFdkRuWnBjdTFkcW5FWEE5UzdlS0FzUWZibzVReERlN1VRNG45aTFNaEExVmlheTVZdzh0ZVZhRW9nRjNjamZKbERCSUJubFZ5b1U0bnIzQ1JkOUhhbGRFdDhya1BweHdDeHVQUXJzQ1ZHaGE=
+ SESSION_ENCRYPTION_KEY: TEoyM0Q2Qk8zeHJoNHJMWlBlREF5Wnh5d2h1YnlYRjcwdXV6Q1JobG5SNkFleG9ISVo4ZDh6Z3NQZ1pORXBrUnEzUUUwdFJLcmROOVluU0kwNTFGc0NlM21nbE1ZMEdPaGxidlJKYk4wajNPc0dxdXZBN1gzVGZNdkJkME1Kd2I=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: 50000\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: 4503148609652daa3c3f99f820cb710695d7e6a886d26662fa61f022bffb65cf
+ checksum/config: 7c448a9565ec2be7903dc3021c2687dd458b0ead6a27d439a143fe0551b4c6fb
+ checksum/secret: df52d8cdf3dd77a6737cdb74876ec28f0ba601cba64e69643c7faa4011660409
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.5
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
ec6dc15 to
7b814d5
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: Y2dCajdUWTJIMTAzSHVwSzdRdGtRZ3pGUXJybUV2dEU4eG1KY1dMcjZRT1k1SDdiMGVsUTFHdkNlQWhzeHhhWThad1c3enNUM1ZCWTE1bmk2NFNGd3gxNVRBTDkxNndRQ3NwZlpTWnpXN25rZkw1bHlYMWZLUG10YVB3anp0UUk=
+ SESSION_ENCRYPTION_KEY: QzR0WlVPQjRiODJHSWlFZHRoOHJVMzZHTTU3bkxVSERtTlpZem9mOXZ6UlZhVEYzTlJOOURyVzdTT29STFNQU3AycWxrUjV3b3ZLWUh5Tm54MFB6YmhFVEgxMHJ4dU5TUW1VVG03cEJ2ajg5M3FuMHFzdWhjQVJYemdlN01IN20=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: 50000\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n database_index: 0\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: 77c2f1d6b5945641ff392f48624e7ba1330f0a170347c9cd4c09d859183faef9
+ checksum/config: efc98a33eb040271b64a10eedf676fcd4c999490a38f92f0def63810a4c035e5
+ checksum/secret: 9ce07d3b2341d32ce4d34bf930677a2953f7522dc60d9881b75c0a0c38943105
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.5
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
7b814d5 to
bc01144
Compare
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: NmZobFo3NXBJU203ME5IMEdEZUFoTHBYQUl0Q3B2MkpMeVR1c3dUaHJ4QTl6Z3VZejU1R2RvWE4yMmNnQnZXOFk3SFpheGRqMHpaUHFWVktvOExKejM4SFBmYkV6SzdVQ2R2RzI4QTdEYzVIWXM4QkxtNFVzc3hZcFFxbmJzenY=
+ SESSION_ENCRYPTION_KEY: Zms3TGRjN0JLVTdpa3pFdHBNTENTeE1JOHU4N1RQd3p1Qkdia3BnSnhzdDNJZVBzV2o0ZVZxZmlBWEVpcVYwTkV4MmlpTjVKcER4ZU5rekhlTGtmak5aZzVDWWJJS1J6WVlWSFpwSlVQSDVDTW13NWxDTnd1d0NmQnhpNEloNHA=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: 50000\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n database_index: 0\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: 5882ace5746a5b3c068c744a6be657a4ace9dd411466ef8fdc724c07299bdfc4
+ checksum/config: 4d6f5353273a302d200580935ba48313d5336bf2d3e88cff2b232d7e3f508866
+ checksum/secret: d5e68778e7ba95f4613aea8dd231d2bca99210548771e42036cd3fab2795a81d
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.5
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
Signed-off-by: Danny Froberg <dfroberg@users.noreply.github.com>
renovate
bot
force-pushed
the
renovate/authelia-0.8.x
branch
from
bc01144 to
2fd9614
Compare
renovate
bot
changed the title
|
Path: @@ -10,7 +10,7 @@
app.kubernetes.io/managed-by: Helm
data:
JWT_TOKEN: JHtTRUNSRVRfQVVUSEVMSUFfSldUX1NFQ1JFVH0=
- SESSION_ENCRYPTION_KEY: N1R2U1U1dWRNVEtxZmRWZXBUMUhidTZ3c2VzWm1PeERSTFRId1RrR2tSUEk3U05kMXhFZFJORGg2dzFUakkyMlRPbVBSVHJJeEpITmlnb09oMG9vWG8yMEM2R0FZWkFmV3ZRVk9yY3BYSjkxbU1EbEZXSWN2ajRnYXZhZlg1V0o=
+ SESSION_ENCRYPTION_KEY: MkZBYk5KRktHeTE1YXdJQ21CT0NkT3ltZEgyZDhNNFZ1U09UT1ZsWmhQUDRZaFJGTnZFVG1hbW5NT1JSc1lOczQwdlZFU3ozSHJIeU9aalo3VUtzUks0QVhSWVlBMng4M3hLMERzclVIbWhQd2RhNmpWV3JtbHlNekVnRVBIVmw=
STORAGE_PASSWORD: JHtTRUNSRVRfQVVUSEVMSUFfUE9TVEdSRVNfUEFTU1dPUkR9
STORAGE_ENCRYPTION_KEY: JHtTRUNSRVRfQVVUSEVMSUFfU1RPUkFHRV9FTkNSWVBUSU9OX0tFWX0=
REDIS_PASSWORD: JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9
@@ -26,7 +26,7 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
data:
- configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: \"\"\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: \"\"\n headers:\n csp_template: \"\"\n read_buffer_size: 8192\n write_buffer_size: 8192\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: \"\"\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: \"\"\n file:\n path: /config/users_database.yml\n password: \n algorithm: argon2id\n iterations: 1\n key_length: 32\n memory: 1024\n parallelism: 8\n salt_length: 16\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: authelia_session\n domain: ${SECRET_DOMAIN}\n same_site: lax\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\n ssl:\n mode: \"disable\"\n root_certificate: \"\"\n certificate: \"\"\n key: \"\"\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: \"[Authelia] {title}\"\n startup_check_address: ${SECRET_SMTP_USER}\n disable_require_tls: false\n disable_html_emails: false\n tls:\n server_name: smtp.gmail.com\n minimum_version: TLS1.2\n skip_verify: false\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
+ configuration.yaml: "---\ntheme: light\ndefault_redirection_url: https://www.${SECRET_DOMAIN}\ndefault_2fa_method: ''\nserver:\n host: 0.0.0.0\n port: 9091\n asset_path: ''\n headers:\n csp_template: ''\n buffers:\n read: 8192\n write: 8192\n timeouts:\n read: 6s\n write: 6s\n idle: 30s\n enable_pprof: false\n enable_expvars: false\nlog:\n level: info\n format: text\n file_path: ''\n keep_stdout: true\ntotp:\n disable: false\n issuer: ${SECRET_DOMAIN}\n algorithm: sha1\n digits: 6\n period: 30\n skew: 1\n secret_size: 32\nwebauthn:\n disable: false\n display_name: Authelia\n attestation_conveyance_preference: indirect\n user_verification: preferred\n timeout: 60s\nntp:\n address: time.cloudflare.com:123\n version: 4\n max_desync: 3s\n disable_startup_check: false\n disable_failure: false\nauthentication_backend:\n password_reset:\n disable: true\n custom_url: ''\n file:\n path: /config/users_database.yml\n watch: true\n search:\n email: false\n case_insensitive: false\n password:\n algorithm: 'argon2'\n argon2:\n variant: 'argon2id'\n iterations: 3\n memory: 65536\n parallelism: 4\n key_length: 32\n salt_length: 16\n scrypt:\n iterations: 16\n block_size: 8\n parallelism: 1\n key_length: 32\n salt_length: 16\n pbkdf2:\n variant: 'sha512'\n iterations: 310000\n salt_length: 16\n sha2crypt:\n variant: 'sha512'\n iterations: 50000\n salt_length: 16\n bcrypt:\n variant: 'standard'\n cost: 12\npassword_policy:\n standard:\n enabled: false\n min_length: 8\n max_length: 0\n require_uppercase: true\n require_lowercase: true\n require_number: true\n require_special: true\n zxcvbn:\n enabled: false\n min_score: 0\nsession:\n name: 'authelia_session'\n domain: '${SECRET_DOMAIN}'\n same_site: 'lax'\n expiration: 1h\n inactivity: 5m\n remember_me_duration: 1M\n redis:\n host: redis-master.databases.svc.cluster.local\n port: 6379\n database_index: 0\n maximum_active_connections: 8\n minimum_idle_connections: 0\nregulation: \n ban_time: 5m\n find_time: 2m\n max_retries: 3\nstorage:\n postgres:\n host: ${SECRET_POSTGRES_HOST}\n port: 5432\n database: authelia\n schema: public\n username: authelia\n timeout: 5s\nnotifier:\n disable_startup_check: false\n smtp:\n host: smtp.gmail.com\n port: 587\n timeout: 5s\n username: ${SECRET_SMTP_USER}\n sender: ${SECRET_SMTP_USER}\n identifier: ${SECRET_DOMAIN}\n subject: '[Authelia] {title}'\n startup_check_address: ${SECRET_SMTP_USER}\n disable_html_emails: false\n disable_require_tls: false\n disable_starttls: false\n tls:\n server_name: smtp.gmail.com\n skip_verify: false\n minimum_version: TLS1.2\n maximum_version: TLS1.3\naccess_control:\n default_policy: deny\n networks: \n - name: private\n networks:\n - 10.0.0.0/8\n - 172.16.0.0/12\n - 192.168.0.0/16\n - name: vpn\n networks:\n - 10.10.0.0/16\n rules:\n - policy: bypass\n domain: \n - 'login.${SECRET_DOMAIN}'\n - 'matrix.${SECRET_DOMAIN}'\n - policy: bypass\n domain: \n - 'sonarr.${SECRET_DOMAIN}'\n - 'radarr.${SECRET_DOMAIN}'\n - 'readarr.${SECRET_DOMAIN}'\n - 'lidarr.${SECRET_DOMAIN}'\n - 'mylar.${SECRET_DOMAIN}'\n - 'prowlarr.${SECRET_DOMAIN}'\n - 'sabnzbd.${SECRET_DOMAIN}'\n - 'books.${SECRET_DOMAIN}'\n - 'bazarr.${SECRET_DOMAIN}'\n - 'qb-vpn.${SECRET_DOMAIN}'\n - 'jellyfin.${SECRET_DOMAIN}'\n - 'tvheadend.${SECRET_DOMAIN}'\n networks:\n - private\n - policy: bypass\n domain: \n - 'grafana.${SECRET_DOMAIN}'\n - 'matrix-admin.${SECRET_DOMAIN}'\n resources:\n - '^/api([/?].*)?$'\n - '^/(.*)/api([/?].*)?$'\n - '^/static([/?].*)?$'\n - '^/manifest[.]json$'\n - policy: deny\n domain: \n - 'alert-manager.${SECRET_DOMAIN}'\n - 'prometheus.${SECRET_DOMAIN}'\n - 'thanos.${SECRET_DOMAIN}'\n - 'rook.${SECRET_DOMAIN}'\n - 'goldilocks.${SECRET_DOMAIN}'\n subject:\n - ['group:users']\n - policy: one_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n networks:\n - private\n subject:\n - ['group:admins']\n - ['group:users']\n - policy: two_factor\n domain: \n - '*.${SECRET_DOMAIN}'\n subject:\n - ['group:admins']\n - ['group:users']\n...\n"
---
# Source: authelia/templates/service.yaml
apiVersion: v1
@@ -79,8 +79,8 @@
app.kubernetes.io/instance: authelia
app.kubernetes.io/managed-by: Helm
annotations:
- checksum/configMap: b2837080650631c0d7bbbafa33ecc2d51974defd1de70a401a152277c31758be
- checksum/secret: 70cf32f67386f1e80e2e43ff134eb6aa75717b33fb4cf13a773f306bbb87d4ba
+ checksum/config: bcc4112b98b14dd3d0472cc069c0c5a8c2db9193f8a4826124cca02cf6e320ca
+ checksum/secret: be71d85c634846899c6362261eb4cf6a01362135d1f6faedaede14b6e29d9606
spec:
hostNetwork: false
hostPID: false
@@ -92,7 +92,7 @@
enableServiceLinks: false
containers:
- name: authelia
- image: ghcr.io/authelia/authelia:4.36.1
+ image: ghcr.io/authelia/authelia:4.37.5
imagePullPolicy: IfNotPresent
command: ["authelia"]
args: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.8.38->0.8.58Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
authelia/chartrepo (authelia)
v0.8.58Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.57Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.55Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.54Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.53Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.52Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.51Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.50Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.49Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.48Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.47Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.46Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.45Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.44Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.43Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.42Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.41Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.40Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
v0.8.39Compare Source
Authelia is a Single Sign-On Multi-Factor portal for web apps
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.