From 8d7ccdfac966b7ad624a5f0763a76c5498bb6488 Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Sat, 15 Apr 2023 18:21:55 -0400 Subject: [PATCH] Setup ldap in minio environment vars --- cluster/apps/database/minio/minio.sops.yaml | 13 ++++++++-- docs/setup.md | 27 ++++++++++++++++++++- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/cluster/apps/database/minio/minio.sops.yaml b/cluster/apps/database/minio/minio.sops.yaml index 06e3012..cb76279 100644 --- a/cluster/apps/database/minio/minio.sops.yaml +++ b/cluster/apps/database/minio/minio.sops.yaml @@ -6,14 +6,23 @@ metadata: stringData: MINIO_ROOT_USER: ENC[AES256_GCM,data:xEqc/w==,iv:QNJlfvs/uIWuTZ5i/OuGKRvK0iYhbO2bMI9oufCYQAI=,tag:Ck6DVPTcqcDpuM1SUBl+xA==,type:str] MINIO_ROOT_PASSWORD: ENC[AES256_GCM,data:G83RzKMZ8L7F4e0=,iv:UidYzq8QTNX0/xTGcozEI8kvKJD8g58g2Z45Pihtpmw=,tag:UhnngTLbV3ZWK+4jF2hQQw==,type:str] + MINIO_IDENTITY_LDAP_SERVER_ADDR: ENC[AES256_GCM,data:0pw7wnOER/Bo6ks8bBXZDkO/DGRRKmIAW7PkbcfqdOgyjOlcI07gkMNLUvk=,iv:rAn3p3EzdKfWjKNSRMK5lFNMhA0KuK+xFrftKb4c3qY=,tag:8oylCs0edyafJmwJMaLb1w==,type:str] + MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY: ENC[AES256_GCM,data:fpk=,iv:/ZGYSfa5GEnv8/KH5cD9qsd0gz8qmqcDFL3syGUqh6Y=,tag:OuMlBbNxDOo4Em++di05JA==,type:str] + MINIO_IDENTITY_LDAP_SERVER_INSECURE: ENC[AES256_GCM,data:1rM=,iv:SKhuvzcjXy7FJqZeMTtO3alvWa2E1YYRAkM4T1YnDc0=,tag:znUtC3Q0okedbOv7zVOUgQ==,type:str] + MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN: ENC[AES256_GCM,data:33aRyIxdLvW0+I2YDwh8VifqoYoWrIL84ORiQHqqFlFvZaiimTWBNg46BhI8IC4e,iv:qeo9vFoqidUoPI19CQwP4SDqTWuNEWFvTKmipoKZwPs=,tag:7GIwLOBq4ni9ELGLdsYgNw==,type:str] + MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD: ENC[AES256_GCM,data:pIuhgM5tnwYEUTH9D6lHoDhovoGNLV/hCKhWyPmk7hCAyT2UY1I8jGIXdErpF9YZkLcs74pMuQrJZyjg,iv:fP6UzgfOxRmmoGzDmeqO02liSzxbc3LXDkWffUY5rFU=,tag:gAPlBlSmk3sRaoFoA6uytA==,type:str] + MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN: ENC[AES256_GCM,data:9Wm2O3CZ6dJ1oWKiAR/S74O2OXw3UK+GDlP2Od7Wsv1t7oo=,iv:7d+lzsTEj2jy0QSFurr0brY4NqT2wOZOQfdwAEADUaU=,tag:s2Ks9ftCBxeaOAJs3TvxmA==,type:str] + MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER: ENC[AES256_GCM,data:+F8SwQ8NnYkegYOJWAjAbeytMQ==,iv:KRBpb/ss3dYJA9CeARi4BHrUIwq8jsmXQ0N5sT/fA0M=,tag:SmBeODb3/2qV/hQTINflMA==,type:str] + MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN: ENC[AES256_GCM,data:/NShkg0AAnNNvADI0M3p47GjTrbUYAsyKB65bP21e2WFoF8f,iv:G7qgm3JD7lD7qc0fUVraUf5SFCgLndjnwRbbQH4KGVQ=,tag:xmpu0Y+23MMIBjER4PKXYg==,type:str] + MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER: ENC[AES256_GCM,data:ua2lxGZOEosUk5h71qlMVsxHOTua/nUEiXPkrGqXX69SDOlR6CofDg==,iv:Lzr/kDtpJ0QU/eIlB16L0Wsym48m20a7sAbI4xsaXKs=,tag:LaognVNlPVCOXPkRWyz3Zg==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-04-15T00:16:34Z" - mac: ENC[AES256_GCM,data:evOpEk01hJma7fD46PpjXtIeMJ2vLrMEdC4J08djTAFLFZ5R0xCzx7Q1LqpUYYbD6+/Np7KgS8J5Y3vG3XR+IBKJOa5e3Td8ark9ZX9uyeAs6OY/knBg/N8CaArAktb4ZKVAjd5qH3K+jex9NOKQMc05NnCfrxweMGI7GZMJ75c=,iv:jWERVLB3gHD1Dli3K4qKP1C4iSsSs2h6VBVsgIKSzmY=,tag:+wVUGRkMx1FRX/1/wLRVkg==,type:str] + lastmodified: "2023-04-15T22:21:00Z" + mac: ENC[AES256_GCM,data:RTPqmKlqQ8PmD9NeiMIxcXkB4BLmdIwUwc1kzjSh4WYb3waPDYEYh1ZcghbVgSc65WBUXx/0OB6lt5aK31omqRTgPKh2NXsIyuWGsUGDY+xsGvCPXNOwg7sofBz9y1jvUgPMQEwrflz9XJUw8oNZa59sunwJs05wbRxqwWwKTGY=,iv:6DUt5qb9fPrNNc8IgstJiBBuw6gMC8xe7p4qZYZ1mAw=,tag:33lim9TkxR25zPlpr/c9jw==,type:str] pgp: - created_at: "2023-04-07T01:57:22Z" enc: | diff --git a/docs/setup.md b/docs/setup.md index b456dc2..42e1e63 100644 --- a/docs/setup.md +++ b/docs/setup.md @@ -17,4 +17,29 @@ sudo systemctl start k3s sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config sudo chown $USER ~/.kube/config sudo chmod 600 ~/.kube/config -``` \ No newline at end of file +``` + + +## Finishing Service Setup + +### SSO (Authentik) +Many services require SSO to be setup. + +Proxy Providers: +* Bazarr +* Mylar3 +* Prowlarr +* qBittorrent +* Radarr +* Readarr Audiobooks +* Readarr eBooks +* Sonarr +* Prometheus +* Alertmanager +* Traefik + +OpenID Providers: +* Komga +* Apache Guacamole + +An LDAP Provider is also required by services. Create an LDAP provider in authentik and just let it create the kubernetes resources. \ No newline at end of file