From 234b887787693e4cf4d56fcdce95b9eafc2f0404 Mon Sep 17 00:00:00 2001 From: eball Date: Fri, 26 Sep 2025 15:53:40 +0800 Subject: [PATCH] authelia: remove authentication with backend nonce (#1876) * authelia: remove authentication with backend nonce * backup: remove backend nonce --------- Co-authored-by: aby913 --- .../cluster/deploy/appservice_deploy.yaml | 24 +------------------ .../cluster/deploy/auth_backend_deploy.yaml | 7 +----- .../config/cluster/deploy/backup_server.yaml | 12 +--------- .../cluster/deploy/nodeinit_daemonset.yaml | 5 ---- .../cluster/deploy/sys_event_deploy.yaml | 8 +------ 5 files changed, 4 insertions(+), 52 deletions(-) diff --git a/framework/app-service/.olares/config/cluster/deploy/appservice_deploy.yaml b/framework/app-service/.olares/config/cluster/deploy/appservice_deploy.yaml index da0fda05c..9e3826206 100644 --- a/framework/app-service/.olares/config/cluster/deploy/appservice_deploy.yaml +++ b/framework/app-service/.olares/config/cluster/deploy/appservice_deploy.yaml @@ -18,14 +18,6 @@ {{ $nats_password = randAlphaNum 16 | b64enc }} {{- end -}} -{{- $app_service_app_key := (lookup "v1" "Secret" $namespace "app-key") -}} -{{- $app_key_random := "" -}} -{{ if $app_service_app_key -}} -{{ $app_key_random = (index $app_service_app_key "data" "random-key") }} -{{ else -}} -{{ $app_key_random = randAlphaNum 32 | b64enc }} -{{- end -}} - --- apiVersion: v1 kind: Secret @@ -178,7 +170,7 @@ spec: priorityClassName: "system-cluster-critical" containers: - name: app-service - image: beclab/app-service:0.4.7 + image: beclab/app-service:0.4.8 imagePullPolicy: IfNotPresent securityContext: runAsUser: 0 @@ -232,11 +224,6 @@ spec: value: os.groups - name: NATS_SUBJECT_SYSTEM_APPLICATION value: os.application - - name: APP_RANDOM_KEY - valueFrom: - secretKeyRef: - name: app-key - key: random-key - name: HOSTIP valueFrom: fieldRef: @@ -316,15 +303,6 @@ spec: selector: tier: app-service type: ClusterIP ---- -apiVersion: v1 -kind: Secret -metadata: - name: app-key - namespace: {{ .Release.Namespace }} -type: Opaque -data: - random-key: {{ $app_key_random }} --- apiVersion: apr.bytetrade.io/v1alpha1 diff --git a/framework/authelia/.olares/config/cluster/deploy/auth_backend_deploy.yaml b/framework/authelia/.olares/config/cluster/deploy/auth_backend_deploy.yaml index 25a870d16..3724f4a58 100644 --- a/framework/authelia/.olares/config/cluster/deploy/auth_backend_deploy.yaml +++ b/framework/authelia/.olares/config/cluster/deploy/auth_backend_deploy.yaml @@ -429,18 +429,13 @@ spec: privileged: true containers: - name: authelia - image: beclab/auth:0.2.32 + image: beclab/auth:0.2.33 imagePullPolicy: IfNotPresent ports: - containerPort: 9091 env: - name: TZ value: UTC - - name: APP_RANDOM_KEY - valueFrom: - secretKeyRef: - name: app-key - key: random-key - name: NATS_HOST value: nats.os-platform - name: NATS_PORT diff --git a/framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml b/framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml index 454f7f633..aeca0911a 100644 --- a/framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml +++ b/framework/backup-server/.olares/config/cluster/deploy/backup_server.yaml @@ -1,6 +1,6 @@ -{{ $backupVersion := "0.3.48" }} +{{ $backupVersion := "0.3.49" }} {{ $backup_server_rootpath := printf "%s%s" .Values.rootPath "/rootfs/backup-server" }} {{- $backup_nats_secret := (lookup "v1" "Secret" .Release.Namespace "backup-nats-secret") -}} @@ -99,11 +99,6 @@ spec: value: {{ default "false" .Values.backup.is_cloud_version | quote }} - name: ENABLE_MIDDLEWARE_BACKUP value: "true" - - name: APP_RANDOM_KEY - valueFrom: - secretKeyRef: - name: app-key - key: random-key - name: NATS_HOST value: nats.os-platform - name: NATS_PORT @@ -153,11 +148,6 @@ spec: - name: {{ $key }} value: {{ $val | quote }} {{- end }} - - name: APP_RANDOM_KEY - valueFrom: - secretKeyRef: - name: app-key - key: random-key - name: NATS_HOST value: nats.os-platform - name: NATS_PORT diff --git a/framework/osnode-init/.olares/config/cluster/deploy/nodeinit_daemonset.yaml b/framework/osnode-init/.olares/config/cluster/deploy/nodeinit_daemonset.yaml index 9b80fa7cf..4e65ca733 100644 --- a/framework/osnode-init/.olares/config/cluster/deploy/nodeinit_daemonset.yaml +++ b/framework/osnode-init/.olares/config/cluster/deploy/nodeinit_daemonset.yaml @@ -41,11 +41,6 @@ spec: fieldPath: "status.hostIP" - name: S3_BUCKET value: {{ .Values.s3_bucket }} - - name: APP_RANDOM_KEY - valueFrom: - secretKeyRef: - name: app-key - key: random-key resources: requests: cpu: 20m diff --git a/platform/tapr/.olares/config/cluster/deploy/sys_event_deploy.yaml b/platform/tapr/.olares/config/cluster/deploy/sys_event_deploy.yaml index 40ca0e0c1..53209fb97 100644 --- a/platform/tapr/.olares/config/cluster/deploy/sys_event_deploy.yaml +++ b/platform/tapr/.olares/config/cluster/deploy/sys_event_deploy.yaml @@ -76,14 +76,8 @@ spec: runAsUser: 0 containers: - name: tapr-sysevent - image: beclab/sys-event:0.2.9 + image: beclab/sys-event:0.2.10 imagePullPolicy: IfNotPresent - env: - - name: APP_RANDOM_KEY - valueFrom: - secretKeyRef: - name: app-key - key: random-key --- apiVersion: v1