feat: Configure Authentik OAuth2 and disable anonymous login in od.config

abcdesktop-values.yaml

@@ -0,0 +1,47 @@
+# abcdesktop-values.yaml
+
+# Disable Ingress as external reverse proxy handles it
+ingress:
+  enabled: true
+  className: "nginx" # O il nome della classe del tuo Ingress Controller
+  annotations:
+    # Aggiungi qui eventuali annotazioni specifiche, es. per cert-manager
+    # cert-manager.io/cluster-issuer: "letsencrypt-prod" # Removed as external proxy handles TLS
+  hosts:
+    - host: morrow.giaco.net
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+
+# Configure service as LoadBalancer
+service:
+  type: ClusterIP
+  # If your LoadBalancer can be configured with a specific IP,
+  # you might need to add externalIPs or similar configuration here.
+  # For now, we'll assume it gets assigned an IP that your reverse proxy targets.
+  # If 10.66.200.220 is an internal IP, ensure your LoadBalancer can expose it.
+  # For many cloud providers, you'd typically let the LoadBalancer get its own external IP.
+  # If 10.66.200.220 is the IP of the LoadBalancer service itself, then it will be assigned.
+  # If it's an IP that the LoadBalancer *should use*, you might need to configure it
+  # via annotations specific to your Kubernetes provider or by setting externalIPs.
+  # For now, I'll leave it generic, assuming the LoadBalancer will expose itself
+  # and your reverse proxy will be configured to point to that exposed IP.
+  # If you need to explicitly set the LoadBalancer IP, please let me know how your
+  # Kubernetes provider handles this (e.g., specific annotations).
+
+# Configurazione dell'autenticazione OAuth2
+config:
+  authentication:
+    anonymous:
+      enabled: false
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - kube-14
+          - kube-15