feat: migrate ingresses to nginx

2025-09-17 18:24:14 +02:00 · 2021-08-08 23:49:47 +02:00
parent 815a02f6eb
commit 0ed47b08b7
43 changed files with 101 additions and 60 deletions
--- a/cluster/apps/data/bookstack/helm-release.yaml
+++ b/cluster/apps/data/bookstack/helm-release.yaml
@@ -50,7 +50,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/data/forecastle/helm-release.yaml
+++ b/cluster/apps/data/forecastle/helm-release.yaml
@@ -29,8 +29,10 @@ spec:
            - networking
      ingress:
        enabled: true
+        ingressClassName: "nginx"
        annotations:
-          kubernetes.io/ingress.class: "traefik"
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
        hosts:
--- a/cluster/apps/data/freshrss/helm-release.yaml
+++ b/cluster/apps/data/freshrss/helm-release.yaml
@@ -37,7 +37,7 @@ spec:
      main:
        enabled: true
        annotations:
-          kubernetes.io/ingress.class: "traefik"
+          kubernetes.io/ingress.class: "nginx"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
          forecastle.stakater.com/appName: "FreshRSS"
--- a/cluster/apps/data/joplin-server/helm-release.yaml
+++ b/cluster/apps/data/joplin-server/helm-release.yaml
@@ -46,9 +46,8 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
-          kubernetes.io/ingress.class: "traefik"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        hosts:
          - host: joplin.${SECRET_CLUSTER_DOMAIN}
--- a/cluster/apps/data/pgadmin/helm-release.yaml
+++ b/cluster/apps/data/pgadmin/helm-release.yaml
@@ -28,8 +28,10 @@ spec:
      password: ${SECRET_PGADMIN_PASSWORD}
    ingress:
      enabled: true
+      ingressClassName: "nginx"
      annotations:
-        kubernetes.io/ingress.class: "traefik"
+        nginx.ingress.kubernetes.io/client-body-buffer-size: "50m"
+        nginx.ingress.kubernetes.io/proxy-body-size: "50m"
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
        forecastle.stakater.com/expose: "true"
--- a/cluster/apps/data/recipes/helm-release.yaml
+++ b/cluster/apps/data/recipes/helm-release.yaml
@@ -52,8 +52,9 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/client-body-buffer-size: "10m"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-small@kubernetescrd
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/data/resilio-sync/statefulset.yaml
+++ b/cluster/apps/data/resilio-sync/statefulset.yaml
@@ -206,7 +206,6 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
-    kubernetes.io/ingress.class: "traefik"
    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
    forecastle.stakater.com/expose: "true"
    forecastle.stakater.com/appName: "Resilio Sync"
@@ -218,6 +217,7 @@ metadata:
  name: resilio-sync
  namespace: data
 spec:
+  ingressClassName: "nginx"
  rules:
    - host: resilio-sync-claude.${SECRET_CLUSTER_DOMAIN}
      http:
--- a/cluster/apps/data/sharry/helm-release.yaml
+++ b/cluster/apps/data/sharry/helm-release.yaml
@@ -43,8 +43,11 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/client-body-buffer-size: "2048m"
+          nginx.ingress.kubernetes.io/proxy-body-size: "2048m"
+          nginx.ingress.kubernetes.io/proxy-buffering: "off"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/data/vaultwarden/helm-release.yaml
+++ b/cluster/apps/data/vaultwarden/helm-release.yaml
@@ -44,7 +44,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/data/vikunja/helm-release.yaml
+++ b/cluster/apps/data/vikunja/helm-release.yaml
@@ -60,7 +60,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/data/wallabag/helm-release.yaml
+++ b/cluster/apps/data/wallabag/helm-release.yaml
@@ -45,7 +45,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/development/docker-registry/helm-release.yaml
+++ b/cluster/apps/development/docker-registry/helm-release.yaml
@@ -32,7 +32,10 @@ spec:
    ingress:
      enabled: true
      annotations:
-        kubernetes.io/ingress.class: "traefik"
+        kubernetes.io/ingress.class: "nginx"
+        nginx.ingress.kubernetes.io/proxy-body-size: "0"
+        nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+        nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
      hosts:
--- a/cluster/apps/development/drone/helm-release.yaml
+++ b/cluster/apps/development/drone/helm-release.yaml
@@ -41,7 +41,7 @@ spec:
    ingress:
      enabled: true
      annotations:
-        kubernetes.io/ingress.class: "traefik"
+        kubernetes.io/ingress.class: "nginx"
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
      hosts:
        - host: drone.${SECRET_CLUSTER_DOMAIN}
--- a/cluster/apps/development/gitea/helm-release.yaml
+++ b/cluster/apps/development/gitea/helm-release.yaml
@@ -27,7 +27,7 @@ spec:
    ingress:
      enabled: true
      annotations:
-        kubernetes.io/ingress.class: "traefik"
+        kubernetes.io/ingress.class: "nginx"
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
      hosts:
        - host: "gitea.${SECRET_CLUSTER_DOMAIN}"
--- a/cluster/apps/home-automation/emqx/helm-release.yaml
+++ b/cluster/apps/home-automation/emqx/helm-release.yaml
@@ -30,7 +30,7 @@ spec:
      dashboard:
        enabled: true
        annotations:
-          kubernetes.io/ingress.class: "traefik"
+          kubernetes.io/ingress.class: "nginx"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        path: /
        hosts:
--- a/cluster/apps/home-automation/frigate/helm-release.yaml
+++ b/cluster/apps/home-automation/frigate/helm-release.yaml
@@ -24,7 +24,9 @@ spec:
      main:
        enabled: true
        annotations:
-          kubernetes.io/ingress.class: "traefik"
+          kubernetes.io/ingress.class: "nginx"
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
        hosts:
--- a/cluster/apps/home-automation/home-assistant/helm-release.yaml
+++ b/cluster/apps/home-automation/home-assistant/helm-release.yaml
@@ -44,7 +44,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        hosts:
@@ -86,7 +86,7 @@ spec:
          - "/config/.vscode"
        ingress:
          enabled: true
-          ingressClassName: "traefik"
+          ingressClassName: "nginx"
          annotations:
            traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          hosts:
--- a/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml
+++ b/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml
@@ -69,8 +69,10 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
        hosts:
--- a/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml
+++ b/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml
@@ -28,8 +28,10 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
        hosts:
--- a/cluster/apps/kasten-io/k10/helm-release.yaml
+++ b/cluster/apps/kasten-io/k10/helm-release.yaml
@@ -33,17 +33,18 @@ spec:
      create: true
      host: "k10.${SECRET_CLUSTER_DOMAIN}"
      annotations:
+        kubernetes.io/ingress.class: "nginx"
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
      urlPath: k10
      hosts:
        - "k10.${SECRET_CLUSTER_DOMAIN}"
-  postRenderers:
-    - kustomize:
-        patchesJson6902:
-          - target:
-              kind: Ingress
-              name: k10-ingress
-            patch:
-              - op: add
-                path: /spec/ingressClassName
-                value: traefik
+  # postRenderers:
+  #   - kustomize:
+  #       patchesJson6902:
+  #         - target:
+  #             kind: Ingress
+  #             name: k10-ingress
+  #           patch:
+  #             - op: add
+  #               path: /spec/ingressClassName
+  #               value: traefik
--- a/cluster/apps/media/bazarr/helm-release.yaml
+++ b/cluster/apps/media/bazarr/helm-release.yaml
@@ -50,8 +50,10 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
        hosts:
--- a/cluster/apps/media/flood/helm-release.yaml
+++ b/cluster/apps/media/flood/helm-release.yaml
@@ -36,7 +36,9 @@ spec:
      main:
        enabled: true
        annotations:
-          kubernetes.io/ingress.class: "traefik"
+          kubernetes.io/ingress.class: "nginx"
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/media/jellyfin/helm-release.yaml
+++ b/cluster/apps/media/jellyfin/helm-release.yaml
@@ -53,7 +53,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/media/lidarr/helm-release.yaml
+++ b/cluster/apps/media/lidarr/helm-release.yaml
@@ -31,8 +31,10 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
          forecastle.stakater.com/expose: "true"
@@ -46,7 +48,7 @@ spec:
                pathType: Prefix
      api:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        hosts:
--- a/cluster/apps/media/lychee/helm-release.yaml
+++ b/cluster/apps/media/lychee/helm-release.yaml
@@ -34,7 +34,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/media/navidrome/helm-release.yaml
+++ b/cluster/apps/media/navidrome/helm-release.yaml
@@ -31,7 +31,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/media/prowlarr/helm-release.yaml
+++ b/cluster/apps/media/prowlarr/helm-release.yaml
@@ -35,8 +35,10 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/media/pyload/helm-release.yaml
+++ b/cluster/apps/media/pyload/helm-release.yaml
@@ -46,7 +46,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/media/qbittorrent/helm-release.yaml
+++ b/cluster/apps/media/qbittorrent/helm-release.yaml
@@ -63,7 +63,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/media/radarr/helm-release.yaml
+++ b/cluster/apps/media/radarr/helm-release.yaml
@@ -31,8 +31,10 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
          forecastle.stakater.com/expose: "true"
@@ -46,7 +48,7 @@ spec:
                pathType: Prefix
      api:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        hosts:
--- a/cluster/apps/media/sabnzbd/helm-release.yaml
+++ b/cluster/apps/media/sabnzbd/helm-release.yaml
@@ -31,7 +31,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
@@ -46,7 +46,7 @@ spec:
                pathType: Prefix
      api:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        nameSuffix: "api"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
--- a/cluster/apps/media/sonarr/helm-release.yaml
+++ b/cluster/apps/media/sonarr/helm-release.yaml
@@ -31,8 +31,10 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
          forecastle.stakater.com/expose: "true"
@@ -46,7 +48,7 @@ spec:
                pathType: Prefix
      api:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        hosts:
--- a/cluster/apps/media/tdarr/helm-release.yaml
+++ b/cluster/apps/media/tdarr/helm-release.yaml
@@ -62,8 +62,10 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
          forecastle.stakater.com/expose: "true"
--- a/cluster/apps/media/travelstories/deployment.yaml
+++ b/cluster/apps/media/travelstories/deployment.yaml
@@ -79,7 +79,9 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
-    kubernetes.io/ingress.class: "traefik"
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+    nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
    traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
    forecastle.stakater.com/expose: "true"
--- a/cluster/apps/monitoring/blackbox-exporter/helm-release.yaml
+++ b/cluster/apps/monitoring/blackbox-exporter/helm-release.yaml
@@ -87,7 +87,9 @@ spec:
    ingress:
      enabled: true
      annotations:
-        kubernetes.io/ingress.class: "traefik"
+        kubernetes.io/ingress.class: "nginx"
+        nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+        nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
      hosts:
--- a/cluster/apps/monitoring/healthchecks/helm-release.yaml
+++ b/cluster/apps/monitoring/healthchecks/helm-release.yaml
@@ -61,7 +61,7 @@ spec:
    ingress:
      main:
        enabled: true
-        ingressClassName: "traefik"
+        ingressClassName: "nginx"
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        hosts:
--- a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml
+++ b/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml
@@ -33,7 +33,9 @@ spec:
        enabled: true
        pathType: Prefix
        annotations:
-          kubernetes.io/ingress.class: "traefik"
+          kubernetes.io/ingress.class: "nginx"
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
        hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
@@ -195,7 +197,7 @@ spec:
        enabled: true
        pathType: Prefix
        annotations:
-          kubernetes.io/ingress.class: "traefik"
+          kubernetes.io/ingress.class: "nginx"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        hosts: ["grafana.${SECRET_CLUSTER_DOMAIN}"]
    kubeEtcd:
@@ -211,7 +213,9 @@ spec:
        enabled: true
        pathType: Prefix
        annotations:
-          kubernetes.io/ingress.class: "traefik"
+          kubernetes.io/ingress.class: "nginx"
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
        hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
--- a/cluster/apps/monitoring/thanos/helm-release.yaml
+++ b/cluster/apps/monitoring/thanos/helm-release.yaml
@@ -29,7 +29,9 @@ spec:
        enabled: true
        hostname: "thanos.${SECRET_CLUSTER_DOMAIN}"
        annotations:
-          kubernetes.io/ingress.class: "traefik"
+          kubernetes.io/ingress.class: "nginx"
+          nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
+          nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
          traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
        tls: false
--- a/cluster/apps/monitoring/uptime-kuma/statefulset.yaml
+++ b/cluster/apps/monitoring/uptime-kuma/statefulset.yaml
@@ -68,7 +68,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
-    kubernetes.io/ingress.class: "traefik"
+    kubernetes.io/ingress.class: "nginx"
    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
  labels:
    app.kubernetes.io/instance: uptime-kuma
--- a/cluster/apps/networking/authelia/deployment.yaml
+++ b/cluster/apps/networking/authelia/deployment.yaml
@@ -91,7 +91,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
-    kubernetes.io/ingress.class: "traefik"
+    kubernetes.io/ingress.class: "nginx"
    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
  labels:
    app.kubernetes.io/instance: authelia
--- a/cluster/apps/networking/authentik/helm-release.yaml
+++ b/cluster/apps/networking/authentik/helm-release.yaml
@@ -23,7 +23,7 @@ spec:

    ingress:
      enabled: true
-      ingressClassName: "traefik"
+      ingressClassName: "nginx"
      annotations:
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
      hosts:
--- a/cluster/apps/networking/unifi/helm-release.yaml
+++ b/cluster/apps/networking/unifi/helm-release.yaml
@@ -32,7 +32,7 @@ spec:
    ingress:
      enabled: true
      annotations:
-        kubernetes.io/ingress.class: "traefik"
+        kubernetes.io/ingress.class: "nginx"
        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
        traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
      hosts:
--- a/cluster/core/rook-ceph/dashboard/ingress.yaml
+++ b/cluster/core/rook-ceph/dashboard/ingress.yaml
@@ -5,7 +5,7 @@ metadata:
  name: rook-ceph-mgr-dashboard
  namespace: rook-ceph
  annotations:
-    kubernetes.io/ingress.class: "traefik"
+    kubernetes.io/ingress.class: "nginx"
    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
  labels:
    app.kubernetes.io/instance: rook-ceph-mgr-dashboard