From 248e40c05c78c05eec02240fbb22aae8f6656669 Mon Sep 17 00:00:00 2001
From: auricom <27022259+auricom@users.noreply.github.com>
Date: Sat, 14 Aug 2021 12:36:17 +0200
Subject: [PATCH] feat: migrate ingresses to nginx
---
cluster/apps/data/bookstack/helm-release.yaml | 5 ++--
cluster/apps/data/freshrss/helm-release.yaml | 3 +-
cluster/apps/data/homer/helm-release.yaml | 14 ++++++----
.../apps/data/joplin-server/helm-release.yaml | 5 ++--
cluster/apps/data/pgadmin/helm-release.yaml | 25 +++++++++--------
cluster/apps/data/recipes/helm-release.yaml | 7 +++--
.../apps/data/resilio-sync/statefulset.yaml | 5 ++--
cluster/apps/data/sharry/helm-release.yaml | 7 +++--
.../apps/data/vaultwarden/helm-release.yaml | 5 ++--
cluster/apps/data/vikunja/helm-release.yaml | 5 ++--
cluster/apps/data/wallabag/helm-release.yaml | 5 ++--
.../docker-registry/helm-release.yaml | 28 +++++++++++--------
.../apps/development/drone/helm-release.yaml | 21 +++++++-------
.../apps/development/gitea/helm-release.yaml | 23 +++++++--------
.../home-automation/emqx/helm-release.yaml | 17 +++++------
.../home-automation/frigate/helm-release.yaml | 9 ++++--
.../home-assistant/helm-release.yaml | 14 ++++++----
.../zigbee2mqtt/helm-release.yaml | 9 ++++--
.../zwavejs2mqtt/helm-release.yaml | 9 ++++--
cluster/apps/kasten-io/k10/helm-release.yaml | 23 +++++++--------
cluster/apps/media/bazarr/helm-release.yaml | 13 +++++++--
cluster/apps/media/flood/helm-release.yaml | 13 +++++++--
cluster/apps/media/jellyfin/helm-release.yaml | 5 ++--
cluster/apps/media/lidarr/helm-release.yaml | 18 ++++++++----
cluster/apps/media/lychee/helm-release.yaml | 5 ++--
.../apps/media/navidrome/helm-release.yaml | 5 ++--
cluster/apps/media/prowlarr/helm-release.yaml | 13 +++++++--
cluster/apps/media/pyload/helm-release.yaml | 7 +++--
.../apps/media/qbittorrent/helm-release.yaml | 9 ++++--
cluster/apps/media/radarr/helm-release.yaml | 18 ++++++++----
cluster/apps/media/readarr/helm-release.yaml | 18 ++++++++----
cluster/apps/media/sabnzbd/helm-release.yaml | 18 ++++++++----
cluster/apps/media/sonarr/helm-release.yaml | 18 ++++++++----
cluster/apps/media/tdarr/helm-release.yaml | 9 ++++--
.../apps/media/travelstories/deployment.yaml | 9 ++++--
.../blackbox-exporter/helm-release.yaml | 27 ++++++++++--------
.../monitoring/healthchecks/helm-release.yaml | 7 +++--
.../kube-prometheus-stack/helm-release.yaml | 23 +++++++++------
.../apps/monitoring/thanos/helm-release.yaml | 27 ++++++++++--------
.../monitoring/uptime-kuma/statefulset.yaml | 5 ++--
.../networking/authelia/helm-release.yaml | 3 +-
.../networking/authentik/helm-release.yaml | 5 ++--
.../apps/networking/unifi/helm-release.yaml | 7 +++--
cluster/core/rook-ceph/dashboard/ingress.yaml | 5 ++--
44 files changed, 328 insertions(+), 198 deletions(-)
diff --git a/cluster/apps/data/bookstack/helm-release.yaml b/cluster/apps/data/bookstack/helm-release.yaml
index fa0d26cd8..d7368f32d 100644
--- a/cluster/apps/data/bookstack/helm-release.yaml
+++ b/cluster/apps/data/bookstack/helm-release.yaml
@@ -59,9 +59,10 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: bookstack.${SECRET_CLUSTER_DOMAIN}
paths:
diff --git a/cluster/apps/data/freshrss/helm-release.yaml b/cluster/apps/data/freshrss/helm-release.yaml
index 082eba521..9f74ee7f2 100644
--- a/cluster/apps/data/freshrss/helm-release.yaml
+++ b/cluster/apps/data/freshrss/helm-release.yaml
@@ -42,8 +42,9 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
+ kubernetes.io/ingress.class: "nginx"
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: freshrss.${SECRET_CLUSTER_DOMAIN}
diff --git a/cluster/apps/data/homer/helm-release.yaml b/cluster/apps/data/homer/helm-release.yaml
index bb1b8c51e..59ac3e7bd 100644
--- a/cluster/apps/data/homer/helm-release.yaml
+++ b/cluster/apps/data/homer/helm-release.yaml
@@ -40,10 +40,11 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "homer.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -70,10 +71,11 @@ spec:
- "/www/assets/.vscode"
ingress:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "homer-config.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/data/joplin-server/helm-release.yaml b/cluster/apps/data/joplin-server/helm-release.yaml
index 43d71373c..25e6d604f 100644
--- a/cluster/apps/data/joplin-server/helm-release.yaml
+++ b/cluster/apps/data/joplin-server/helm-release.yaml
@@ -41,9 +41,10 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "joplin.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/data/pgadmin/helm-release.yaml b/cluster/apps/data/pgadmin/helm-release.yaml
index 35e57b7d1..8ec014454 100644
--- a/cluster/apps/data/pgadmin/helm-release.yaml
+++ b/cluster/apps/data/pgadmin/helm-release.yaml
@@ -28,8 +28,9 @@ spec:
ingress:
enabled: true
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
hosts:
- host: "pgadmin.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -39,13 +40,13 @@ spec:
- hosts:
- "pgadmin.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
- postRenderers:
- - kustomize:
- patchesJson6902:
- - target:
- kind: Ingress
- name: pgadmin-pgadmin4
- patch:
- - op: add
- path: /spec/ingressClassName
- value: traefik
+ # postRenderers:
+ # - kustomize:
+ # patchesJson6902:
+ # - target:
+ # kind: Ingress
+ # name: pgadmin-pgadmin4
+ # patch:
+ # - op: add
+ # path: /spec/ingressClassName
+ # value: traefik
diff --git a/cluster/apps/data/recipes/helm-release.yaml b/cluster/apps/data/recipes/helm-release.yaml
index c5f55bf88..df1f22958 100644
--- a/cluster/apps/data/recipes/helm-release.yaml
+++ b/cluster/apps/data/recipes/helm-release.yaml
@@ -62,10 +62,11 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-small@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-small@kubernetescrd
hosts:
- host: "recipes.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/data/resilio-sync/statefulset.yaml b/cluster/apps/data/resilio-sync/statefulset.yaml
index fa8f31029..44cde8ecb 100644
--- a/cluster/apps/data/resilio-sync/statefulset.yaml
+++ b/cluster/apps/data/resilio-sync/statefulset.yaml
@@ -206,14 +206,15 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
labels:
app.kubernetes.io/instance: resilio-sync
app.kubernetes.io/name: resilio-sync
name: resilio-sync
namespace: data
spec:
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
tls:
- hosts:
- "resilio-sync-claude.${SECRET_CLUSTER_DOMAIN}"
diff --git a/cluster/apps/data/sharry/helm-release.yaml b/cluster/apps/data/sharry/helm-release.yaml
index 1a2aec79c..6a4e9b330 100644
--- a/cluster/apps/data/sharry/helm-release.yaml
+++ b/cluster/apps/data/sharry/helm-release.yaml
@@ -114,10 +114,11 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
hosts:
- host: "sharry.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/data/vaultwarden/helm-release.yaml b/cluster/apps/data/vaultwarden/helm-release.yaml
index 053d1aa52..547496776 100644
--- a/cluster/apps/data/vaultwarden/helm-release.yaml
+++ b/cluster/apps/data/vaultwarden/helm-release.yaml
@@ -52,9 +52,10 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "vaultwarden.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/data/vikunja/helm-release.yaml b/cluster/apps/data/vikunja/helm-release.yaml
index 0ecbed308..c4a296d89 100644
--- a/cluster/apps/data/vikunja/helm-release.yaml
+++ b/cluster/apps/data/vikunja/helm-release.yaml
@@ -42,9 +42,10 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "vikunja.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/data/wallabag/helm-release.yaml b/cluster/apps/data/wallabag/helm-release.yaml
index 63449755b..5ad2b3ef9 100644
--- a/cluster/apps/data/wallabag/helm-release.yaml
+++ b/cluster/apps/data/wallabag/helm-release.yaml
@@ -63,9 +63,10 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "wallabag.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/development/docker-registry/helm-release.yaml b/cluster/apps/development/docker-registry/helm-release.yaml
index 8200e23a7..e0ff0e4d3 100644
--- a/cluster/apps/development/docker-registry/helm-release.yaml
+++ b/cluster/apps/development/docker-registry/helm-release.yaml
@@ -40,8 +40,12 @@ spec:
ingress:
enabled: true
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/proxy-body-size: "0"
+ nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+ nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
hosts:
- "registry.${SECRET_CLUSTER_DOMAIN}"
tls:
@@ -49,13 +53,13 @@ spec:
- "registry.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
- postRenderers:
- - kustomize:
- patchesJson6902:
- - target:
- kind: Ingress
- name: docker-registry
- patch:
- - op: add
- path: /spec/ingressClassName
- value: traefik
+ # postRenderers:
+ # - kustomize:
+ # patchesJson6902:
+ # - target:
+ # kind: Ingress
+ # name: docker-registry
+ # patch:
+ # - op: add
+ # path: /spec/ingressClassName
+ # value: traefik
diff --git a/cluster/apps/development/drone/helm-release.yaml b/cluster/apps/development/drone/helm-release.yaml
index 4268b1b2c..87058e080 100644
--- a/cluster/apps/development/drone/helm-release.yaml
+++ b/cluster/apps/development/drone/helm-release.yaml
@@ -45,7 +45,8 @@ spec:
ingress:
enabled: true
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "drone.${SECRET_CLUSTER_DOMAIN}"
paths: ["/"]
@@ -53,13 +54,11 @@ spec:
- hosts:
- "wallabag.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
- postRenderers:
- - kustomize:
- patchesJson6902:
- - target:
- kind: Ingress
- name: drone
- patch:
- - op: add
- path: /spec/ingressClassName
- value: traefik
+ # postRenderers:
+ # - kustomize:
+ # patchesJson6902:
+ # name: drone
+ # patch:
+ # - op: add
+ # path: /spec/ingressClassName
+ # value: traefik
diff --git a/cluster/apps/development/gitea/helm-release.yaml b/cluster/apps/development/gitea/helm-release.yaml
index d2225c5ab..68e678ccf 100644
--- a/cluster/apps/development/gitea/helm-release.yaml
+++ b/cluster/apps/development/gitea/helm-release.yaml
@@ -88,7 +88,8 @@ spec:
ingress:
enabled: true
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "gitea.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -99,13 +100,13 @@ spec:
- "gitea.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
- postRenderers:
- - kustomize:
- patchesJson6902:
- - target:
- kind: Ingress
- name: gitea
- patch:
- - op: add
- path: /spec/ingressClassName
- value: traefik
+ # postRenderers:
+ # - kustomize:
+ # patchesJson6902:
+ # - target:
+ # kind: Ingress
+ # name: gitea
+ # patch:
+ # - op: add
+ # path: /spec/ingressClassName
+ # value: traefik
diff --git a/cluster/apps/home-automation/emqx/helm-release.yaml b/cluster/apps/home-automation/emqx/helm-release.yaml
index d184e1d32..47fb19a0c 100644
--- a/cluster/apps/home-automation/emqx/helm-release.yaml
+++ b/cluster/apps/home-automation/emqx/helm-release.yaml
@@ -61,7 +61,8 @@ spec:
dashboard:
enabled: true
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
path: /
hosts:
- emqx.${SECRET_CLUSTER_DOMAIN}
@@ -102,10 +103,10 @@ spec:
path: /spec/externalIPs
value:
- "${CLUSTER_LB_EMQX}"
- - target:
- kind: Ingress
- name: emqx-dashboard
- patch:
- - op: add
- path: /spec/ingressClassName
- value: traefik
+ # - target:
+ # kind: Ingress
+ # name: emqx-dashboard
+ # patch:
+ # - op: add
+ # path: /spec/ingressClassName
+ # value: traefik
diff --git a/cluster/apps/home-automation/frigate/helm-release.yaml b/cluster/apps/home-automation/frigate/helm-release.yaml
index 52a639a6e..9814eef90 100644
--- a/cluster/apps/home-automation/frigate/helm-release.yaml
+++ b/cluster/apps/home-automation/frigate/helm-release.yaml
@@ -95,10 +95,13 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "frigate.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/home-automation/home-assistant/helm-release.yaml b/cluster/apps/home-automation/home-assistant/helm-release.yaml
index dc5b55ba0..c87092a80 100644
--- a/cluster/apps/home-automation/home-assistant/helm-release.yaml
+++ b/cluster/apps/home-automation/home-assistant/helm-release.yaml
@@ -47,9 +47,10 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "hass.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -101,10 +102,13 @@ spec:
- "/config/.vscode"
ingress:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "hass-config.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml b/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml
index a2f12df1f..cf3961730 100644
--- a/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml
+++ b/cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml
@@ -73,10 +73,13 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "zigbee.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml b/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml
index e4399229a..e1db8a4d0 100644
--- a/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml
+++ b/cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml
@@ -37,10 +37,13 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: zwave.${SECRET_CLUSTER_DOMAIN}
paths:
diff --git a/cluster/apps/kasten-io/k10/helm-release.yaml b/cluster/apps/kasten-io/k10/helm-release.yaml
index 90536fb45..67645e430 100644
--- a/cluster/apps/kasten-io/k10/helm-release.yaml
+++ b/cluster/apps/kasten-io/k10/helm-release.yaml
@@ -33,17 +33,18 @@ spec:
create: true
host: "k10.${SECRET_CLUSTER_DOMAIN}"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
urlPath: k10
hosts:
- "k10.${SECRET_CLUSTER_DOMAIN}"
- postRenderers:
- - kustomize:
- patchesJson6902:
- - target:
- kind: Ingress
- name: k10-ingress
- patch:
- - op: add
- path: /spec/ingressClassName
- value: traefik
+ # postRenderers:
+ # - kustomize:
+ # patchesJson6902:
+ # - target:
+ # kind: Ingress
+ # name: k10-ingress
+ # patch:
+ # - op: add
+ # path: /spec/ingressClassName
+ # value: traefik
diff --git a/cluster/apps/media/bazarr/helm-release.yaml b/cluster/apps/media/bazarr/helm-release.yaml
index ee3365534..384d97eef 100644
--- a/cluster/apps/media/bazarr/helm-release.yaml
+++ b/cluster/apps/media/bazarr/helm-release.yaml
@@ -48,10 +48,17 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ proxy_set_header Accept-Encoding "";
+ sub_filter '' '';
+ sub_filter_once on;
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "bazarr.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/flood/helm-release.yaml b/cluster/apps/media/flood/helm-release.yaml
index 06b1d4572..586550a51 100644
--- a/cluster/apps/media/flood/helm-release.yaml
+++ b/cluster/apps/media/flood/helm-release.yaml
@@ -48,10 +48,17 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ proxy_set_header Accept-Encoding "";
+ sub_filter '' '';
+ sub_filter_once on;
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: flood.${SECRET_CLUSTER_DOMAIN}
paths:
diff --git a/cluster/apps/media/jellyfin/helm-release.yaml b/cluster/apps/media/jellyfin/helm-release.yaml
index c0052a9fd..4414409d3 100644
--- a/cluster/apps/media/jellyfin/helm-release.yaml
+++ b/cluster/apps/media/jellyfin/helm-release.yaml
@@ -48,9 +48,10 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "jellyfin.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/lidarr/helm-release.yaml b/cluster/apps/media/lidarr/helm-release.yaml
index 03b84f4f0..b4fc34943 100644
--- a/cluster/apps/media/lidarr/helm-release.yaml
+++ b/cluster/apps/media/lidarr/helm-release.yaml
@@ -56,10 +56,17 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ proxy_set_header Accept-Encoding "";
+ sub_filter '' '';
+ sub_filter_once on;
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "lidarr.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -70,9 +77,10 @@ spec:
- "lidarr.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "lidarr.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/lychee/helm-release.yaml b/cluster/apps/media/lychee/helm-release.yaml
index 55d1cab5c..ef7ce0ec8 100644
--- a/cluster/apps/media/lychee/helm-release.yaml
+++ b/cluster/apps/media/lychee/helm-release.yaml
@@ -51,8 +51,9 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "nginx"
- # annotations:
+ # ingressClassName: "traefik"
+ annotations:
+ kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "lychee.${SECRET_CLUSTER_DOMAIN}"
diff --git a/cluster/apps/media/navidrome/helm-release.yaml b/cluster/apps/media/navidrome/helm-release.yaml
index c28f02493..b8f414b78 100644
--- a/cluster/apps/media/navidrome/helm-release.yaml
+++ b/cluster/apps/media/navidrome/helm-release.yaml
@@ -48,9 +48,10 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "navidrome.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/prowlarr/helm-release.yaml b/cluster/apps/media/prowlarr/helm-release.yaml
index fae90a4a9..b3fa13a59 100644
--- a/cluster/apps/media/prowlarr/helm-release.yaml
+++ b/cluster/apps/media/prowlarr/helm-release.yaml
@@ -39,10 +39,17 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ proxy_set_header Accept-Encoding "";
+ sub_filter '' '';
+ sub_filter_once on;
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "prowlarr.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/pyload/helm-release.yaml b/cluster/apps/media/pyload/helm-release.yaml
index 8f14515d0..bdd3609eb 100644
--- a/cluster/apps/media/pyload/helm-release.yaml
+++ b/cluster/apps/media/pyload/helm-release.yaml
@@ -43,9 +43,12 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "pyload.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/qbittorrent/helm-release.yaml b/cluster/apps/media/qbittorrent/helm-release.yaml
index e3ba6bc76..c80bdef40 100644
--- a/cluster/apps/media/qbittorrent/helm-release.yaml
+++ b/cluster/apps/media/qbittorrent/helm-release.yaml
@@ -63,9 +63,14 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ proxy_set_header Accept-Encoding "";
+ sub_filter '' '';
+ sub_filter_once on;
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "qbittorrent.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/radarr/helm-release.yaml b/cluster/apps/media/radarr/helm-release.yaml
index 096891ff8..c723b913f 100644
--- a/cluster/apps/media/radarr/helm-release.yaml
+++ b/cluster/apps/media/radarr/helm-release.yaml
@@ -53,10 +53,17 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ proxy_set_header Accept-Encoding "";
+ sub_filter '' '';
+ sub_filter_once on;
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "radarr.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -67,9 +74,10 @@ spec:
- "radarr.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "radarr.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/readarr/helm-release.yaml b/cluster/apps/media/readarr/helm-release.yaml
index 8ae766cd5..7268bb135 100644
--- a/cluster/apps/media/readarr/helm-release.yaml
+++ b/cluster/apps/media/readarr/helm-release.yaml
@@ -48,10 +48,17 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ proxy_set_header Accept-Encoding "";
+ sub_filter '' '';
+ sub_filter_once on;
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "readarr.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -62,9 +69,10 @@ spec:
- "readarr.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "readarr.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/sabnzbd/helm-release.yaml b/cluster/apps/media/sabnzbd/helm-release.yaml
index 57bdf03e5..0f6c5fbb8 100644
--- a/cluster/apps/media/sabnzbd/helm-release.yaml
+++ b/cluster/apps/media/sabnzbd/helm-release.yaml
@@ -46,10 +46,17 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ proxy_set_header Accept-Encoding "";
+ sub_filter '' '';
+ sub_filter_once on;
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -60,10 +67,11 @@ spec:
- "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
nameSuffix: "api"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/sonarr/helm-release.yaml b/cluster/apps/media/sonarr/helm-release.yaml
index 30b309816..ff37acd26 100644
--- a/cluster/apps/media/sonarr/helm-release.yaml
+++ b/cluster/apps/media/sonarr/helm-release.yaml
@@ -51,10 +51,17 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ proxy_set_header Accept-Encoding "";
+ sub_filter '' '';
+ sub_filter_once on;
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "sonarr.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -65,9 +72,10 @@ spec:
- "sonarr.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "sonarr.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/tdarr/helm-release.yaml b/cluster/apps/media/tdarr/helm-release.yaml
index bc6d429ba..95a470555 100644
--- a/cluster/apps/media/tdarr/helm-release.yaml
+++ b/cluster/apps/media/tdarr/helm-release.yaml
@@ -62,10 +62,13 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "tdarr.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/media/travelstories/deployment.yaml b/cluster/apps/media/travelstories/deployment.yaml
index 5da014300..ed00df277 100644
--- a/cluster/apps/media/travelstories/deployment.yaml
+++ b/cluster/apps/media/travelstories/deployment.yaml
@@ -75,15 +75,18 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
labels:
app.kubernetes.io/instance: travelstories
app.kubernetes.io/name: travelstories
name: travelstories
namespace: media
spec:
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
rules:
- host: "travelstories.${SECRET_CLUSTER_DOMAIN}"
http:
diff --git a/cluster/apps/monitoring/blackbox-exporter/helm-release.yaml b/cluster/apps/monitoring/blackbox-exporter/helm-release.yaml
index 7bcb35d50..1ef2a5131 100644
--- a/cluster/apps/monitoring/blackbox-exporter/helm-release.yaml
+++ b/cluster/apps/monitoring/blackbox-exporter/helm-release.yaml
@@ -91,8 +91,11 @@ spec:
ingress:
enabled: true
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "blackbox.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -103,13 +106,13 @@ spec:
- "blackbox.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
- postRenderers:
- - kustomize:
- patchesJson6902:
- - target:
- kind: Ingress
- name: blackbox-exporter-prometheus-blackbox-exporter
- patch:
- - op: add
- path: /spec/ingressClassName
- value: traefik
+ # postRenderers:
+ # - kustomize:
+ # patchesJson6902:
+ # - target:
+ # kind: Ingress
+ # name: blackbox-exporter-prometheus-blackbox-exporter
+ # patch:
+ # - op: add
+ # path: /spec/ingressClassName
+ # value: traefik
diff --git a/cluster/apps/monitoring/healthchecks/helm-release.yaml b/cluster/apps/monitoring/healthchecks/helm-release.yaml
index d6cf6a09c..a63eed12d 100644
--- a/cluster/apps/monitoring/healthchecks/helm-release.yaml
+++ b/cluster/apps/monitoring/healthchecks/helm-release.yaml
@@ -54,9 +54,12 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "healthchecks.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml b/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml
index 40413c77b..ce2a5f25a 100644
--- a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml
+++ b/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml
@@ -32,10 +32,13 @@ spec:
ingress:
enabled: true
pathType: Prefix
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
config:
global:
@@ -194,9 +197,10 @@ spec:
ingress:
enabled: true
pathType: Prefix
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts: ["grafana.${SECRET_CLUSTER_DOMAIN}"]
kubeEtcd:
enabled: false
@@ -210,10 +214,13 @@ spec:
ingress:
enabled: true
pathType: Prefix
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
prometheusSpec:
replicas: 2
diff --git a/cluster/apps/monitoring/thanos/helm-release.yaml b/cluster/apps/monitoring/thanos/helm-release.yaml
index 011149d2d..db804a38d 100644
--- a/cluster/apps/monitoring/thanos/helm-release.yaml
+++ b/cluster/apps/monitoring/thanos/helm-release.yaml
@@ -29,8 +29,11 @@ spec:
enabled: true
hostname: "thanos.${SECRET_CLUSTER_DOMAIN}"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
+ nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
tls: false
queryFrontend:
enabled: false
@@ -58,13 +61,13 @@ spec:
secret_key: "${SECRET_MINIO_SECRET_KEY}"
insecure: false
- postRenderers:
- - kustomize:
- patchesJson6902:
- - target:
- kind: Ingress
- name: thanos-query
- patch:
- - op: add
- path: /spec/ingressClassName
- value: traefik
+ # postRenderers:
+ # - kustomize:
+ # patchesJson6902:
+ # - target:
+ # kind: Ingress
+ # name: thanos-query
+ # patch:
+ # - op: add
+ # path: /spec/ingressClassName
+ # value: traefik
diff --git a/cluster/apps/monitoring/uptime-kuma/statefulset.yaml b/cluster/apps/monitoring/uptime-kuma/statefulset.yaml
index a1d4101a1..d4efe7d34 100644
--- a/cluster/apps/monitoring/uptime-kuma/statefulset.yaml
+++ b/cluster/apps/monitoring/uptime-kuma/statefulset.yaml
@@ -68,14 +68,15 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
labels:
app.kubernetes.io/instance: uptime-kuma
app.kubernetes.io/name: uptime-kuma
name: uptime-kuma
namespace: monitoring
spec:
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
rules:
- host: "uptime-kuma.${SECRET_CLUSTER_DOMAIN}"
http:
diff --git a/cluster/apps/networking/authelia/helm-release.yaml b/cluster/apps/networking/authelia/helm-release.yaml
index 5c5a35fd7..8ed67711d 100644
--- a/cluster/apps/networking/authelia/helm-release.yaml
+++ b/cluster/apps/networking/authelia/helm-release.yaml
@@ -28,7 +28,8 @@ spec:
ingress:
enabled: true
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
subdomain: login
tls:
diff --git a/cluster/apps/networking/authentik/helm-release.yaml b/cluster/apps/networking/authentik/helm-release.yaml
index 0d79089d0..9dd779d6d 100644
--- a/cluster/apps/networking/authentik/helm-release.yaml
+++ b/cluster/apps/networking/authentik/helm-release.yaml
@@ -23,9 +23,10 @@ spec:
ingress:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "id.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/apps/networking/unifi/helm-release.yaml b/cluster/apps/networking/unifi/helm-release.yaml
index ba69fa57b..a0b18966a 100644
--- a/cluster/apps/networking/unifi/helm-release.yaml
+++ b/cluster/apps/networking/unifi/helm-release.yaml
@@ -38,10 +38,11 @@ spec:
ingress:
main:
enabled: true
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
- traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ # traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
hosts:
- host: "unifi.${SECRET_CLUSTER_DOMAIN}"
paths:
diff --git a/cluster/core/rook-ceph/dashboard/ingress.yaml b/cluster/core/rook-ceph/dashboard/ingress.yaml
index 196ab3061..ed5369f99 100644
--- a/cluster/core/rook-ceph/dashboard/ingress.yaml
+++ b/cluster/core/rook-ceph/dashboard/ingress.yaml
@@ -5,12 +5,13 @@ metadata:
name: rook-ceph-mgr-dashboard
namespace: rook-ceph
annotations:
- traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+ kubernetes.io/ingress.class: "nginx"
+ # traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
labels:
app.kubernetes.io/instance: rook-ceph-mgr-dashboard
app.kubernetes.io/name: rook-ceph-mgr-dashboard
spec:
- ingressClassName: "traefik"
+ # ingressClassName: "traefik"
rules:
- host: "rook.${SECRET_CLUSTER_DOMAIN}"
http: