shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: migrate ingresses to nginx

Browse Source
This commit is contained in:
auricom
2021-08-14 12:36:17 +02:00
parent 52141abd21
commit 248e40c05c
44 changed files with 328 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/apps/data/bookstack/helm-release.yaml
View File

@@ -59,9 +59,10 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: bookstack.${SECRET_CLUSTER_DOMAIN}
paths:

3
cluster/apps/data/freshrss/helm-release.yaml
View File

@@ -42,8 +42,9 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
kubernetes.io/ingress.class: "nginx"
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: freshrss.${SECRET_CLUSTER_DOMAIN}

14
cluster/apps/data/homer/helm-release.yaml
View File

@@ -40,10 +40,11 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "homer.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -70,10 +71,11 @@ spec:
- "/www/assets/.vscode"
ingress:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "homer-config.${SECRET_CLUSTER_DOMAIN}"
paths:

5
cluster/apps/data/joplin-server/helm-release.yaml
View File

@@ -41,9 +41,10 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "joplin.${SECRET_CLUSTER_DOMAIN}"
paths:

25
cluster/apps/data/pgadmin/helm-release.yaml
View File

@@ -28,8 +28,9 @@ spec:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
hosts:
- host: "pgadmin.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -39,13 +40,13 @@ spec:
- hosts:
- "pgadmin.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
postRenderers:
- kustomize:
patchesJson6902:
- target:
kind: Ingress
name: pgadmin-pgadmin4
patch:
- op: add
path: /spec/ingressClassName
value: traefik
# postRenderers:
# - kustomize:
# patchesJson6902:
# - target:
# kind: Ingress
# name: pgadmin-pgadmin4
# patch:
# - op: add
# path: /spec/ingressClassName
# value: traefik

7
cluster/apps/data/recipes/helm-release.yaml
View File

@@ -62,10 +62,11 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-small@kubernetescrd
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-small@kubernetescrd
hosts:
- host: "recipes.${SECRET_CLUSTER_DOMAIN}"
paths:

5
cluster/apps/data/resilio-sync/statefulset.yaml
View File

@@ -206,14 +206,15 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
labels:
app.kubernetes.io/instance: resilio-sync
app.kubernetes.io/name: resilio-sync
name: resilio-sync
namespace: data
spec:
ingressClassName: "traefik"
# ingressClassName: "traefik"
tls:
- hosts:
- "resilio-sync-claude.${SECRET_CLUSTER_DOMAIN}"

7
cluster/apps/data/sharry/helm-release.yaml
View File

@@ -114,10 +114,11 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
hosts:
- host: "sharry.${SECRET_CLUSTER_DOMAIN}"
paths:

5
cluster/apps/data/vaultwarden/helm-release.yaml
View File

@@ -52,9 +52,10 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "vaultwarden.${SECRET_CLUSTER_DOMAIN}"
paths:

5
cluster/apps/data/vikunja/helm-release.yaml
View File

@@ -42,9 +42,10 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "vikunja.${SECRET_CLUSTER_DOMAIN}"
paths:

5
cluster/apps/data/wallabag/helm-release.yaml
View File

@@ -63,9 +63,10 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "wallabag.${SECRET_CLUSTER_DOMAIN}"
paths:

28
cluster/apps/development/docker-registry/helm-release.yaml
View File

@@ -40,8 +40,12 @@ spec:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-large@kubernetescrd
hosts:
- "registry.${SECRET_CLUSTER_DOMAIN}"
tls:
@@ -49,13 +53,13 @@ spec:
- "registry.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
postRenderers:
- kustomize:
patchesJson6902:
- target:
kind: Ingress
name: docker-registry
patch:
- op: add
path: /spec/ingressClassName
value: traefik
# postRenderers:
# - kustomize:
# patchesJson6902:
# - target:
# kind: Ingress
# name: docker-registry
# patch:
# - op: add
# path: /spec/ingressClassName
# value: traefik

21
cluster/apps/development/drone/helm-release.yaml
View File

@@ -45,7 +45,8 @@ spec:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "drone.${SECRET_CLUSTER_DOMAIN}"
paths: ["/"]
@@ -53,13 +54,11 @@ spec:
- hosts:
- "wallabag.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
postRenderers:
- kustomize:
patchesJson6902:
- target:
kind: Ingress
name: drone
patch:
- op: add
path: /spec/ingressClassName
value: traefik
# postRenderers:
# - kustomize:
# patchesJson6902:
# name: drone
# patch:
# - op: add
# path: /spec/ingressClassName
# value: traefik

23
cluster/apps/development/gitea/helm-release.yaml
View File

@@ -88,7 +88,8 @@ spec:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "gitea.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -99,13 +100,13 @@ spec:
- "gitea.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
postRenderers:
- kustomize:
patchesJson6902:
- target:
kind: Ingress
name: gitea
patch:
- op: add
path: /spec/ingressClassName
value: traefik
# postRenderers:
# - kustomize:
# patchesJson6902:
# - target:
# kind: Ingress
# name: gitea
# patch:
# - op: add
# path: /spec/ingressClassName
# value: traefik

17
cluster/apps/home-automation/emqx/helm-release.yaml
View File

@@ -61,7 +61,8 @@ spec:
dashboard:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
path: /
hosts:
- emqx.${SECRET_CLUSTER_DOMAIN}
@@ -102,10 +103,10 @@ spec:
path: /spec/externalIPs
value:
- "${CLUSTER_LB_EMQX}"
- target:
kind: Ingress
name: emqx-dashboard
patch:
- op: add
path: /spec/ingressClassName
value: traefik
# - target:
# kind: Ingress
# name: emqx-dashboard
# patch:
# - op: add
# path: /spec/ingressClassName
# value: traefik

9
cluster/apps/home-automation/frigate/helm-release.yaml
View File

@@ -95,10 +95,13 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "frigate.${SECRET_CLUSTER_DOMAIN}"
paths:

14
cluster/apps/home-automation/home-assistant/helm-release.yaml
View File

@@ -47,9 +47,10 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "hass.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -101,10 +102,13 @@ spec:
- "/config/.vscode"
ingress:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "hass-config.${SECRET_CLUSTER_DOMAIN}"
paths:

9
cluster/apps/home-automation/zigbee2mqtt/helm-release.yaml
View File

@@ -73,10 +73,13 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "zigbee.${SECRET_CLUSTER_DOMAIN}"
paths:

9
cluster/apps/home-automation/zwavejs2mqtt/helm-release.yaml
View File

@@ -37,10 +37,13 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: zwave.${SECRET_CLUSTER_DOMAIN}
paths:

23
cluster/apps/kasten-io/k10/helm-release.yaml
View File

@@ -33,17 +33,18 @@ spec:
create: true
host: "k10.${SECRET_CLUSTER_DOMAIN}"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
urlPath: k10
hosts:
- "k10.${SECRET_CLUSTER_DOMAIN}"
postRenderers:
- kustomize:
patchesJson6902:
- target:
kind: Ingress
name: k10-ingress
patch:
- op: add
path: /spec/ingressClassName
value: traefik
# postRenderers:
# - kustomize:
# patchesJson6902:
# - target:
# kind: Ingress
# name: k10-ingress
# patch:
# - op: add
# path: /spec/ingressClassName
# value: traefik

13
cluster/apps/media/bazarr/helm-release.yaml
View File

@@ -48,10 +48,17 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://gilbn.github.io/theme.park/CSS/themes/bazarr/space-gray.css"></head>';
sub_filter_once on;
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "bazarr.${SECRET_CLUSTER_DOMAIN}"
paths:

13
cluster/apps/media/flood/helm-release.yaml
View File

@@ -48,10 +48,17 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://gilbn.github.io/theme.park/CSS/themes/flood/space-gray.css"></head>';
sub_filter_once on;
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: flood.${SECRET_CLUSTER_DOMAIN}
paths:

5
cluster/apps/media/jellyfin/helm-release.yaml
View File

@@ -48,9 +48,10 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "jellyfin.${SECRET_CLUSTER_DOMAIN}"
paths:

18
cluster/apps/media/lidarr/helm-release.yaml
View File

@@ -56,10 +56,17 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://gilbn.github.io/theme.park/CSS/themes/lidarr/space-gray.css"></head>';
sub_filter_once on;
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "lidarr.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -70,9 +77,10 @@ spec:
- "lidarr.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "lidarr.${SECRET_CLUSTER_DOMAIN}"
paths:

5
cluster/apps/media/lychee/helm-release.yaml
View File

@@ -51,8 +51,9 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "nginx"
# annotations:
# ingressClassName: "traefik"
annotations:
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "lychee.${SECRET_CLUSTER_DOMAIN}"

5
cluster/apps/media/navidrome/helm-release.yaml
View File

@@ -48,9 +48,10 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "navidrome.${SECRET_CLUSTER_DOMAIN}"
paths:

13
cluster/apps/media/prowlarr/helm-release.yaml
View File

@@ -39,10 +39,17 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://gilbn.github.io/theme.park/CSS/themes/prowlarr/space-gray.css"></head>';
sub_filter_once on;
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "prowlarr.${SECRET_CLUSTER_DOMAIN}"
paths:

7
cluster/apps/media/pyload/helm-release.yaml
View File

@@ -43,9 +43,12 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "pyload.${SECRET_CLUSTER_DOMAIN}"
paths:

9
cluster/apps/media/qbittorrent/helm-release.yaml
View File

@@ -63,9 +63,14 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://gilbn.github.io/theme.park/CSS/themes/qbittorrent/space-gray.css"></head>';
sub_filter_once on;
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "qbittorrent.${SECRET_CLUSTER_DOMAIN}"
paths:

18
cluster/apps/media/radarr/helm-release.yaml
View File

@@ -53,10 +53,17 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://gilbn.github.io/theme.park/CSS/themes/radarr/space-gray.css"></head>';
sub_filter_once on;
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "radarr.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -67,9 +74,10 @@ spec:
- "radarr.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "radarr.${SECRET_CLUSTER_DOMAIN}"
paths:

18
cluster/apps/media/readarr/helm-release.yaml
View File

@@ -48,10 +48,17 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://gilbn.github.io/theme.park/CSS/themes/readarr/space-gray.css"></head>';
sub_filter_once on;
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "readarr.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -62,9 +69,10 @@ spec:
- "readarr.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "readarr.${SECRET_CLUSTER_DOMAIN}"
paths:

18
cluster/apps/media/sabnzbd/helm-release.yaml
View File

@@ -46,10 +46,17 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://gilbn.github.io/theme.park/CSS/themes/sabnzbd/space-gray.css"></head>';
sub_filter_once on;
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -60,10 +67,11 @@ spec:
- "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
nameSuffix: "api"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "sabnzbd.${SECRET_CLUSTER_DOMAIN}"
paths:

18
cluster/apps/media/sonarr/helm-release.yaml
View File

@@ -51,10 +51,17 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<link rel="stylesheet" type="text/css" href="https://gilbn.github.io/theme.park/CSS/themes/sonarr/space-gray.css"></head>';
sub_filter_once on;
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
hosts:
- host: "sonarr.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -65,9 +72,10 @@ spec:
- "sonarr.${SECRET_CLUSTER_DOMAIN}"
api:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "sonarr.${SECRET_CLUSTER_DOMAIN}"
paths:

9
cluster/apps/media/tdarr/helm-release.yaml
View File

@@ -62,10 +62,13 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "tdarr.${SECRET_CLUSTER_DOMAIN}"
paths:

9
cluster/apps/media/travelstories/deployment.yaml
View File

@@ -75,15 +75,18 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd, networking-buffering-small@kubernetescrd
labels:
app.kubernetes.io/instance: travelstories
app.kubernetes.io/name: travelstories
name: travelstories
namespace: media
spec:
ingressClassName: "traefik"
# ingressClassName: "traefik"
rules:
- host: "travelstories.${SECRET_CLUSTER_DOMAIN}"
http:

27
cluster/apps/monitoring/blackbox-exporter/helm-release.yaml
View File

@@ -91,8 +91,11 @@ spec:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts:
- host: "blackbox.${SECRET_CLUSTER_DOMAIN}"
paths:
@@ -103,13 +106,13 @@ spec:
- "blackbox.${SECRET_CLUSTER_DOMAIN}"
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
postRenderers:
- kustomize:
patchesJson6902:
- target:
kind: Ingress
name: blackbox-exporter-prometheus-blackbox-exporter
patch:
- op: add
path: /spec/ingressClassName
value: traefik
# postRenderers:
# - kustomize:
# patchesJson6902:
# - target:
# kind: Ingress
# name: blackbox-exporter-prometheus-blackbox-exporter
# patch:
# - op: add
# path: /spec/ingressClassName
# value: traefik

7
cluster/apps/monitoring/healthchecks/helm-release.yaml
View File

@@ -54,9 +54,12 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "healthchecks.${SECRET_CLUSTER_DOMAIN}"
paths:

23
cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml
View File

@@ -32,10 +32,13 @@ spec:
ingress:
enabled: true
pathType: Prefix
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
config:
global:
@@ -194,9 +197,10 @@ spec:
ingress:
enabled: true
pathType: Prefix
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts: ["grafana.${SECRET_CLUSTER_DOMAIN}"]
kubeEtcd:
enabled: false
@@ -210,10 +214,13 @@ spec:
ingress:
enabled: true
pathType: Prefix
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
prometheusSpec:
replicas: 2

27
cluster/apps/monitoring/thanos/helm-release.yaml
View File

@@ -29,8 +29,11 @@ spec:
enabled: true
hostname: "thanos.${SECRET_CLUSTER_DOMAIN}"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local/api/verify"
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
tls: false
queryFrontend:
enabled: false
@@ -58,13 +61,13 @@ spec:
secret_key: "${SECRET_MINIO_SECRET_KEY}"
insecure: false
postRenderers:
- kustomize:
patchesJson6902:
- target:
kind: Ingress
name: thanos-query
patch:
- op: add
path: /spec/ingressClassName
value: traefik
# postRenderers:
# - kustomize:
# patchesJson6902:
# - target:
# kind: Ingress
# name: thanos-query
# patch:
# - op: add
# path: /spec/ingressClassName
# value: traefik

5
cluster/apps/monitoring/uptime-kuma/statefulset.yaml
View File

@@ -68,14 +68,15 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
labels:
app.kubernetes.io/instance: uptime-kuma
app.kubernetes.io/name: uptime-kuma
name: uptime-kuma
namespace: monitoring
spec:
ingressClassName: "traefik"
# ingressClassName: "traefik"
rules:
- host: "uptime-kuma.${SECRET_CLUSTER_DOMAIN}"
http:

3
cluster/apps/networking/authelia/helm-release.yaml
View File

@@ -28,7 +28,8 @@ spec:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
subdomain: login
tls:

5
cluster/apps/networking/authentik/helm-release.yaml
View File

@@ -23,9 +23,10 @@ spec:
ingress:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
hosts:
- host: "id.${SECRET_CLUSTER_DOMAIN}"
paths:

7
cluster/apps/networking/unifi/helm-release.yaml
View File

@@ -38,10 +38,11 @@ spec:
ingress:
main:
enabled: true
ingressClassName: "traefik"
# ingressClassName: "traefik"
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
# traefik.ingress.kubernetes.io/router.middlewares: networking-buffering-medium@kubernetescrd
hosts:
- host: "unifi.${SECRET_CLUSTER_DOMAIN}"
paths:

5
cluster/core/rook-ceph/dashboard/ingress.yaml
View File

@@ -5,12 +5,13 @@ metadata:
name: rook-ceph-mgr-dashboard
namespace: rook-ceph
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
kubernetes.io/ingress.class: "nginx"
# traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
labels:
app.kubernetes.io/instance: rook-ceph-mgr-dashboard
app.kubernetes.io/name: rook-ceph-mgr-dashboard
spec:
ingressClassName: "traefik"
# ingressClassName: "traefik"
rules:
- host: "rook.${SECRET_CLUSTER_DOMAIN}"
http: