From 2545b72b99794c8a4a0f4f0c8e617a60f45f6419 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sun, 16 Jun 2024 23:56:36 +0200 Subject: [PATCH] feat: change cluster url --- ansible/inventory/group_vars/all/all.sops.yml | 2 +- .../templates/scripts/scrutiny_collector.sh | 2 +- .../cert-manager/app/helmrelease.yaml | 8 +++----- .../cert-manager/webhook-ovh/helmrelease.yaml | 6 ++++-- .../apps/default/atuin/app/helmrelease.yaml | 2 +- .../authelia/app/config/configuration.yaml | 20 +++++++++---------- .../default/authelia/app/helmrelease.yaml | 2 +- .../default/babybuddy/app/helmrelease.yaml | 2 +- .../apps/default/bazarr/app/helmrelease.yaml | 4 ++-- .../apps/default/calibre/app/helmrelease.yaml | 4 ++-- .../default/emqx/app/emqx/helmrelease.yaml | 2 +- .../apps/default/flood/app/helmrelease.yaml | 4 ++-- .../default/freshrss/app/helmrelease.yaml | 6 +++--- .../apps/default/frigate/app/helmrelease.yaml | 4 ++-- .../default/ghostfolio/app/helmrelease.yaml | 2 +- .../default/hajimari/app/helmrelease.yaml | 2 +- .../home-assistant/app/helmrelease.yaml | 2 +- .../home-assistant/code/helmrelease.yaml | 2 +- .../apps/default/homebox/app/helmrelease.yaml | 2 +- .../default/homepage/app/config/services.yaml | 4 ++-- .../default/homepage/app/helmrelease.yaml | 2 +- .../default/invidious/app/externalsecret.yaml | 2 +- .../default/invidious/app/helmrelease.yaml | 4 ++-- .../default/jellyfin/app/helmrelease.yaml | 2 +- .../apps/default/joplin/app/helmrelease.yaml | 4 ++-- .../apps/default/komga/app/helmrelease.yaml | 2 +- .../apps/default/kresus/app/helmrelease.yaml | 4 ++-- .../default/libmedium/app/config/config.toml | 2 +- .../default/libmedium/app/helmrelease.yaml | 4 ++-- .../apps/default/lidarr/app/helmrelease.yaml | 4 ++-- .../default/linkding/app/helmrelease.yaml | 2 +- .../apps/default/lldap/app/helmrelease.yaml | 4 ++-- .../apps/default/lms/app/helmrelease.yaml | 2 +- .../apps/default/lychee/app/helmrelease.yaml | 4 ++-- .../default/mailrise/app/helmrelease.yaml | 2 +- .../default/navidrome/app/helmrelease.yaml | 4 ++-- .../apps/default/outline/app/helmrelease.yaml | 10 +++++----- .../default/paperless/app/helmrelease.yaml | 4 ++-- .../apps/default/pgadmin/app/helmrelease.yaml | 2 +- .../default/photoprism/app/helmrelease.yaml | 6 +++--- .../default/prowlarr/app/helmrelease.yaml | 4 ++-- .../default/qbittorrent/app/helmrelease.yaml | 2 +- .../apps/default/radarr/app/helmrelease.yaml | 6 +++--- .../apps/default/redlib/app/helmrelease.yaml | 4 ++-- .../apps/default/sabnzbd/app/helmrelease.yaml | 6 +++--- .../default/sharry/app/config/sharry.conf | 2 +- .../apps/default/sharry/app/helmrelease.yaml | 2 +- .../apps/default/sonarr/app/helmrelease.yaml | 6 +++--- .../apps/default/tandoor/app/helmrelease.yaml | 2 +- .../apps/default/tdarr/app/helmrelease.yaml | 4 ++-- .../apps/default/unifi/app/helmrelease.yaml | 2 +- .../default/vaultwarden/app/helmrelease.yaml | 4 ++-- .../apps/default/vikunja/app/helmrelease.yaml | 2 +- .../default/wallabag/app/helmrelease.yaml | 4 ++-- .../apps/default/whoogle/app/helmrelease.yaml | 12 +++++------ .../default/zigbee2mqtt/app/helmrelease.yaml | 6 +++--- .../default/zwave-js-ui/app/helmrelease.yaml | 4 ++-- .../addons/webhooks/github/ingress.yaml | 4 ++-- .../capacitor/app/helmrelease.yaml | 3 +-- .../kube-system/cilium/app/helmrelease.yaml | 4 ++-- .../stores/onepassword/helmrelease.yaml | 2 +- .../monitoring/gatus/app/config/config.yaml | 2 +- .../monitoring/gatus/app/helmrelease.yaml | 4 ++-- .../monitoring/grafana/app/helmrelease.yaml | 12 +++++------ .../app/helmrelease.yaml | 12 +++++------ .../monitoring/scrutiny/app/helmrelease.yaml | 2 +- .../monitoring/thanos/app/helmrelease.yaml | 4 ++-- .../external-dns/app/helmrelease.yaml | 4 +++- .../ingress-nginx/app/helmrelease.yaml | 2 +- .../certificates/certificates.yaml | 10 +++++----- .../apps/networking/k8s-gateway/app/Corefile | 7 +------ .../landing-page/app-staging/helmrelease.yaml | 2 +- .../ngnode/landing-page/app/helmrelease.yaml | 2 +- .../rook-ceph/cluster/helmrelease.yaml | 4 ++-- kubernetes/flux/config/cluster.yaml | 2 +- .../flux/vars/cluster-secrets.sops.yaml | 7 +++---- .../templates/gatus/external/configmap.yaml | 2 +- .../templates/gatus/guarded/configmap.yaml | 2 +- 78 files changed, 156 insertions(+), 161 deletions(-) diff --git a/ansible/inventory/group_vars/all/all.sops.yml b/ansible/inventory/group_vars/all/all.sops.yml index f18dc0304..d69cf0f78 100644 --- a/ansible/inventory/group_vars/all/all.sops.yml +++ b/ansible/inventory/group_vars/all/all.sops.yml @@ -1,5 +1,5 @@ kind: Secret -secret_cluster_domain: ENC[AES256_GCM,data:V+KhvpQZ0bxjMDNZq4vYXg==,iv:WP0hlWvDEL0fu1aFR0UQW31nQKWxkkfgoXbfdV4WZ9w=,tag:e3Ky3kenlL71zyQBOXclsQ==,type:str] +SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:V+KhvpQZ0bxjMDNZq4vYXg==,iv:WP0hlWvDEL0fu1aFR0UQW31nQKWxkkfgoXbfdV4WZ9w=,tag:e3Ky3kenlL71zyQBOXclsQ==,type:str] secret_domain: ENC[AES256_GCM,data:SjdnR9pDjveodvo=,iv:GKvdD7c3bmaQN+CAYoKwAy78em9vYljGyl6VfGmJk9E=,tag:hz92J7d1NokEeyB6vxr3Uw==,type:str] public_ssh_keys: - ENC[AES256_GCM,data:/J9ejzvJHV5wdz9Dj0jUmAaVtIkgVpEoIRJocNGhszY2bmu5mruwWSz6E+XkcAGE0zQMo/9N8imIZoXfq0UQSyfCCitrA09x1z0Hf0s3iSA=,iv:jzA3bIQw+pL4tjNASNMwMcdHW+vSxgVo4Czo/ja0AO8=,tag:iTEDjARfH96oXATQu8VR8Q==,type:str] diff --git a/ansible/roles/truenas/templates/scripts/scrutiny_collector.sh b/ansible/roles/truenas/templates/scripts/scrutiny_collector.sh index 9edc0a054..9b4185c84 100644 --- a/ansible/roles/truenas/templates/scripts/scrutiny_collector.sh +++ b/ansible/roles/truenas/templates/scripts/scrutiny_collector.sh @@ -7,4 +7,4 @@ BIN_PATH="{{ scrutiny_dir }}/{{ scrutiny_bin }}" HOSTNAME=$(hostname) -$BIN_PATH run --host-id=${HOSTNAME} --api-endpoint=https://scrutiny.{{ secret_cluster_domain }} +$BIN_PATH run --host-id=${HOSTNAME} --api-endpoint=https://scrutiny.{{ SECRET_EXTERNAL_DOMAIN }} diff --git a/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml index a5d70b9f8..fab9108f1 100644 --- a/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml @@ -32,11 +32,9 @@ spec: installCRDs: true webhook: enabled: true - extraArgs: - - --dns01-recursive-nameservers=ns15.ovh.net:53,dns15.ovh.net:53 - - --dns01-recursive-nameservers-only - cainjector: - replicaCount: 1 + enableCertificateOwnerRef: true + dns01RecursiveNameservers: 8.8.8.8:53,1.1.1.1:53 + dns01RecursiveNameserversOnly: true prometheus: enabled: true servicemonitor: diff --git a/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/helmrelease.yaml b/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/helmrelease.yaml index 4439712b0..a9a63d936 100644 --- a/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/helmrelease.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/webhook-ovh/helmrelease.yaml @@ -27,6 +27,8 @@ spec: uninstall: keepHistory: false values: + podAnnotations: + reloader.stakater.com/auto: "true" groupName: "${SECRET_DOMAIN}" certManager: namespace: cert-manager @@ -36,7 +38,7 @@ spec: create: true kind: ClusterIssuer acmeServerUrl: https://acme-staging-v02.api.letsencrypt.org/directory - email: "${SECRET_CLUSTER_DOMAIN_EMAIL}" + email: "${SECRET_EXTERNAL_DOMAIN_EMAIL}" ovhEndpointName: ovh-eu ovhAuthenticationRef: applicationKeyRef: @@ -52,7 +54,7 @@ spec: create: true kind: ClusterIssuer acmeServerUrl: https://acme-v02.api.letsencrypt.org/directory - email: "${SECRET_CLUSTER_DOMAIN_EMAIL}" + email: "${SECRET_EXTERNAL_DOMAIN_EMAIL}" ovhEndpointName: ovh-eu ovhAuthenticationRef: applicationKeyRef: diff --git a/kubernetes/apps/default/atuin/app/helmrelease.yaml b/kubernetes/apps/default/atuin/app/helmrelease.yaml index ee6c86e55..c8be665c1 100644 --- a/kubernetes/apps/default/atuin/app/helmrelease.yaml +++ b/kubernetes/apps/default/atuin/app/helmrelease.yaml @@ -108,7 +108,7 @@ spec: annotations: hajimari.io/icon: mdi:powershell hosts: - - host: &host "sh.${SECRET_CLUSTER_DOMAIN}" + - host: &host "sh.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/authelia/app/config/configuration.yaml b/kubernetes/apps/default/authelia/app/config/configuration.yaml index caf09264b..f91d44990 100644 --- a/kubernetes/apps/default/authelia/app/config/configuration.yaml +++ b/kubernetes/apps/default/authelia/app/config/configuration.yaml @@ -29,9 +29,9 @@ session: remember_me: 1M cookies: - name: authelia_session - domain: ${SECRET_CLUSTER_DOMAIN} - authelia_url: https://auth.${SECRET_CLUSTER_DOMAIN} - default_redirection_url: https://${SECRET_CLUSTER_DOMAIN} + domain: ${SECRET_EXTERNAL_DOMAIN} + authelia_url: https://auth.${SECRET_EXTERNAL_DOMAIN} + default_redirection_url: https://${SECRET_EXTERNAL_DOMAIN} redis: host: dragonfly.database.svc.cluster.local. port: 6379 @@ -58,17 +58,17 @@ access_control: rules: # bypass Authelia WAN + LAN - domain: - - auth.${SECRET_CLUSTER_DOMAIN} + - auth.${SECRET_EXTERNAL_DOMAIN} policy: bypass # One factor auth for LAN - domain: - - "*.${SECRET_CLUSTER_DOMAIN}" + - "*.${SECRET_EXTERNAL_DOMAIN}" policy: one_factor subject: [group:admins, group:users] networks: - private # Deny public resources - - domain: ["navidrome.${SECRET_CLUSTER_DOMAIN}"] + - domain: ["navidrome.${SECRET_EXTERNAL_DOMAIN}"] resources: [^/metrics.*$] policy: deny @@ -83,7 +83,7 @@ identity_providers: client_secret: "$${FRESHRSS_OAUTH_DIGEST}" public: false authorization_policy: two_factor - redirect_uris: ["https://freshrss.${SECRET_CLUSTER_DOMAIN}:443/i/oidc/"] + redirect_uris: ["https://freshrss.${SECRET_EXTERNAL_DOMAIN}:443/i/oidc/"] scopes: [openid, profile, groups, email] userinfo_signed_response_alg: none token_endpoint_auth_method: client_secret_basic @@ -94,7 +94,7 @@ identity_providers: authorization_policy: two_factor pre_configured_consent_duration: 1y scopes: [openid, profile, groups, email] - redirect_uris: ["https://grafana.${SECRET_CLUSTER_DOMAIN}/login/generic_oauth"] + redirect_uris: ["https://grafana.${SECRET_EXTERNAL_DOMAIN}/login/generic_oauth"] userinfo_signed_response_alg: none - client_id: outline client_name: Outline @@ -104,7 +104,7 @@ identity_providers: pre_configured_consent_duration: 1y scopes: [openid, profile, email, offline_access] response_types: code - redirect_uris: ["https://docs.${SECRET_CLUSTER_DOMAIN}/auth/oidc.callback"] + redirect_uris: ["https://docs.${SECRET_EXTERNAL_DOMAIN}/auth/oidc.callback"] userinfo_signed_response_alg: none token_endpoint_auth_method: client_secret_basic - client_name: jellyfin @@ -116,6 +116,6 @@ identity_providers: pkce_challenge_method: S256 pre_configured_consent_duration: 1y scopes: [openid, profile, groups] - redirect_uris: [ "https://jellyfin.${SECRET_CLUSTER_DOMAIN}/sso/OID/redirect/authelia"] + redirect_uris: [ "https://jellyfin.${SECRET_EXTERNAL_DOMAIN}/sso/OID/redirect/authelia"] userinfo_signed_response_alg: none token_endpoint_auth_method: client_secret_post diff --git a/kubernetes/apps/default/authelia/app/helmrelease.yaml b/kubernetes/apps/default/authelia/app/helmrelease.yaml index b58b35540..1f90db5b4 100644 --- a/kubernetes/apps/default/authelia/app/helmrelease.yaml +++ b/kubernetes/apps/default/authelia/app/helmrelease.yaml @@ -131,7 +131,7 @@ spec: gethomepage.dev/name: Authelia gethomepage.dev/icon: authelia.png hosts: - - host: &host auth.${SECRET_CLUSTER_DOMAIN} + - host: &host auth.${SECRET_EXTERNAL_DOMAIN} paths: - path: / service: diff --git a/kubernetes/apps/default/babybuddy/app/helmrelease.yaml b/kubernetes/apps/default/babybuddy/app/helmrelease.yaml index e4e716d7c..30e156936 100644 --- a/kubernetes/apps/default/babybuddy/app/helmrelease.yaml +++ b/kubernetes/apps/default/babybuddy/app/helmrelease.yaml @@ -105,7 +105,7 @@ spec: gethomepage.dev/name: Babybuddy gethomepage.dev/icon: babybuddy.png hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/kubernetes/apps/default/bazarr/app/helmrelease.yaml b/kubernetes/apps/default/bazarr/app/helmrelease.yaml index ad9f0faea..63a2478c2 100644 --- a/kubernetes/apps/default/bazarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/bazarr/app/helmrelease.yaml @@ -88,7 +88,7 @@ spec: annotations: # nginx.ingress.kubernetes.io/auth-method: GET # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:subtitles-outline @@ -98,7 +98,7 @@ spec: gethomepage.dev/icon: bazarr.png hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/calibre/app/helmrelease.yaml b/kubernetes/apps/default/calibre/app/helmrelease.yaml index 1f689ebbd..95307b095 100644 --- a/kubernetes/apps/default/calibre/app/helmrelease.yaml +++ b/kubernetes/apps/default/calibre/app/helmrelease.yaml @@ -58,7 +58,7 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:bookshelf @@ -67,7 +67,7 @@ spec: gethomepage.dev/name: Calibre gethomepage.dev/icon: calibre.png hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/emqx/app/emqx/helmrelease.yaml b/kubernetes/apps/default/emqx/app/emqx/helmrelease.yaml index 2fad0f513..0fc00ea13 100644 --- a/kubernetes/apps/default/emqx/app/emqx/helmrelease.yaml +++ b/kubernetes/apps/default/emqx/app/emqx/helmrelease.yaml @@ -53,7 +53,7 @@ spec: path: / pathType: Prefix hosts: - - &host "emqx.${SECRET_CLUSTER_DOMAIN}" + - &host "emqx.${SECRET_EXTERNAL_DOMAIN}" tls: - hosts: - *host diff --git a/kubernetes/apps/default/flood/app/helmrelease.yaml b/kubernetes/apps/default/flood/app/helmrelease.yaml index 74d1eb858..77efe0fa4 100644 --- a/kubernetes/apps/default/flood/app/helmrelease.yaml +++ b/kubernetes/apps/default/flood/app/helmrelease.yaml @@ -69,7 +69,7 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:download @@ -78,7 +78,7 @@ spec: gethomepage.dev/name: qBittorrent gethomepage.dev/icon: qbittorrent.png hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/freshrss/app/helmrelease.yaml b/kubernetes/apps/default/freshrss/app/helmrelease.yaml index c47baf69f..c57247a4e 100644 --- a/kubernetes/apps/default/freshrss/app/helmrelease.yaml +++ b/kubernetes/apps/default/freshrss/app/helmrelease.yaml @@ -48,9 +48,9 @@ spec: env: TZ: ${TIMEZONE} CRON_MIN: 18,48 - DOMAIN: "https://freshrss.${SECRET_CLUSTER_DOMAIN}/" + DOMAIN: "https://freshrss.${SECRET_EXTERNAL_DOMAIN}/" OIDC_ENABLED: 1 - OIDC_PROVIDER_METADATA_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration + OIDC_PROVIDER_METADATA_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/.well-known/openid-configuration OIDC_CLIENT_ID: freshrss OIDC_REMOTE_USER_CLAIM: preferred_username OIDC_SCOPES: openid groups email profile @@ -73,7 +73,7 @@ spec: annotations: hajimari.io/icon: mdi:rss hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/frigate/app/helmrelease.yaml b/kubernetes/apps/default/frigate/app/helmrelease.yaml index 844ee5f7f..35252f7cb 100644 --- a/kubernetes/apps/default/frigate/app/helmrelease.yaml +++ b/kubernetes/apps/default/frigate/app/helmrelease.yaml @@ -98,13 +98,13 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:cctv className: nginx hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/ghostfolio/app/helmrelease.yaml b/kubernetes/apps/default/ghostfolio/app/helmrelease.yaml index 40adf11b4..372b1b899 100644 --- a/kubernetes/apps/default/ghostfolio/app/helmrelease.yaml +++ b/kubernetes/apps/default/ghostfolio/app/helmrelease.yaml @@ -68,7 +68,7 @@ spec: annotations: hajimari.io/icon: mdi:cash-multiple hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/hajimari/app/helmrelease.yaml b/kubernetes/apps/default/hajimari/app/helmrelease.yaml index 11414bb8e..1c3c8cabd 100644 --- a/kubernetes/apps/default/hajimari/app/helmrelease.yaml +++ b/kubernetes/apps/default/hajimari/app/helmrelease.yaml @@ -92,7 +92,7 @@ spec: hajimari.io/icon: "weather-sunset" hajimari.io/instance: "admin" hosts: - - host: &host apps.${SECRET_CLUSTER_DOMAIN} + - host: &host apps.${SECRET_EXTERNAL_DOMAIN} paths: - path: / pathType: Prefix diff --git a/kubernetes/apps/default/home-assistant/app/helmrelease.yaml b/kubernetes/apps/default/home-assistant/app/helmrelease.yaml index 3cde4b8b3..6283bf727 100644 --- a/kubernetes/apps/default/home-assistant/app/helmrelease.yaml +++ b/kubernetes/apps/default/home-assistant/app/helmrelease.yaml @@ -89,7 +89,7 @@ spec: annotations: hajimari.io/icon: mdi:home-assistant hosts: - - host: &host "hass.${SECRET_CLUSTER_DOMAIN}" + - host: &host "hass.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/home-assistant/code/helmrelease.yaml b/kubernetes/apps/default/home-assistant/code/helmrelease.yaml index 7f9dcb972..b6131f8a4 100644 --- a/kubernetes/apps/default/home-assistant/code/helmrelease.yaml +++ b/kubernetes/apps/default/home-assistant/code/helmrelease.yaml @@ -78,7 +78,7 @@ spec: enabled: true className: nginx hosts: - - host: &host hass-code.${SECRET_CLUSTER_DOMAIN} + - host: &host hass-code.${SECRET_EXTERNAL_DOMAIN} paths: - path: / service: diff --git a/kubernetes/apps/default/homebox/app/helmrelease.yaml b/kubernetes/apps/default/homebox/app/helmrelease.yaml index ecb59af83..812a3c12a 100644 --- a/kubernetes/apps/default/homebox/app/helmrelease.yaml +++ b/kubernetes/apps/default/homebox/app/helmrelease.yaml @@ -63,7 +63,7 @@ spec: hajimari.io/icon: devices hajimari.io/targetBlank: "true" hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/homepage/app/config/services.yaml b/kubernetes/apps/default/homepage/app/config/services.yaml index c6467cfb9..104b53d41 100644 --- a/kubernetes/apps/default/homepage/app/config/services.yaml +++ b/kubernetes/apps/default/homepage/app/config/services.yaml @@ -1,7 +1,7 @@ --- - Home: - HomeAssistant: - href: https://hass.${SECRET_CLUSTER_DOMAIN} + href: https://hass.${SECRET_EXTERNAL_DOMAIN} icon: home-assistant.png description: Home Assistant widget: @@ -11,7 +11,7 @@ - Media: - Jellyfin: icon: jellyfin.png - href: https://jellyfin.${SECRET_CLUSTER_DOMAIN} + href: https://jellyfin.${SECRET_EXTERNAL_DOMAIN} description: Media Server widget: type: jellyfin diff --git a/kubernetes/apps/default/homepage/app/helmrelease.yaml b/kubernetes/apps/default/homepage/app/helmrelease.yaml index 63ba56abe..e5e3ab92e 100644 --- a/kubernetes/apps/default/homepage/app/helmrelease.yaml +++ b/kubernetes/apps/default/homepage/app/helmrelease.yaml @@ -69,7 +69,7 @@ spec: enabled: true className: nginx hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/invidious/app/externalsecret.yaml b/kubernetes/apps/default/invidious/app/externalsecret.yaml index 8a55c779b..e36bd3d33 100644 --- a/kubernetes/apps/default/invidious/app/externalsecret.yaml +++ b/kubernetes/apps/default/invidious/app/externalsecret.yaml @@ -19,7 +19,7 @@ spec: database_url: postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres16-rw.database.svc.cluster.local.:5432/invidious check_tables: true port: 3000 - domain: invidious.${SECRET_CLUSTER_DOMAIN} + domain: invidious.${SECRET_EXTERNAL_DOMAIN} https_only: false hmac_key: {{ .HMAC_KEY }} # Postgres Init diff --git a/kubernetes/apps/default/invidious/app/helmrelease.yaml b/kubernetes/apps/default/invidious/app/helmrelease.yaml index 5bc953e74..5d59458b1 100644 --- a/kubernetes/apps/default/invidious/app/helmrelease.yaml +++ b/kubernetes/apps/default/invidious/app/helmrelease.yaml @@ -64,7 +64,7 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; external-dns.alpha.kubernetes.io/enabled: "true" @@ -72,7 +72,7 @@ spec: hajimari.io/icon: mdi:youtube hajimari.io/name: invidious hosts: - - host: &host "invidious.${SECRET_CLUSTER_DOMAIN}" + - host: &host "invidious.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/jellyfin/app/helmrelease.yaml b/kubernetes/apps/default/jellyfin/app/helmrelease.yaml index 2387cf0fa..6510c764a 100644 --- a/kubernetes/apps/default/jellyfin/app/helmrelease.yaml +++ b/kubernetes/apps/default/jellyfin/app/helmrelease.yaml @@ -114,7 +114,7 @@ spec: external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: simple-icons:jellyfin hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/joplin/app/helmrelease.yaml b/kubernetes/apps/default/joplin/app/helmrelease.yaml index fd77d5aaf..c82ddf0b6 100644 --- a/kubernetes/apps/default/joplin/app/helmrelease.yaml +++ b/kubernetes/apps/default/joplin/app/helmrelease.yaml @@ -47,7 +47,7 @@ spec: repository: joplin/server tag: 2.14.2-beta@sha256:b87564ef34e9ed0513e9b925b617cb8a1371eddfc8476f1fbd3fa85341d51508 env: - APP_BASE_URL: https://joplin.${SECRET_CLUSTER_DOMAIN} + APP_BASE_URL: https://joplin.${SECRET_EXTERNAL_DOMAIN} APP_PORT: &port 8080 DB_CLIENT: pg MAILER_ENABLED: 1 @@ -76,7 +76,7 @@ spec: external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:text hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/komga/app/helmrelease.yaml b/kubernetes/apps/default/komga/app/helmrelease.yaml index 8d71cf8c2..4f8fa333d 100644 --- a/kubernetes/apps/default/komga/app/helmrelease.yaml +++ b/kubernetes/apps/default/komga/app/helmrelease.yaml @@ -57,7 +57,7 @@ spec: hajimari.io/icon: mdi:ideogram-cjk-variant className: nginx hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/kresus/app/helmrelease.yaml b/kubernetes/apps/default/kresus/app/helmrelease.yaml index d80ad409c..72875ec80 100644 --- a/kubernetes/apps/default/kresus/app/helmrelease.yaml +++ b/kubernetes/apps/default/kresus/app/helmrelease.yaml @@ -83,12 +83,12 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:cash hosts: - - host: &host "cash.${SECRET_CLUSTER_DOMAIN}" + - host: &host "cash.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/libmedium/app/config/config.toml b/kubernetes/apps/default/libmedium/app/config/config.toml index 1c796ae2d..bd3dfc83f 100644 --- a/kubernetes/apps/default/libmedium/app/config/config.toml +++ b/kubernetes/apps/default/libmedium/app/config/config.toml @@ -9,7 +9,7 @@ port = 7000 #IP address. Enter 0.0.0.0 to listen on all availale addresses ip= "0.0.0.0" # enter your hostname, eg: example.com -domain = "${SECRET_CLUSTER_DOMAIN}" +domain = "${SECRET_EXTERNAL_DOMAIN}" allow_registration = false proxy_has_tls = false #workers = 2 diff --git a/kubernetes/apps/default/libmedium/app/helmrelease.yaml b/kubernetes/apps/default/libmedium/app/helmrelease.yaml index ca32e1c5e..ad6bc48ec 100644 --- a/kubernetes/apps/default/libmedium/app/helmrelease.yaml +++ b/kubernetes/apps/default/libmedium/app/helmrelease.yaml @@ -55,14 +55,14 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; external-dns.alpha.kubernetes.io/enabled: "true" external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:file-document-arrow-right-outline hosts: - - host: &host "libmedium.${SECRET_CLUSTER_DOMAIN}" + - host: &host "libmedium.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/lidarr/app/helmrelease.yaml b/kubernetes/apps/default/lidarr/app/helmrelease.yaml index 84ff1c33a..bee795e14 100644 --- a/kubernetes/apps/default/lidarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/lidarr/app/helmrelease.yaml @@ -58,7 +58,7 @@ spec: LIDARR__INSTANCE_NAME: Lidarr LIDARR__PORT: &port 8080 LIDARR__LOG_LEVEL: info - PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" PUSHOVER_PRIORITY: "0" envFrom: - secretRef: @@ -82,7 +82,7 @@ spec: annotations: # nginx.ingress.kubernetes.io/auth-method: GET # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:headphones diff --git a/kubernetes/apps/default/linkding/app/helmrelease.yaml b/kubernetes/apps/default/linkding/app/helmrelease.yaml index 311623e12..8a8e7f923 100644 --- a/kubernetes/apps/default/linkding/app/helmrelease.yaml +++ b/kubernetes/apps/default/linkding/app/helmrelease.yaml @@ -79,7 +79,7 @@ spec: annotations: hajimari.io/icon: link hosts: - - host: &host "links.${SECRET_CLUSTER_DOMAIN}" + - host: &host "links.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/lldap/app/helmrelease.yaml b/kubernetes/apps/default/lldap/app/helmrelease.yaml index f4bda47c1..ed3577756 100644 --- a/kubernetes/apps/default/lldap/app/helmrelease.yaml +++ b/kubernetes/apps/default/lldap/app/helmrelease.yaml @@ -59,7 +59,7 @@ spec: env: TZ: ${TIMEZONE} LLDAP_HTTP_PORT: &port 8080 - LLDAP_HTTP_URL: https://lldap.${SECRET_CLUSTER_DOMAIN} + LLDAP_HTTP_URL: https://lldap.${SECRET_EXTERNAL_DOMAIN} LLDAP_LDAP_PORT: &ldapPort 5389 LLDAP_LDAP_BASE_DN: dc=home,dc=arpa envFrom: *envFrom @@ -85,7 +85,7 @@ spec: hajimari.io/icon: mdi:account-multiple className: nginx hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/lms/app/helmrelease.yaml b/kubernetes/apps/default/lms/app/helmrelease.yaml index 52bba4236..ef80523d9 100644 --- a/kubernetes/apps/default/lms/app/helmrelease.yaml +++ b/kubernetes/apps/default/lms/app/helmrelease.yaml @@ -73,7 +73,7 @@ spec: annotations: hajimari.io/icon: mdi:file-music hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/lychee/app/helmrelease.yaml b/kubernetes/apps/default/lychee/app/helmrelease.yaml index f9fadf15b..13e4bf88f 100644 --- a/kubernetes/apps/default/lychee/app/helmrelease.yaml +++ b/kubernetes/apps/default/lychee/app/helmrelease.yaml @@ -48,7 +48,7 @@ spec: env: TIMEZONE: ${TIMEZONE} APP_NAME: Lychee - APP_URL: https://lychee.${SECRET_CLUSTER_DOMAIN} + APP_URL: https://lychee.${SECRET_EXTERNAL_DOMAIN} DB_CONNECTION: pgsql PHP_TZ: ${TIMEZONE} REDIS_HOST: dragonfly.database.svc.cluster.local. @@ -74,7 +74,7 @@ spec: external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:camera hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/mailrise/app/helmrelease.yaml b/kubernetes/apps/default/mailrise/app/helmrelease.yaml index 25bb86ea1..0b0f0aad6 100644 --- a/kubernetes/apps/default/mailrise/app/helmrelease.yaml +++ b/kubernetes/apps/default/mailrise/app/helmrelease.yaml @@ -74,7 +74,7 @@ spec: annotations: hajimari.io/enable: "false" hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/navidrome/app/helmrelease.yaml b/kubernetes/apps/default/navidrome/app/helmrelease.yaml index 08cb379ad..ca02aa93e 100644 --- a/kubernetes/apps/default/navidrome/app/helmrelease.yaml +++ b/kubernetes/apps/default/navidrome/app/helmrelease.yaml @@ -71,14 +71,14 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; external-dns.alpha.kubernetes.io/enabled: "true" external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:music hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/outline/app/helmrelease.yaml b/kubernetes/apps/default/outline/app/helmrelease.yaml index e89c43472..b2d1a6c9c 100644 --- a/kubernetes/apps/default/outline/app/helmrelease.yaml +++ b/kubernetes/apps/default/outline/app/helmrelease.yaml @@ -56,12 +56,12 @@ spec: AWS_S3_UPLOAD_BUCKET_URL: "https://s3.${SECRET_INTERNAL_DOMAIN}" ENABLE_UPDATES: "false" FILE_STORAGE_UPLOAD_MAX_SIZE: "26214400" - OIDC_AUTH_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization" + OIDC_AUTH_URI: "https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/authorization" OIDC_CLIENT_ID: outline OIDC_DISPLAY_NAME: Authelia OIDC_SCOPES: openid profile email offline_access - OIDC_TOKEN_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token" - OIDC_USERINFO_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo" + OIDC_TOKEN_URI: "https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/token" + OIDC_USERINFO_URI: "https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/userinfo" OIDC_USERNAME_CLAIM: email PORT: 8080 REDIS_URL: redis://dragonfly.database.svc.cluster.local.:6379 @@ -69,7 +69,7 @@ spec: SMTP_PORT: 2525 SMTP_FROM_EMAIL: "outline@${SECRET_DOMAIN}" SMTP_SECURE: "false" - URL: "https://docs.${SECRET_CLUSTER_DOMAIN}" + URL: "https://docs.${SECRET_EXTERNAL_DOMAIN}" WEB_CONCURRENCY: 10 command: [ @@ -96,7 +96,7 @@ spec: annotations: hajimari.io/icon: mdi:text-box-multiple hosts: - - host: &host "docs.${SECRET_CLUSTER_DOMAIN}" + - host: &host "docs.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/paperless/app/helmrelease.yaml b/kubernetes/apps/default/paperless/app/helmrelease.yaml index 00c42ae3e..3cd1b3315 100644 --- a/kubernetes/apps/default/paperless/app/helmrelease.yaml +++ b/kubernetes/apps/default/paperless/app/helmrelease.yaml @@ -60,7 +60,7 @@ spec: PAPERLESS_REDIS: redis://dragonfly.database.svc.cluster.local.:6379 PAPERLESS_TASK_WORKERS: 2 PAPERLESS_TIME_ZONE: Europe/Paris - PAPERLESS_URL: https://paperless.${SECRET_CLUSTER_DOMAIN} + PAPERLESS_URL: https://paperless.${SECRET_EXTERNAL_DOMAIN} envFrom: *envFrom resources: requests: @@ -81,7 +81,7 @@ spec: annotations: hajimari.io/icon: mdi:barcode-scan hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/pgadmin/app/helmrelease.yaml b/kubernetes/apps/default/pgadmin/app/helmrelease.yaml index a3b359f09..3266ea99b 100644 --- a/kubernetes/apps/default/pgadmin/app/helmrelease.yaml +++ b/kubernetes/apps/default/pgadmin/app/helmrelease.yaml @@ -67,7 +67,7 @@ spec: annotations: hajimari.io/icon: mdi:database hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/photoprism/app/helmrelease.yaml b/kubernetes/apps/default/photoprism/app/helmrelease.yaml index aaadd8028..342ecb825 100644 --- a/kubernetes/apps/default/photoprism/app/helmrelease.yaml +++ b/kubernetes/apps/default/photoprism/app/helmrelease.yaml @@ -43,7 +43,7 @@ spec: PHOTOPRISM_ORIGINALS_PATH: &originals /var/mnt/vol1/photo/Gallery PHOTOPRISM_DEBUG: "false" PHOTOPRISM_PUBLIC: "true" - PHOTOPRISM_SITE_URL: "https://photos.${SECRET_CLUSTER_DOMAIN}/" + PHOTOPRISM_SITE_URL: "https://photos.${SECRET_EXTERNAL_DOMAIN}/" PHOTOPRISM_ORIGINALS_LIMIT: 4000 # in MB (default 1000) envFrom: - secretRef: @@ -67,13 +67,13 @@ spec: external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; nginx.ingress.kubernetes.io/proxy-body-size: 4G hajimari.io/icon: arcticons:photoprism hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml index f9bfd6ca4..232086666 100644 --- a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml @@ -72,12 +72,12 @@ spec: annotations: # nginx.ingress.kubernetes.io/auth-method: GET # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:movie-search hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml b/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml index 2733b41de..2e67b05c2 100644 --- a/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml +++ b/kubernetes/apps/default/qbittorrent/app/helmrelease.yaml @@ -76,7 +76,7 @@ spec: annotations: hajimari.io/icon: mdi:download hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/radarr/app/helmrelease.yaml b/kubernetes/apps/default/radarr/app/helmrelease.yaml index bd23ad8f4..3f34a8c27 100644 --- a/kubernetes/apps/default/radarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml @@ -54,12 +54,12 @@ spec: tag: 5.6.0.8846@sha256:99c264af3f2d177e6674a9b304b64a35261202de30e54b35d5758d40edd94366 env: TZ: "${TIMEZONE}" - PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" PUSHOVER_DEBUG: "false" PUSHOVER_PRIORITY: "0" RADARR__INSTANCE_NAME: Radarr RADARR__PORT: &port 8080 - RADARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + RADARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" RADARR__LOG_LEVEL: info RADARR__THEME: dark envFrom: *envFrom @@ -82,7 +82,7 @@ spec: annotations: # nginx.ingress.kubernetes.io/auth-method: GET # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:filmstrip diff --git a/kubernetes/apps/default/redlib/app/helmrelease.yaml b/kubernetes/apps/default/redlib/app/helmrelease.yaml index f3b368d63..dc7e7045b 100644 --- a/kubernetes/apps/default/redlib/app/helmrelease.yaml +++ b/kubernetes/apps/default/redlib/app/helmrelease.yaml @@ -67,14 +67,14 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; external-dns.alpha.kubernetes.io/enabled: "true" external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:web hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml index d9670fbcb..43c97ae10 100644 --- a/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml +++ b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml @@ -57,7 +57,7 @@ spec: sabnzbd.default.svc, sabnzbd.default.svc.cluster, sabnzbd.default.svc.cluster.local, - sabnzbd.${SECRET_CLUSTER_DOMAIN} + sabnzbd.${SECRET_EXTERNAL_DOMAIN} envFrom: - secretRef: name: sabnzbd-secret @@ -95,12 +95,12 @@ spec: annotations: # nginx.ingress.kubernetes.io/auth-method: GET # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:download hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/sharry/app/config/sharry.conf b/kubernetes/apps/default/sharry/app/config/sharry.conf index 189a3db17..25b3b45f4 100644 --- a/kubernetes/apps/default/sharry/app/config/sharry.conf +++ b/kubernetes/apps/default/sharry/app/config/sharry.conf @@ -1,5 +1,5 @@ sharry.restserver { - base-url = "https://sharry.${SECRET_CLUSTER_DOMAIN}" + base-url = "https://sharry.${SECRET_EXTERNAL_DOMAIN}" bind { address = "0.0.0.0" port =9090 diff --git a/kubernetes/apps/default/sharry/app/helmrelease.yaml b/kubernetes/apps/default/sharry/app/helmrelease.yaml index 366416d53..66659bece 100644 --- a/kubernetes/apps/default/sharry/app/helmrelease.yaml +++ b/kubernetes/apps/default/sharry/app/helmrelease.yaml @@ -69,7 +69,7 @@ spec: nginx.ingress.kubernetes.io/proxy-body-size: "0" hajimari.io/icon: mdi:account-arrow-up hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/sonarr/app/helmrelease.yaml b/kubernetes/apps/default/sonarr/app/helmrelease.yaml index 72ddbe374..bc52912a7 100644 --- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml @@ -54,14 +54,14 @@ spec: tag: 4.0.5.1719@sha256:602af44d766a8c7c494d01fb79f6e7624aed58f0b86ffe10e1ecad280160a3df env: TZ: "${TIMEZONE}" - PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" PUSHOVER_DEBUG: "false" PUSHOVER_PRIORITY: "0" SONARR__AUTHENTICATION_METHOD: External SONARR__AUTHENTICATION_REQUIRED: DisabledForLocalAddresses SONARR__INSTANCE_NAME: Sonarr SONARR__PORT: &port 8080 - SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" SONARR__LOG_LEVEL: info SONARR__THEME: dark envFrom: *envFrom @@ -99,7 +99,7 @@ spec: annotations: # nginx.ingress.kubernetes.io/auth-method: GET # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:television-classic diff --git a/kubernetes/apps/default/tandoor/app/helmrelease.yaml b/kubernetes/apps/default/tandoor/app/helmrelease.yaml index d2344e98b..072c5b85a 100644 --- a/kubernetes/apps/default/tandoor/app/helmrelease.yaml +++ b/kubernetes/apps/default/tandoor/app/helmrelease.yaml @@ -110,7 +110,7 @@ spec: annotations: hajimari.io/icon: mdi:chef-hat hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/tdarr/app/helmrelease.yaml b/kubernetes/apps/default/tdarr/app/helmrelease.yaml index b3f68b3b7..6f3095dd7 100644 --- a/kubernetes/apps/default/tdarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/tdarr/app/helmrelease.yaml @@ -96,12 +96,12 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: material-symbols:switch-video-outline hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/unifi/app/helmrelease.yaml b/kubernetes/apps/default/unifi/app/helmrelease.yaml index c4fb99b8b..35b8e79d6 100644 --- a/kubernetes/apps/default/unifi/app/helmrelease.yaml +++ b/kubernetes/apps/default/unifi/app/helmrelease.yaml @@ -94,7 +94,7 @@ spec: nginx.ingress.kubernetes.io/backend-protocol: HTTPS hajimari.io/icon: mdi:lan hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml b/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml index 3df162d19..921605cea 100644 --- a/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml +++ b/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml @@ -49,7 +49,7 @@ spec: DATA_FOLDER: data ICON_CACHE_FOLDER: data/icon_cache ATTACHMENTS_FOLDER: data/attachments - DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}" + DOMAIN: "https://vaultwarden.${SECRET_EXTERNAL_DOMAIN}" TZ: "${TIMEZONE}" SIGNUPS_ALLOWED: "false" WEBSOCKET_ENABLED: "true" @@ -82,7 +82,7 @@ spec: external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:lock hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/vikunja/app/helmrelease.yaml b/kubernetes/apps/default/vikunja/app/helmrelease.yaml index 796530674..3dcc95928 100644 --- a/kubernetes/apps/default/vikunja/app/helmrelease.yaml +++ b/kubernetes/apps/default/vikunja/app/helmrelease.yaml @@ -80,7 +80,7 @@ spec: external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:format-list-checks hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/wallabag/app/helmrelease.yaml b/kubernetes/apps/default/wallabag/app/helmrelease.yaml index 379dacf06..16da49503 100644 --- a/kubernetes/apps/default/wallabag/app/helmrelease.yaml +++ b/kubernetes/apps/default/wallabag/app/helmrelease.yaml @@ -52,7 +52,7 @@ spec: envFrom: *envFrom env: &env SYMFONY__ENV__DATABASE_DRIVER: pdo_pgsql - SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${SECRET_CLUSTER_DOMAIN} + SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${SECRET_EXTERNAL_DOMAIN} SYMFONY__ENV__FOSUSER_REGISTRATION: "true" SYMFONY__ENV__FOSUSER_CONFIRMATION: "true" SYMFONY__ENV__FROM_EMAIL: wallabag@${SECRET_DOMAIN} @@ -93,7 +93,7 @@ spec: external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:newspaper-variant hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/whoogle/app/helmrelease.yaml b/kubernetes/apps/default/whoogle/app/helmrelease.yaml index 648b496b8..1573d07e1 100644 --- a/kubernetes/apps/default/whoogle/app/helmrelease.yaml +++ b/kubernetes/apps/default/whoogle/app/helmrelease.yaml @@ -39,10 +39,10 @@ spec: repository: docker.io/benbusby/whoogle-search tag: 0.8.4 env: - # WHOOGLE_ALT_TW: nitter.${SECRET_CLUSTER_DOMAIN} - WHOOGLE_ALT_YT: invidious.${SECRET_CLUSTER_DOMAIN} + # WHOOGLE_ALT_TW: nitter.${SECRET_EXTERNAL_DOMAIN} + WHOOGLE_ALT_YT: invidious.${SECRET_EXTERNAL_DOMAIN} WHOOGLE_ALT_IG: imginn.com - WHOOGLE_ALT_RD: libreddit.${SECRET_CLUSTER_DOMAIN} + WHOOGLE_ALT_RD: libreddit.${SECRET_EXTERNAL_DOMAIN} # WHOOGLE_ALT_MD: scripe.rip WHOOGLE_ALT_TL: farside.link/lingva WHOOGLE_ALT_IMG: bibliogram.art @@ -51,7 +51,7 @@ spec: WHOOGLE_CONFIG_COUNTRY: FR # WHOOGLE_CONFIG_GET_ONLY: 1 WHOOGLE_CONFIG_THEME: dark - WHOOGLE_CONFIG_URL: https://whoogle.${SECRET_CLUSTER_DOMAIN}/ + WHOOGLE_CONFIG_URL: https://whoogle.${SECRET_EXTERNAL_DOMAIN}/ resources: requests: cpu: 10m @@ -71,14 +71,14 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; external-dns.alpha.kubernetes.io/enabled: "true" external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:google hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml index 6b37922f8..886682fdb 100644 --- a/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml +++ b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml @@ -60,7 +60,7 @@ spec: ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: "true" ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: "true" ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: 8080 - ZIGBEE2MQTT_CONFIG_FRONTEND_URL: "https://zigbee.${SECRET_CLUSTER_DOMAIN}" + ZIGBEE2MQTT_CONFIG_FRONTEND_URL: "https://zigbee.${SECRET_EXTERNAL_DOMAIN}" ZIGBEE2MQTT_CONFIG_HOMEASSISTANT: "true" ZIGBEE2MQTT_CONFIG_MQTT_INCLUDE_DEVICE_INFORMATION: "true" ZIGBEE2MQTT_CONFIG_MQTT_KEEPALIVE: 60 @@ -102,12 +102,12 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:zigbee hosts: - - host: &host "zigbee.${SECRET_CLUSTER_DOMAIN}" + - host: &host "zigbee.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml b/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml index 7c470279a..54d144713 100644 --- a/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml +++ b/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml @@ -90,12 +90,12 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:z-wave hosts: - - host: &host "zwave.${SECRET_CLUSTER_DOMAIN}" + - host: &host "zwave.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml index a22f1765b..ad37cbc14 100644 --- a/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml +++ b/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml @@ -11,7 +11,7 @@ metadata: spec: ingressClassName: "nginx" rules: - - host: "flux-webhook.${SECRET_CLUSTER_DOMAIN}" + - host: "flux-webhook.${SECRET_EXTERNAL_DOMAIN}" http: paths: - path: /hook/ @@ -23,4 +23,4 @@ spec: number: 80 tls: - hosts: - - "flux-webhook.${SECRET_CLUSTER_DOMAIN}" + - "flux-webhook.${SECRET_EXTERNAL_DOMAIN}" diff --git a/kubernetes/apps/flux-system/capacitor/app/helmrelease.yaml b/kubernetes/apps/flux-system/capacitor/app/helmrelease.yaml index 48b390525..66153c270 100644 --- a/kubernetes/apps/flux-system/capacitor/app/helmrelease.yaml +++ b/kubernetes/apps/flux-system/capacitor/app/helmrelease.yaml @@ -62,7 +62,7 @@ spec: annotations: hajimari.io/icon: mdi:sync hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: @@ -71,4 +71,3 @@ spec: tls: - hosts: - *host - diff --git a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml index d0a0896d1..d2e5cc515 100644 --- a/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/cilium/app/helmrelease.yaml @@ -62,7 +62,7 @@ spec: enabled: true className: nginx hosts: - - &host "cilium.${SECRET_CLUSTER_DOMAIN}" + - &host "cilium.${SECRET_EXTERNAL_DOMAIN}" tls: - hosts: - *host @@ -111,7 +111,7 @@ spec: ingressController: enabled: false defaultSecretNamespace: networking - defaultSecretName: ${SECRET_CLUSTER_DOMAIN//./-}-tls + defaultSecretName: ${SECRET_EXTERNAL_DOMAIN//./-}-tls loadbalancerMode: shared service: loadBalancerIP: 192.168.169.115 diff --git a/kubernetes/apps/kube-system/external-secrets/stores/onepassword/helmrelease.yaml b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/helmrelease.yaml index 52712657d..49361456c 100644 --- a/kubernetes/apps/kube-system/external-secrets/stores/onepassword/helmrelease.yaml +++ b/kubernetes/apps/kube-system/external-secrets/stores/onepassword/helmrelease.yaml @@ -124,7 +124,7 @@ spec: annotations: hajimari.io/enable: "false" hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/monitoring/gatus/app/config/config.yaml b/kubernetes/apps/monitoring/gatus/app/config/config.yaml index 992d2ae78..6007d7a3d 100644 --- a/kubernetes/apps/monitoring/gatus/app/config/config.yaml +++ b/kubernetes/apps/monitoring/gatus/app/config/config.yaml @@ -26,7 +26,7 @@ connectivity: endpoints: - name: status group: external - url: https://status.${SECRET_CLUSTER_DOMAIN} + url: https://status.${SECRET_EXTERNAL_DOMAIN} interval: 1m client: dns-resolver: tcp://192.168.8.1:53 diff --git a/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml b/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml index 5c263e9a7..2849a452b 100644 --- a/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml @@ -67,7 +67,7 @@ spec: TZ: ${TIMEZONE} GATUS_CONFIG_PATH: /config CUSTOM_WEB_PORT: &port 8080 - SECRET_CLUSTER_DOMAIN: ${SECRET_CLUSTER_DOMAIN} + SECRET_EXTERNAL_DOMAIN: ${SECRET_EXTERNAL_DOMAIN} envFrom: *envFrom resources: requests: @@ -110,7 +110,7 @@ spec: external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:list-status hosts: - - host: &host "status.${SECRET_CLUSTER_DOMAIN}" + - host: &host "status.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml index 016ed9ecd..279d9dd97 100644 --- a/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/grafana/app/helmrelease.yaml @@ -29,10 +29,10 @@ spec: rbac: pspEnabled: false env: - GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo - GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization + GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/userinfo + GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/authorization GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana - GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token + GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/token GF_DATE_FORMATS_USE_BROWSER_LOCALE: true GF_EXPLORE_ENABLED: true GF_PANELS_DISABLE_SANITIZE_HTML: true @@ -41,7 +41,7 @@ spec: GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss" GF_SECURITY_ALLOW_EMBEDDING: true GF_SECURITY_COOKIE_SAMESITE: grafana - GF_SERVER_ROOT_URL: https://grafana.${SECRET_CLUSTER_DOMAIN} + GF_SERVER_ROOT_URL: https://grafana.${SECRET_EXTERNAL_DOMAIN} envFromSecrets: - name: grafana-secret grafana.ini: @@ -50,7 +50,7 @@ spec: check_for_plugin_updates: false reporting_enabled: false auth: - signout_redirect_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/logout" + signout_redirect_url: "https://auth.${SECRET_EXTERNAL_DOMAIN}/logout" oauth_auto_login: true oauth_allow_insecure_email_lookup: true auth.generic_oauth: @@ -369,7 +369,7 @@ spec: annotations: hajimari.io/icon: simple-icons:grafana hosts: - - &host "grafana.${SECRET_CLUSTER_DOMAIN}" + - &host "grafana.${SECRET_EXTERNAL_DOMAIN}" tls: - hosts: - *host diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml index 3810f1077..89cd657e5 100644 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml @@ -124,15 +124,15 @@ spec: annotations: nginx.ingress.kubernetes.io/auth-method: GET nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/appName: "Prometheus" hajimari.io/icon: simple-icons:prometheus - hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"] + hosts: ["prometheus.${SECRET_EXTERNAL_DOMAIN}"] tls: - hosts: - - "prometheus.${SECRET_CLUSTER_DOMAIN}" + - "prometheus.${SECRET_EXTERNAL_DOMAIN}" prometheusSpec: podMetadata: annotations: @@ -242,15 +242,15 @@ spec: annotations: # nginx.ingress.kubernetes.io/auth-method: GET # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/appName: "Alert Manager" hajimari.io/icon: mdi:alert-decagram-outline - hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"] + hosts: ["alert-manager.${SECRET_EXTERNAL_DOMAIN}"] tls: - hosts: - - "alert-manager.${SECRET_CLUSTER_DOMAIN}" + - "alert-manager.${SECRET_EXTERNAL_DOMAIN}" prometheus: monitor: enabled: true diff --git a/kubernetes/apps/monitoring/scrutiny/app/helmrelease.yaml b/kubernetes/apps/monitoring/scrutiny/app/helmrelease.yaml index 9a4831229..64e87e7fb 100644 --- a/kubernetes/apps/monitoring/scrutiny/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/scrutiny/app/helmrelease.yaml @@ -63,7 +63,7 @@ spec: annotations: hajimari.io/icon: mdi:harddiskstatus hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml index febda858a..fcc7480bd 100644 --- a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml @@ -75,7 +75,7 @@ spec: size: 10Gi query: replicas: 3 - extraArgs: ["--alert.query-url=https://thanos.${SECRET_CLUSTER_DOMAIN}"] + extraArgs: ["--alert.query-url=https://thanos.${SECRET_EXTERNAL_DOMAIN}"] # additionalStores: ["thanos.turbo.ac:10901"] queryFrontend: enabled: true @@ -91,7 +91,7 @@ spec: enabled: true ingressClassName: nginx hosts: - - thanos.${SECRET_CLUSTER_DOMAIN} + - thanos.${SECRET_EXTERNAL_DOMAIN} podAnnotations: &podAnnotations configmap.reloader.stakater.com/reload: *configMap rule: diff --git a/kubernetes/apps/networking/external-dns/app/helmrelease.yaml b/kubernetes/apps/networking/external-dns/app/helmrelease.yaml index 1570ff8ed..95eed7380 100644 --- a/kubernetes/apps/networking/external-dns/app/helmrelease.yaml +++ b/kubernetes/apps/networking/external-dns/app/helmrelease.yaml @@ -27,6 +27,8 @@ spec: uninstall: keepHistory: false values: + podAnnotations: + reloader.stakater.com/auto: "true" interval: 2m logLevel: debug provider: ovh @@ -51,7 +53,7 @@ spec: policy: sync sources: - ingress - txtOwnerId: "default" + txtOwnerId: default domainFilters: - "${SECRET_DOMAIN}" serviceMonitor: diff --git a/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml b/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml index ba3d6300d..660df00bb 100644 --- a/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml +++ b/kubernetes/apps/networking/ingress-nginx/app/helmrelease.yaml @@ -67,7 +67,7 @@ spec: any: true extraArgs: default-ssl-certificate: |- - networking/${SECRET_CLUSTER_DOMAIN//./-}-tls + networking/${SECRET_EXTERNAL_DOMAIN//./-}-tls topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname diff --git a/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml b/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml index 171b46d86..2f18e4bf7 100644 --- a/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml +++ b/kubernetes/apps/networking/ingress-nginx/certificates/certificates.yaml @@ -2,14 +2,14 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: ${SECRET_CLUSTER_DOMAIN//./-} + name: ${SECRET_EXTERNAL_DOMAIN//./-} namespace: networking spec: - secretName: ${SECRET_CLUSTER_DOMAIN//./-}-tls + secretName: ${SECRET_EXTERNAL_DOMAIN//./-}-tls issuerRef: name: letsencrypt-production kind: ClusterIssuer - commonName: "${SECRET_CLUSTER_DOMAIN}" + commonName: "${SECRET_EXTERNAL_DOMAIN}" dnsNames: - - ${SECRET_CLUSTER_DOMAIN} - - "*.${SECRET_CLUSTER_DOMAIN}" + - ${SECRET_EXTERNAL_DOMAIN} + - "*.${SECRET_EXTERNAL_DOMAIN}" diff --git a/kubernetes/apps/networking/k8s-gateway/app/Corefile b/kubernetes/apps/networking/k8s-gateway/app/Corefile index 457656ffe..5815da1d5 100644 --- a/kubernetes/apps/networking/k8s-gateway/app/Corefile +++ b/kubernetes/apps/networking/k8s-gateway/app/Corefile @@ -5,12 +5,7 @@ lameduck 5s } ready - k8s_gateway ${SECRET_CLUSTER_DOMAIN} { - apex k8s-gateway.network - resources Ingress Service - ttl 300 - } - k8s_gateway ${SECRET_DOMAIN} { + k8s_gateway ${SECRET_EXTERNAL_DOMAIN} { apex k8s-gateway.network resources Ingress Service ttl 300 diff --git a/kubernetes/apps/ngnode/landing-page/app-staging/helmrelease.yaml b/kubernetes/apps/ngnode/landing-page/app-staging/helmrelease.yaml index 06cf34eb5..1efdcb4dc 100644 --- a/kubernetes/apps/ngnode/landing-page/app-staging/helmrelease.yaml +++ b/kubernetes/apps/ngnode/landing-page/app-staging/helmrelease.yaml @@ -55,7 +55,7 @@ spec: external-dns.alpha.kubernetes.io/enabled: "true" external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml b/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml index cdd55f4f5..64ab07aa3 100644 --- a/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml +++ b/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml @@ -55,7 +55,7 @@ spec: external-dns.alpha.kubernetes.io/enabled: "true" external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" + - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" paths: - path: / service: diff --git a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml index 3b75c9ebc..8480b6f05 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml @@ -37,11 +37,11 @@ spec: hajimari.io/appName: Rook hajimari.io/icon: mdi:chess-rook host: - name: "rook.${SECRET_CLUSTER_DOMAIN}" + name: "rook.${SECRET_EXTERNAL_DOMAIN}" path: / tls: - hosts: - - "rook.${SECRET_CLUSTER_DOMAIN}" + - "rook.${SECRET_EXTERNAL_DOMAIN}" configOverride: | [global] bdev_enable_discard = true diff --git a/kubernetes/flux/config/cluster.yaml b/kubernetes/flux/config/cluster.yaml index ff54d957b..38051e13a 100644 --- a/kubernetes/flux/config/cluster.yaml +++ b/kubernetes/flux/config/cluster.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/gitrepository_v1beta2.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: diff --git a/kubernetes/flux/vars/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml index 9e7e68e9c..017ab0056 100644 --- a/kubernetes/flux/vars/cluster-secrets.sops.yaml +++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml @@ -5,12 +5,11 @@ metadata: name: cluster-secrets namespace: flux-system stringData: - SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:hWobTs6NA15tpKWe5gOijZQ/g04=,iv:+AHLg4o03aoZYQtamlfKnZXVlwy36+8NrwLhnL1ayHo=,tag:0vGWliDmkhsevARDdJzZ+g==,type:str] + SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:8HotHVJva77fd9S+j2BB,iv:fqCDD0NuK9ySCsGGT3G4QsfViM2L9oPp9ZLgwXf0tLI=,tag:rX1quD8RTjvzV75fmwmC6w==,type:str] SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str] SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str] SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:Brd9H7gizPxew+4=,iv:YaIxv9TFF0mAks9gJXwXA1N7b8k5mcSJ6hs9lpaUV/M=,tag:8xdRoWun3IUVywagpsrsBw==,type:str] SECRET_INTERNAL_DOMAIN: ENC[AES256_GCM,data:WLuQAi9JsUsD5Q==,iv:Zc+5/rQONxepZFVC/ia01aBdlVyG99thOeIipeAVS3E=,tag:FwwjDKoUMfZ/taFPRRThOQ==,type:str] - SECRET_CLUSTER_DOMAIN: ENC[AES256_GCM,data:Go+HZnPQCW5GKPqRB0MnmQ==,iv:bUGmzu42TVxhF94pGZuEi++A5a72wgGmWbOjmgau6Cg=,tag:eUIyZ/wcsOXYamTgiQYMjA==,type:str] SECRET_CROWDSEC_NGINX_BOUNCER_API_KEY: ENC[AES256_GCM,data:ecukkFOK40WWIxJ48sXrxJUBaHx2BnzqxkIT+cXYZg4=,iv:y6AfslVPufBfrIL3GQqTw0cDAan64mB9J7RY9OzKQqw=,tag:+V4Rgz26wey2UtA32S0PJQ==,type:str] SECRET_KOMF_MAL_CLIENT_ID: ENC[AES256_GCM,data:HuKHFrICgCj6nbcbix8u7qGeggFmmKht7Elk9dINZtE=,iv:c3mqFdFkIO9dctZ3ooPh4ajOZaY0ZudEeNWbG+lryPI=,tag:jWG2+pgkAf/XUgJyUvdrNg==,type:str] SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str] @@ -36,8 +35,8 @@ sops: WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-13T19:25:25Z" - mac: ENC[AES256_GCM,data:II+IEFKhi740xrv8uA8Gu0F39X+KGRlT+0egVrnNkvfLNeSV85YAB+F/PXo4MmfdeK9b/EN0C6z2Wms6NOpUQ76g8E/xJ7GG6OqIhQM5Q+jqahD2PZMYgo62Efwq17zzUz2WqUbt6eM5H03dhRv/Da+WUtdijv2d7cMnTxEpqh8=,iv:kRY9Fhh+upvyexhxJjmy2PJvvwEtAO58JQHblXF/4Jw=,tag:boWsM6Ii4rPo+i0sXabWdA==,type:str] + lastmodified: "2024-06-16T22:10:15Z" + mac: ENC[AES256_GCM,data:E/7/eH1+c3FL3i3JGq9M5WzW504RdyJiMAaKIeQ35lz9I6k10ohZd4z9sVeRfshveKLKZ5Kk6vzzjHNdjjFO0W0SqM8ix2JB+3+KiUBL/KteTDxcfUZ3SjiL42YB86uwI+msrCekXrHpsSY/dtBgmNyItuVZdvMWDjJBZ9cM8P8=,iv:eJIUMdqx8pr82goXGaoNHZgWIjUZ0nU0QfJAsP1Kk94=,tag:wEPUgxfQXE5qoxAFi3dsfw==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.8.1 diff --git a/kubernetes/templates/gatus/external/configmap.yaml b/kubernetes/templates/gatus/external/configmap.yaml index 441afe00d..a5548ca90 100644 --- a/kubernetes/templates/gatus/external/configmap.yaml +++ b/kubernetes/templates/gatus/external/configmap.yaml @@ -10,7 +10,7 @@ data: endpoints: - name: "${APP}" group: external - url: "https://${GATUS_SUBDOMAIN:-${APP}}.${SECRET_CLUSTER_DOMAIN}${GATUS_PATH:-/}" + url: "https://${GATUS_SUBDOMAIN:-${APP}}.${SECRET_EXTERNAL_DOMAIN}${GATUS_PATH:-/}" interval: 1m client: dns-resolver: tcp://192.168.8.1:53 diff --git a/kubernetes/templates/gatus/guarded/configmap.yaml b/kubernetes/templates/gatus/guarded/configmap.yaml index f133236ba..9160729e7 100644 --- a/kubernetes/templates/gatus/guarded/configmap.yaml +++ b/kubernetes/templates/gatus/guarded/configmap.yaml @@ -10,7 +10,7 @@ data: endpoints: - name: "${APP}" group: guarded - url: "https://${GATUS_SUBDOMAIN:-${APP}}.${GATUS_DOMAIN:-${SECRET_CLUSTER_DOMAIN}}${GATUS_PATH:-/}" + url: "https://${GATUS_SUBDOMAIN:-${APP}}.${GATUS_DOMAIN:-${SECRET_EXTERNAL_DOMAIN}}${GATUS_PATH:-/}" interval: 1m ui: hide-hostname: true