mirror of
https://github.com/auricom/home-cluster.git
synced 2025-12-22 15:36:45 +01:00
feat: change cluster url
This commit is contained in:
auricom
@@ -1,5 +1,5 @@
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
secret_cluster_domain: ENC[AES256_GCM,data:V+KhvpQZ0bxjMDNZq4vYXg==,iv:WP0hlWvDEL0fu1aFR0UQW31nQKWxkkfgoXbfdV4WZ9w=,tag:e3Ky3kenlL71zyQBOXclsQ==,type:str]
|
SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:V+KhvpQZ0bxjMDNZq4vYXg==,iv:WP0hlWvDEL0fu1aFR0UQW31nQKWxkkfgoXbfdV4WZ9w=,tag:e3Ky3kenlL71zyQBOXclsQ==,type:str]
|
||||||
secret_domain: ENC[AES256_GCM,data:SjdnR9pDjveodvo=,iv:GKvdD7c3bmaQN+CAYoKwAy78em9vYljGyl6VfGmJk9E=,tag:hz92J7d1NokEeyB6vxr3Uw==,type:str]
|
secret_domain: ENC[AES256_GCM,data:SjdnR9pDjveodvo=,iv:GKvdD7c3bmaQN+CAYoKwAy78em9vYljGyl6VfGmJk9E=,tag:hz92J7d1NokEeyB6vxr3Uw==,type:str]
|
||||||
public_ssh_keys:
|
public_ssh_keys:
|
||||||
- ENC[AES256_GCM,data:/J9ejzvJHV5wdz9Dj0jUmAaVtIkgVpEoIRJocNGhszY2bmu5mruwWSz6E+XkcAGE0zQMo/9N8imIZoXfq0UQSyfCCitrA09x1z0Hf0s3iSA=,iv:jzA3bIQw+pL4tjNASNMwMcdHW+vSxgVo4Czo/ja0AO8=,tag:iTEDjARfH96oXATQu8VR8Q==,type:str]
|
- ENC[AES256_GCM,data:/J9ejzvJHV5wdz9Dj0jUmAaVtIkgVpEoIRJocNGhszY2bmu5mruwWSz6E+XkcAGE0zQMo/9N8imIZoXfq0UQSyfCCitrA09x1z0Hf0s3iSA=,iv:jzA3bIQw+pL4tjNASNMwMcdHW+vSxgVo4Czo/ja0AO8=,tag:iTEDjARfH96oXATQu8VR8Q==,type:str]
|
||||||
|
|||||||
@@ -7,4 +7,4 @@
|
|||||||
BIN_PATH="{{ scrutiny_dir }}/{{ scrutiny_bin }}"
|
BIN_PATH="{{ scrutiny_dir }}/{{ scrutiny_bin }}"
|
||||||
HOSTNAME=$(hostname)
|
HOSTNAME=$(hostname)
|
||||||
|
|
||||||
$BIN_PATH run --host-id=${HOSTNAME} --api-endpoint=https://scrutiny.{{ secret_cluster_domain }}
|
$BIN_PATH run --host-id=${HOSTNAME} --api-endpoint=https://scrutiny.{{ SECRET_EXTERNAL_DOMAIN }}
|
||||||
|
|||||||
@@ -32,11 +32,9 @@ spec:
|
|||||||
installCRDs: true
|
installCRDs: true
|
||||||
webhook:
|
webhook:
|
||||||
enabled: true
|
enabled: true
|
||||||
extraArgs:
|
enableCertificateOwnerRef: true
|
||||||
- --dns01-recursive-nameservers=ns15.ovh.net:53,dns15.ovh.net:53
|
dns01RecursiveNameservers: 8.8.8.8:53,1.1.1.1:53
|
||||||
- --dns01-recursive-nameservers-only
|
dns01RecursiveNameserversOnly: true
|
||||||
cainjector:
|
|
||||||
replicaCount: 1
|
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
servicemonitor:
|
servicemonitor:
|
||||||
|
|||||||
@@ -27,6 +27,8 @@ spec:
|
|||||||
uninstall:
|
uninstall:
|
||||||
keepHistory: false
|
keepHistory: false
|
||||||
values:
|
values:
|
||||||
|
podAnnotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
groupName: "${SECRET_DOMAIN}"
|
groupName: "${SECRET_DOMAIN}"
|
||||||
certManager:
|
certManager:
|
||||||
namespace: cert-manager
|
namespace: cert-manager
|
||||||
@@ -36,7 +38,7 @@ spec:
|
|||||||
create: true
|
create: true
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
acmeServerUrl: https://acme-staging-v02.api.letsencrypt.org/directory
|
acmeServerUrl: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
|
email: "${SECRET_EXTERNAL_DOMAIN_EMAIL}"
|
||||||
ovhEndpointName: ovh-eu
|
ovhEndpointName: ovh-eu
|
||||||
ovhAuthenticationRef:
|
ovhAuthenticationRef:
|
||||||
applicationKeyRef:
|
applicationKeyRef:
|
||||||
@@ -52,7 +54,7 @@ spec:
|
|||||||
create: true
|
create: true
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
acmeServerUrl: https://acme-v02.api.letsencrypt.org/directory
|
acmeServerUrl: https://acme-v02.api.letsencrypt.org/directory
|
||||||
email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
|
email: "${SECRET_EXTERNAL_DOMAIN_EMAIL}"
|
||||||
ovhEndpointName: ovh-eu
|
ovhEndpointName: ovh-eu
|
||||||
ovhAuthenticationRef:
|
ovhAuthenticationRef:
|
||||||
applicationKeyRef:
|
applicationKeyRef:
|
||||||
|
|||||||
@@ -108,7 +108,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:powershell
|
hajimari.io/icon: mdi:powershell
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "sh.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "sh.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -29,9 +29,9 @@ session:
|
|||||||
remember_me: 1M
|
remember_me: 1M
|
||||||
cookies:
|
cookies:
|
||||||
- name: authelia_session
|
- name: authelia_session
|
||||||
domain: ${SECRET_CLUSTER_DOMAIN}
|
domain: ${SECRET_EXTERNAL_DOMAIN}
|
||||||
authelia_url: https://auth.${SECRET_CLUSTER_DOMAIN}
|
authelia_url: https://auth.${SECRET_EXTERNAL_DOMAIN}
|
||||||
default_redirection_url: https://${SECRET_CLUSTER_DOMAIN}
|
default_redirection_url: https://${SECRET_EXTERNAL_DOMAIN}
|
||||||
redis:
|
redis:
|
||||||
host: dragonfly.database.svc.cluster.local.
|
host: dragonfly.database.svc.cluster.local.
|
||||||
port: 6379
|
port: 6379
|
||||||
@@ -58,17 +58,17 @@ access_control:
|
|||||||
rules:
|
rules:
|
||||||
# bypass Authelia WAN + LAN
|
# bypass Authelia WAN + LAN
|
||||||
- domain:
|
- domain:
|
||||||
- auth.${SECRET_CLUSTER_DOMAIN}
|
- auth.${SECRET_EXTERNAL_DOMAIN}
|
||||||
policy: bypass
|
policy: bypass
|
||||||
# One factor auth for LAN
|
# One factor auth for LAN
|
||||||
- domain:
|
- domain:
|
||||||
- "*.${SECRET_CLUSTER_DOMAIN}"
|
- "*.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
policy: one_factor
|
policy: one_factor
|
||||||
subject: [group:admins, group:users]
|
subject: [group:admins, group:users]
|
||||||
networks:
|
networks:
|
||||||
- private
|
- private
|
||||||
# Deny public resources
|
# Deny public resources
|
||||||
- domain: ["navidrome.${SECRET_CLUSTER_DOMAIN}"]
|
- domain: ["navidrome.${SECRET_EXTERNAL_DOMAIN}"]
|
||||||
resources: [^/metrics.*$]
|
resources: [^/metrics.*$]
|
||||||
policy: deny
|
policy: deny
|
||||||
|
|
||||||
@@ -83,7 +83,7 @@ identity_providers:
|
|||||||
client_secret: "$${FRESHRSS_OAUTH_DIGEST}"
|
client_secret: "$${FRESHRSS_OAUTH_DIGEST}"
|
||||||
public: false
|
public: false
|
||||||
authorization_policy: two_factor
|
authorization_policy: two_factor
|
||||||
redirect_uris: ["https://freshrss.${SECRET_CLUSTER_DOMAIN}:443/i/oidc/"]
|
redirect_uris: ["https://freshrss.${SECRET_EXTERNAL_DOMAIN}:443/i/oidc/"]
|
||||||
scopes: [openid, profile, groups, email]
|
scopes: [openid, profile, groups, email]
|
||||||
userinfo_signed_response_alg: none
|
userinfo_signed_response_alg: none
|
||||||
token_endpoint_auth_method: client_secret_basic
|
token_endpoint_auth_method: client_secret_basic
|
||||||
@@ -94,7 +94,7 @@ identity_providers:
|
|||||||
authorization_policy: two_factor
|
authorization_policy: two_factor
|
||||||
pre_configured_consent_duration: 1y
|
pre_configured_consent_duration: 1y
|
||||||
scopes: [openid, profile, groups, email]
|
scopes: [openid, profile, groups, email]
|
||||||
redirect_uris: ["https://grafana.${SECRET_CLUSTER_DOMAIN}/login/generic_oauth"]
|
redirect_uris: ["https://grafana.${SECRET_EXTERNAL_DOMAIN}/login/generic_oauth"]
|
||||||
userinfo_signed_response_alg: none
|
userinfo_signed_response_alg: none
|
||||||
- client_id: outline
|
- client_id: outline
|
||||||
client_name: Outline
|
client_name: Outline
|
||||||
@@ -104,7 +104,7 @@ identity_providers:
|
|||||||
pre_configured_consent_duration: 1y
|
pre_configured_consent_duration: 1y
|
||||||
scopes: [openid, profile, email, offline_access]
|
scopes: [openid, profile, email, offline_access]
|
||||||
response_types: code
|
response_types: code
|
||||||
redirect_uris: ["https://docs.${SECRET_CLUSTER_DOMAIN}/auth/oidc.callback"]
|
redirect_uris: ["https://docs.${SECRET_EXTERNAL_DOMAIN}/auth/oidc.callback"]
|
||||||
userinfo_signed_response_alg: none
|
userinfo_signed_response_alg: none
|
||||||
token_endpoint_auth_method: client_secret_basic
|
token_endpoint_auth_method: client_secret_basic
|
||||||
- client_name: jellyfin
|
- client_name: jellyfin
|
||||||
@@ -116,6 +116,6 @@ identity_providers:
|
|||||||
pkce_challenge_method: S256
|
pkce_challenge_method: S256
|
||||||
pre_configured_consent_duration: 1y
|
pre_configured_consent_duration: 1y
|
||||||
scopes: [openid, profile, groups]
|
scopes: [openid, profile, groups]
|
||||||
redirect_uris: [ "https://jellyfin.${SECRET_CLUSTER_DOMAIN}/sso/OID/redirect/authelia"]
|
redirect_uris: [ "https://jellyfin.${SECRET_EXTERNAL_DOMAIN}/sso/OID/redirect/authelia"]
|
||||||
userinfo_signed_response_alg: none
|
userinfo_signed_response_alg: none
|
||||||
token_endpoint_auth_method: client_secret_post
|
token_endpoint_auth_method: client_secret_post
|
||||||
|
|||||||
@@ -131,7 +131,7 @@ spec:
|
|||||||
gethomepage.dev/name: Authelia
|
gethomepage.dev/name: Authelia
|
||||||
gethomepage.dev/icon: authelia.png
|
gethomepage.dev/icon: authelia.png
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host auth.${SECRET_CLUSTER_DOMAIN}
|
- host: &host auth.${SECRET_EXTERNAL_DOMAIN}
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -105,7 +105,7 @@ spec:
|
|||||||
gethomepage.dev/name: Babybuddy
|
gethomepage.dev/name: Babybuddy
|
||||||
gethomepage.dev/icon: babybuddy.png
|
gethomepage.dev/icon: babybuddy.png
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
|||||||
@@ -88,7 +88,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:subtitles-outline
|
hajimari.io/icon: mdi:subtitles-outline
|
||||||
@@ -98,7 +98,7 @@ spec:
|
|||||||
gethomepage.dev/icon: bazarr.png
|
gethomepage.dev/icon: bazarr.png
|
||||||
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:bookshelf
|
hajimari.io/icon: mdi:bookshelf
|
||||||
@@ -67,7 +67,7 @@ spec:
|
|||||||
gethomepage.dev/name: Calibre
|
gethomepage.dev/name: Calibre
|
||||||
gethomepage.dev/icon: calibre.png
|
gethomepage.dev/icon: calibre.png
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -53,7 +53,7 @@ spec:
|
|||||||
path: /
|
path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
hosts:
|
hosts:
|
||||||
- &host "emqx.${SECRET_CLUSTER_DOMAIN}"
|
- &host "emqx.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:download
|
hajimari.io/icon: mdi:download
|
||||||
@@ -78,7 +78,7 @@ spec:
|
|||||||
gethomepage.dev/name: qBittorrent
|
gethomepage.dev/name: qBittorrent
|
||||||
gethomepage.dev/icon: qbittorrent.png
|
gethomepage.dev/icon: qbittorrent.png
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -48,9 +48,9 @@ spec:
|
|||||||
env:
|
env:
|
||||||
TZ: ${TIMEZONE}
|
TZ: ${TIMEZONE}
|
||||||
CRON_MIN: 18,48
|
CRON_MIN: 18,48
|
||||||
DOMAIN: "https://freshrss.${SECRET_CLUSTER_DOMAIN}/"
|
DOMAIN: "https://freshrss.${SECRET_EXTERNAL_DOMAIN}/"
|
||||||
OIDC_ENABLED: 1
|
OIDC_ENABLED: 1
|
||||||
OIDC_PROVIDER_METADATA_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration
|
OIDC_PROVIDER_METADATA_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/.well-known/openid-configuration
|
||||||
OIDC_CLIENT_ID: freshrss
|
OIDC_CLIENT_ID: freshrss
|
||||||
OIDC_REMOTE_USER_CLAIM: preferred_username
|
OIDC_REMOTE_USER_CLAIM: preferred_username
|
||||||
OIDC_SCOPES: openid groups email profile
|
OIDC_SCOPES: openid groups email profile
|
||||||
@@ -73,7 +73,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:rss
|
hajimari.io/icon: mdi:rss
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -98,13 +98,13 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:cctv
|
hajimari.io/icon: mdi:cctv
|
||||||
className: nginx
|
className: nginx
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:cash-multiple
|
hajimari.io/icon: mdi:cash-multiple
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -92,7 +92,7 @@ spec:
|
|||||||
hajimari.io/icon: "weather-sunset"
|
hajimari.io/icon: "weather-sunset"
|
||||||
hajimari.io/instance: "admin"
|
hajimari.io/instance: "admin"
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host apps.${SECRET_CLUSTER_DOMAIN}
|
- host: &host apps.${SECRET_EXTERNAL_DOMAIN}
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
|||||||
@@ -89,7 +89,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:home-assistant
|
hajimari.io/icon: mdi:home-assistant
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "hass.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "hass.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -78,7 +78,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host hass-code.${SECRET_CLUSTER_DOMAIN}
|
- host: &host hass-code.${SECRET_EXTERNAL_DOMAIN}
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -63,7 +63,7 @@ spec:
|
|||||||
hajimari.io/icon: devices
|
hajimari.io/icon: devices
|
||||||
hajimari.io/targetBlank: "true"
|
hajimari.io/targetBlank: "true"
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
- Home:
|
- Home:
|
||||||
- HomeAssistant:
|
- HomeAssistant:
|
||||||
href: https://hass.${SECRET_CLUSTER_DOMAIN}
|
href: https://hass.${SECRET_EXTERNAL_DOMAIN}
|
||||||
icon: home-assistant.png
|
icon: home-assistant.png
|
||||||
description: Home Assistant
|
description: Home Assistant
|
||||||
widget:
|
widget:
|
||||||
@@ -11,7 +11,7 @@
|
|||||||
- Media:
|
- Media:
|
||||||
- Jellyfin:
|
- Jellyfin:
|
||||||
icon: jellyfin.png
|
icon: jellyfin.png
|
||||||
href: https://jellyfin.${SECRET_CLUSTER_DOMAIN}
|
href: https://jellyfin.${SECRET_EXTERNAL_DOMAIN}
|
||||||
description: Media Server
|
description: Media Server
|
||||||
widget:
|
widget:
|
||||||
type: jellyfin
|
type: jellyfin
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ spec:
|
|||||||
database_url: postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres16-rw.database.svc.cluster.local.:5432/invidious
|
database_url: postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres16-rw.database.svc.cluster.local.:5432/invidious
|
||||||
check_tables: true
|
check_tables: true
|
||||||
port: 3000
|
port: 3000
|
||||||
domain: invidious.${SECRET_CLUSTER_DOMAIN}
|
domain: invidious.${SECRET_EXTERNAL_DOMAIN}
|
||||||
https_only: false
|
https_only: false
|
||||||
hmac_key: {{ .HMAC_KEY }}
|
hmac_key: {{ .HMAC_KEY }}
|
||||||
# Postgres Init
|
# Postgres Init
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||||
@@ -72,7 +72,7 @@ spec:
|
|||||||
hajimari.io/icon: mdi:youtube
|
hajimari.io/icon: mdi:youtube
|
||||||
hajimari.io/name: invidious
|
hajimari.io/name: invidious
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "invidious.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "invidious.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -114,7 +114,7 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: simple-icons:jellyfin
|
hajimari.io/icon: simple-icons:jellyfin
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -47,7 +47,7 @@ spec:
|
|||||||
repository: joplin/server
|
repository: joplin/server
|
||||||
tag: 2.14.2-beta@sha256:b87564ef34e9ed0513e9b925b617cb8a1371eddfc8476f1fbd3fa85341d51508
|
tag: 2.14.2-beta@sha256:b87564ef34e9ed0513e9b925b617cb8a1371eddfc8476f1fbd3fa85341d51508
|
||||||
env:
|
env:
|
||||||
APP_BASE_URL: https://joplin.${SECRET_CLUSTER_DOMAIN}
|
APP_BASE_URL: https://joplin.${SECRET_EXTERNAL_DOMAIN}
|
||||||
APP_PORT: &port 8080
|
APP_PORT: &port 8080
|
||||||
DB_CLIENT: pg
|
DB_CLIENT: pg
|
||||||
MAILER_ENABLED: 1
|
MAILER_ENABLED: 1
|
||||||
@@ -76,7 +76,7 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:text
|
hajimari.io/icon: mdi:text
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ spec:
|
|||||||
hajimari.io/icon: mdi:ideogram-cjk-variant
|
hajimari.io/icon: mdi:ideogram-cjk-variant
|
||||||
className: nginx
|
className: nginx
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -83,12 +83,12 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:cash
|
hajimari.io/icon: mdi:cash
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "cash.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "cash.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ port = 7000
|
|||||||
#IP address. Enter 0.0.0.0 to listen on all availale addresses
|
#IP address. Enter 0.0.0.0 to listen on all availale addresses
|
||||||
ip= "0.0.0.0"
|
ip= "0.0.0.0"
|
||||||
# enter your hostname, eg: example.com
|
# enter your hostname, eg: example.com
|
||||||
domain = "${SECRET_CLUSTER_DOMAIN}"
|
domain = "${SECRET_EXTERNAL_DOMAIN}"
|
||||||
allow_registration = false
|
allow_registration = false
|
||||||
proxy_has_tls = false
|
proxy_has_tls = false
|
||||||
#workers = 2
|
#workers = 2
|
||||||
|
|||||||
@@ -55,14 +55,14 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:file-document-arrow-right-outline
|
hajimari.io/icon: mdi:file-document-arrow-right-outline
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "libmedium.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "libmedium.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ spec:
|
|||||||
LIDARR__INSTANCE_NAME: Lidarr
|
LIDARR__INSTANCE_NAME: Lidarr
|
||||||
LIDARR__PORT: &port 8080
|
LIDARR__PORT: &port 8080
|
||||||
LIDARR__LOG_LEVEL: info
|
LIDARR__LOG_LEVEL: info
|
||||||
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
PUSHOVER_PRIORITY: "0"
|
PUSHOVER_PRIORITY: "0"
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
@@ -82,7 +82,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:headphones
|
hajimari.io/icon: mdi:headphones
|
||||||
|
|||||||
@@ -79,7 +79,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: link
|
hajimari.io/icon: link
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "links.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "links.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ spec:
|
|||||||
env:
|
env:
|
||||||
TZ: ${TIMEZONE}
|
TZ: ${TIMEZONE}
|
||||||
LLDAP_HTTP_PORT: &port 8080
|
LLDAP_HTTP_PORT: &port 8080
|
||||||
LLDAP_HTTP_URL: https://lldap.${SECRET_CLUSTER_DOMAIN}
|
LLDAP_HTTP_URL: https://lldap.${SECRET_EXTERNAL_DOMAIN}
|
||||||
LLDAP_LDAP_PORT: &ldapPort 5389
|
LLDAP_LDAP_PORT: &ldapPort 5389
|
||||||
LLDAP_LDAP_BASE_DN: dc=home,dc=arpa
|
LLDAP_LDAP_BASE_DN: dc=home,dc=arpa
|
||||||
envFrom: *envFrom
|
envFrom: *envFrom
|
||||||
@@ -85,7 +85,7 @@ spec:
|
|||||||
hajimari.io/icon: mdi:account-multiple
|
hajimari.io/icon: mdi:account-multiple
|
||||||
className: nginx
|
className: nginx
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -73,7 +73,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:file-music
|
hajimari.io/icon: mdi:file-music
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ spec:
|
|||||||
env:
|
env:
|
||||||
TIMEZONE: ${TIMEZONE}
|
TIMEZONE: ${TIMEZONE}
|
||||||
APP_NAME: Lychee
|
APP_NAME: Lychee
|
||||||
APP_URL: https://lychee.${SECRET_CLUSTER_DOMAIN}
|
APP_URL: https://lychee.${SECRET_EXTERNAL_DOMAIN}
|
||||||
DB_CONNECTION: pgsql
|
DB_CONNECTION: pgsql
|
||||||
PHP_TZ: ${TIMEZONE}
|
PHP_TZ: ${TIMEZONE}
|
||||||
REDIS_HOST: dragonfly.database.svc.cluster.local.
|
REDIS_HOST: dragonfly.database.svc.cluster.local.
|
||||||
@@ -74,7 +74,7 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:camera
|
hajimari.io/icon: mdi:camera
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -74,7 +74,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/enable: "false"
|
hajimari.io/enable: "false"
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -71,14 +71,14 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:music
|
hajimari.io/icon: mdi:music
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -56,12 +56,12 @@ spec:
|
|||||||
AWS_S3_UPLOAD_BUCKET_URL: "https://s3.${SECRET_INTERNAL_DOMAIN}"
|
AWS_S3_UPLOAD_BUCKET_URL: "https://s3.${SECRET_INTERNAL_DOMAIN}"
|
||||||
ENABLE_UPDATES: "false"
|
ENABLE_UPDATES: "false"
|
||||||
FILE_STORAGE_UPLOAD_MAX_SIZE: "26214400"
|
FILE_STORAGE_UPLOAD_MAX_SIZE: "26214400"
|
||||||
OIDC_AUTH_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization"
|
OIDC_AUTH_URI: "https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/authorization"
|
||||||
OIDC_CLIENT_ID: outline
|
OIDC_CLIENT_ID: outline
|
||||||
OIDC_DISPLAY_NAME: Authelia
|
OIDC_DISPLAY_NAME: Authelia
|
||||||
OIDC_SCOPES: openid profile email offline_access
|
OIDC_SCOPES: openid profile email offline_access
|
||||||
OIDC_TOKEN_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token"
|
OIDC_TOKEN_URI: "https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/token"
|
||||||
OIDC_USERINFO_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo"
|
OIDC_USERINFO_URI: "https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/userinfo"
|
||||||
OIDC_USERNAME_CLAIM: email
|
OIDC_USERNAME_CLAIM: email
|
||||||
PORT: 8080
|
PORT: 8080
|
||||||
REDIS_URL: redis://dragonfly.database.svc.cluster.local.:6379
|
REDIS_URL: redis://dragonfly.database.svc.cluster.local.:6379
|
||||||
@@ -69,7 +69,7 @@ spec:
|
|||||||
SMTP_PORT: 2525
|
SMTP_PORT: 2525
|
||||||
SMTP_FROM_EMAIL: "outline@${SECRET_DOMAIN}"
|
SMTP_FROM_EMAIL: "outline@${SECRET_DOMAIN}"
|
||||||
SMTP_SECURE: "false"
|
SMTP_SECURE: "false"
|
||||||
URL: "https://docs.${SECRET_CLUSTER_DOMAIN}"
|
URL: "https://docs.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
WEB_CONCURRENCY: 10
|
WEB_CONCURRENCY: 10
|
||||||
command:
|
command:
|
||||||
[
|
[
|
||||||
@@ -96,7 +96,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:text-box-multiple
|
hajimari.io/icon: mdi:text-box-multiple
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "docs.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "docs.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -60,7 +60,7 @@ spec:
|
|||||||
PAPERLESS_REDIS: redis://dragonfly.database.svc.cluster.local.:6379
|
PAPERLESS_REDIS: redis://dragonfly.database.svc.cluster.local.:6379
|
||||||
PAPERLESS_TASK_WORKERS: 2
|
PAPERLESS_TASK_WORKERS: 2
|
||||||
PAPERLESS_TIME_ZONE: Europe/Paris
|
PAPERLESS_TIME_ZONE: Europe/Paris
|
||||||
PAPERLESS_URL: https://paperless.${SECRET_CLUSTER_DOMAIN}
|
PAPERLESS_URL: https://paperless.${SECRET_EXTERNAL_DOMAIN}
|
||||||
envFrom: *envFrom
|
envFrom: *envFrom
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
@@ -81,7 +81,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:barcode-scan
|
hajimari.io/icon: mdi:barcode-scan
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -67,7 +67,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:database
|
hajimari.io/icon: mdi:database
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ spec:
|
|||||||
PHOTOPRISM_ORIGINALS_PATH: &originals /var/mnt/vol1/photo/Gallery
|
PHOTOPRISM_ORIGINALS_PATH: &originals /var/mnt/vol1/photo/Gallery
|
||||||
PHOTOPRISM_DEBUG: "false"
|
PHOTOPRISM_DEBUG: "false"
|
||||||
PHOTOPRISM_PUBLIC: "true"
|
PHOTOPRISM_PUBLIC: "true"
|
||||||
PHOTOPRISM_SITE_URL: "https://photos.${SECRET_CLUSTER_DOMAIN}/"
|
PHOTOPRISM_SITE_URL: "https://photos.${SECRET_EXTERNAL_DOMAIN}/"
|
||||||
PHOTOPRISM_ORIGINALS_LIMIT: 4000 # in MB (default 1000)
|
PHOTOPRISM_ORIGINALS_LIMIT: 4000 # in MB (default 1000)
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
@@ -67,13 +67,13 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: 4G
|
nginx.ingress.kubernetes.io/proxy-body-size: 4G
|
||||||
hajimari.io/icon: arcticons:photoprism
|
hajimari.io/icon: arcticons:photoprism
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -72,12 +72,12 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:movie-search
|
hajimari.io/icon: mdi:movie-search
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -76,7 +76,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:download
|
hajimari.io/icon: mdi:download
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -54,12 +54,12 @@ spec:
|
|||||||
tag: 5.6.0.8846@sha256:99c264af3f2d177e6674a9b304b64a35261202de30e54b35d5758d40edd94366
|
tag: 5.6.0.8846@sha256:99c264af3f2d177e6674a9b304b64a35261202de30e54b35d5758d40edd94366
|
||||||
env:
|
env:
|
||||||
TZ: "${TIMEZONE}"
|
TZ: "${TIMEZONE}"
|
||||||
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
PUSHOVER_DEBUG: "false"
|
PUSHOVER_DEBUG: "false"
|
||||||
PUSHOVER_PRIORITY: "0"
|
PUSHOVER_PRIORITY: "0"
|
||||||
RADARR__INSTANCE_NAME: Radarr
|
RADARR__INSTANCE_NAME: Radarr
|
||||||
RADARR__PORT: &port 8080
|
RADARR__PORT: &port 8080
|
||||||
RADARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
RADARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
RADARR__LOG_LEVEL: info
|
RADARR__LOG_LEVEL: info
|
||||||
RADARR__THEME: dark
|
RADARR__THEME: dark
|
||||||
envFrom: *envFrom
|
envFrom: *envFrom
|
||||||
@@ -82,7 +82,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:filmstrip
|
hajimari.io/icon: mdi:filmstrip
|
||||||
|
|||||||
@@ -67,14 +67,14 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:web
|
hajimari.io/icon: mdi:web
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ spec:
|
|||||||
sabnzbd.default.svc,
|
sabnzbd.default.svc,
|
||||||
sabnzbd.default.svc.cluster,
|
sabnzbd.default.svc.cluster,
|
||||||
sabnzbd.default.svc.cluster.local,
|
sabnzbd.default.svc.cluster.local,
|
||||||
sabnzbd.${SECRET_CLUSTER_DOMAIN}
|
sabnzbd.${SECRET_EXTERNAL_DOMAIN}
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: sabnzbd-secret
|
name: sabnzbd-secret
|
||||||
@@ -95,12 +95,12 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:download
|
hajimari.io/icon: mdi:download
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
sharry.restserver {
|
sharry.restserver {
|
||||||
base-url = "https://sharry.${SECRET_CLUSTER_DOMAIN}"
|
base-url = "https://sharry.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
bind {
|
bind {
|
||||||
address = "0.0.0.0"
|
address = "0.0.0.0"
|
||||||
port =9090
|
port =9090
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ spec:
|
|||||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||||
hajimari.io/icon: mdi:account-arrow-up
|
hajimari.io/icon: mdi:account-arrow-up
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -54,14 +54,14 @@ spec:
|
|||||||
tag: 4.0.5.1719@sha256:602af44d766a8c7c494d01fb79f6e7624aed58f0b86ffe10e1ecad280160a3df
|
tag: 4.0.5.1719@sha256:602af44d766a8c7c494d01fb79f6e7624aed58f0b86ffe10e1ecad280160a3df
|
||||||
env:
|
env:
|
||||||
TZ: "${TIMEZONE}"
|
TZ: "${TIMEZONE}"
|
||||||
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
PUSHOVER_DEBUG: "false"
|
PUSHOVER_DEBUG: "false"
|
||||||
PUSHOVER_PRIORITY: "0"
|
PUSHOVER_PRIORITY: "0"
|
||||||
SONARR__AUTHENTICATION_METHOD: External
|
SONARR__AUTHENTICATION_METHOD: External
|
||||||
SONARR__AUTHENTICATION_REQUIRED: DisabledForLocalAddresses
|
SONARR__AUTHENTICATION_REQUIRED: DisabledForLocalAddresses
|
||||||
SONARR__INSTANCE_NAME: Sonarr
|
SONARR__INSTANCE_NAME: Sonarr
|
||||||
SONARR__PORT: &port 8080
|
SONARR__PORT: &port 8080
|
||||||
SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
SONARR__LOG_LEVEL: info
|
SONARR__LOG_LEVEL: info
|
||||||
SONARR__THEME: dark
|
SONARR__THEME: dark
|
||||||
envFrom: *envFrom
|
envFrom: *envFrom
|
||||||
@@ -99,7 +99,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:television-classic
|
hajimari.io/icon: mdi:television-classic
|
||||||
|
|||||||
@@ -110,7 +110,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:chef-hat
|
hajimari.io/icon: mdi:chef-hat
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -96,12 +96,12 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: material-symbols:switch-video-outline
|
hajimari.io/icon: material-symbols:switch-video-outline
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -94,7 +94,7 @@ spec:
|
|||||||
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
||||||
hajimari.io/icon: mdi:lan
|
hajimari.io/icon: mdi:lan
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -49,7 +49,7 @@ spec:
|
|||||||
DATA_FOLDER: data
|
DATA_FOLDER: data
|
||||||
ICON_CACHE_FOLDER: data/icon_cache
|
ICON_CACHE_FOLDER: data/icon_cache
|
||||||
ATTACHMENTS_FOLDER: data/attachments
|
ATTACHMENTS_FOLDER: data/attachments
|
||||||
DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}"
|
DOMAIN: "https://vaultwarden.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
TZ: "${TIMEZONE}"
|
TZ: "${TIMEZONE}"
|
||||||
SIGNUPS_ALLOWED: "false"
|
SIGNUPS_ALLOWED: "false"
|
||||||
WEBSOCKET_ENABLED: "true"
|
WEBSOCKET_ENABLED: "true"
|
||||||
@@ -82,7 +82,7 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:lock
|
hajimari.io/icon: mdi:lock
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -80,7 +80,7 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:format-list-checks
|
hajimari.io/icon: mdi:format-list-checks
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ spec:
|
|||||||
envFrom: *envFrom
|
envFrom: *envFrom
|
||||||
env: &env
|
env: &env
|
||||||
SYMFONY__ENV__DATABASE_DRIVER: pdo_pgsql
|
SYMFONY__ENV__DATABASE_DRIVER: pdo_pgsql
|
||||||
SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${SECRET_CLUSTER_DOMAIN}
|
SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${SECRET_EXTERNAL_DOMAIN}
|
||||||
SYMFONY__ENV__FOSUSER_REGISTRATION: "true"
|
SYMFONY__ENV__FOSUSER_REGISTRATION: "true"
|
||||||
SYMFONY__ENV__FOSUSER_CONFIRMATION: "true"
|
SYMFONY__ENV__FOSUSER_CONFIRMATION: "true"
|
||||||
SYMFONY__ENV__FROM_EMAIL: wallabag@${SECRET_DOMAIN}
|
SYMFONY__ENV__FROM_EMAIL: wallabag@${SECRET_DOMAIN}
|
||||||
@@ -93,7 +93,7 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:newspaper-variant
|
hajimari.io/icon: mdi:newspaper-variant
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -39,10 +39,10 @@ spec:
|
|||||||
repository: docker.io/benbusby/whoogle-search
|
repository: docker.io/benbusby/whoogle-search
|
||||||
tag: 0.8.4
|
tag: 0.8.4
|
||||||
env:
|
env:
|
||||||
# WHOOGLE_ALT_TW: nitter.${SECRET_CLUSTER_DOMAIN}
|
# WHOOGLE_ALT_TW: nitter.${SECRET_EXTERNAL_DOMAIN}
|
||||||
WHOOGLE_ALT_YT: invidious.${SECRET_CLUSTER_DOMAIN}
|
WHOOGLE_ALT_YT: invidious.${SECRET_EXTERNAL_DOMAIN}
|
||||||
WHOOGLE_ALT_IG: imginn.com
|
WHOOGLE_ALT_IG: imginn.com
|
||||||
WHOOGLE_ALT_RD: libreddit.${SECRET_CLUSTER_DOMAIN}
|
WHOOGLE_ALT_RD: libreddit.${SECRET_EXTERNAL_DOMAIN}
|
||||||
# WHOOGLE_ALT_MD: scripe.rip
|
# WHOOGLE_ALT_MD: scripe.rip
|
||||||
WHOOGLE_ALT_TL: farside.link/lingva
|
WHOOGLE_ALT_TL: farside.link/lingva
|
||||||
WHOOGLE_ALT_IMG: bibliogram.art
|
WHOOGLE_ALT_IMG: bibliogram.art
|
||||||
@@ -51,7 +51,7 @@ spec:
|
|||||||
WHOOGLE_CONFIG_COUNTRY: FR
|
WHOOGLE_CONFIG_COUNTRY: FR
|
||||||
# WHOOGLE_CONFIG_GET_ONLY: 1
|
# WHOOGLE_CONFIG_GET_ONLY: 1
|
||||||
WHOOGLE_CONFIG_THEME: dark
|
WHOOGLE_CONFIG_THEME: dark
|
||||||
WHOOGLE_CONFIG_URL: https://whoogle.${SECRET_CLUSTER_DOMAIN}/
|
WHOOGLE_CONFIG_URL: https://whoogle.${SECRET_EXTERNAL_DOMAIN}/
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 10m
|
cpu: 10m
|
||||||
@@ -71,14 +71,14 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:google
|
hajimari.io/icon: mdi:google
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -60,7 +60,7 @@ spec:
|
|||||||
ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: "true"
|
ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: "true"
|
||||||
ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: "true"
|
ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: "true"
|
||||||
ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: 8080
|
ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: 8080
|
||||||
ZIGBEE2MQTT_CONFIG_FRONTEND_URL: "https://zigbee.${SECRET_CLUSTER_DOMAIN}"
|
ZIGBEE2MQTT_CONFIG_FRONTEND_URL: "https://zigbee.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
ZIGBEE2MQTT_CONFIG_HOMEASSISTANT: "true"
|
ZIGBEE2MQTT_CONFIG_HOMEASSISTANT: "true"
|
||||||
ZIGBEE2MQTT_CONFIG_MQTT_INCLUDE_DEVICE_INFORMATION: "true"
|
ZIGBEE2MQTT_CONFIG_MQTT_INCLUDE_DEVICE_INFORMATION: "true"
|
||||||
ZIGBEE2MQTT_CONFIG_MQTT_KEEPALIVE: 60
|
ZIGBEE2MQTT_CONFIG_MQTT_KEEPALIVE: 60
|
||||||
@@ -102,12 +102,12 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:zigbee
|
hajimari.io/icon: mdi:zigbee
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "zigbee.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "zigbee.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -90,12 +90,12 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:z-wave
|
hajimari.io/icon: mdi:z-wave
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "zwave.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "zwave.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
rules:
|
rules:
|
||||||
- host: "flux-webhook.${SECRET_CLUSTER_DOMAIN}"
|
- host: "flux-webhook.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /hook/
|
- path: /hook/
|
||||||
@@ -23,4 +23,4 @@ spec:
|
|||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "flux-webhook.${SECRET_CLUSTER_DOMAIN}"
|
- "flux-webhook.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:sync
|
hajimari.io/icon: mdi:sync
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
@@ -71,4 +71,3 @@ spec:
|
|||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
hosts:
|
hosts:
|
||||||
- &host "cilium.${SECRET_CLUSTER_DOMAIN}"
|
- &host "cilium.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
@@ -111,7 +111,7 @@ spec:
|
|||||||
ingressController:
|
ingressController:
|
||||||
enabled: false
|
enabled: false
|
||||||
defaultSecretNamespace: networking
|
defaultSecretNamespace: networking
|
||||||
defaultSecretName: ${SECRET_CLUSTER_DOMAIN//./-}-tls
|
defaultSecretName: ${SECRET_EXTERNAL_DOMAIN//./-}-tls
|
||||||
loadbalancerMode: shared
|
loadbalancerMode: shared
|
||||||
service:
|
service:
|
||||||
loadBalancerIP: 192.168.169.115
|
loadBalancerIP: 192.168.169.115
|
||||||
|
|||||||
@@ -124,7 +124,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/enable: "false"
|
hajimari.io/enable: "false"
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ connectivity:
|
|||||||
endpoints:
|
endpoints:
|
||||||
- name: status
|
- name: status
|
||||||
group: external
|
group: external
|
||||||
url: https://status.${SECRET_CLUSTER_DOMAIN}
|
url: https://status.${SECRET_EXTERNAL_DOMAIN}
|
||||||
interval: 1m
|
interval: 1m
|
||||||
client:
|
client:
|
||||||
dns-resolver: tcp://192.168.8.1:53
|
dns-resolver: tcp://192.168.8.1:53
|
||||||
|
|||||||
@@ -67,7 +67,7 @@ spec:
|
|||||||
TZ: ${TIMEZONE}
|
TZ: ${TIMEZONE}
|
||||||
GATUS_CONFIG_PATH: /config
|
GATUS_CONFIG_PATH: /config
|
||||||
CUSTOM_WEB_PORT: &port 8080
|
CUSTOM_WEB_PORT: &port 8080
|
||||||
SECRET_CLUSTER_DOMAIN: ${SECRET_CLUSTER_DOMAIN}
|
SECRET_EXTERNAL_DOMAIN: ${SECRET_EXTERNAL_DOMAIN}
|
||||||
envFrom: *envFrom
|
envFrom: *envFrom
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
@@ -110,7 +110,7 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:list-status
|
hajimari.io/icon: mdi:list-status
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "status.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "status.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -29,10 +29,10 @@ spec:
|
|||||||
rbac:
|
rbac:
|
||||||
pspEnabled: false
|
pspEnabled: false
|
||||||
env:
|
env:
|
||||||
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo
|
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/userinfo
|
||||||
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization
|
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/authorization
|
||||||
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
|
||||||
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token
|
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/token
|
||||||
GF_DATE_FORMATS_USE_BROWSER_LOCALE: true
|
GF_DATE_FORMATS_USE_BROWSER_LOCALE: true
|
||||||
GF_EXPLORE_ENABLED: true
|
GF_EXPLORE_ENABLED: true
|
||||||
GF_PANELS_DISABLE_SANITIZE_HTML: true
|
GF_PANELS_DISABLE_SANITIZE_HTML: true
|
||||||
@@ -41,7 +41,7 @@ spec:
|
|||||||
GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss"
|
GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss"
|
||||||
GF_SECURITY_ALLOW_EMBEDDING: true
|
GF_SECURITY_ALLOW_EMBEDDING: true
|
||||||
GF_SECURITY_COOKIE_SAMESITE: grafana
|
GF_SECURITY_COOKIE_SAMESITE: grafana
|
||||||
GF_SERVER_ROOT_URL: https://grafana.${SECRET_CLUSTER_DOMAIN}
|
GF_SERVER_ROOT_URL: https://grafana.${SECRET_EXTERNAL_DOMAIN}
|
||||||
envFromSecrets:
|
envFromSecrets:
|
||||||
- name: grafana-secret
|
- name: grafana-secret
|
||||||
grafana.ini:
|
grafana.ini:
|
||||||
@@ -50,7 +50,7 @@ spec:
|
|||||||
check_for_plugin_updates: false
|
check_for_plugin_updates: false
|
||||||
reporting_enabled: false
|
reporting_enabled: false
|
||||||
auth:
|
auth:
|
||||||
signout_redirect_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/logout"
|
signout_redirect_url: "https://auth.${SECRET_EXTERNAL_DOMAIN}/logout"
|
||||||
oauth_auto_login: true
|
oauth_auto_login: true
|
||||||
oauth_allow_insecure_email_lookup: true
|
oauth_allow_insecure_email_lookup: true
|
||||||
auth.generic_oauth:
|
auth.generic_oauth:
|
||||||
@@ -369,7 +369,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: simple-icons:grafana
|
hajimari.io/icon: simple-icons:grafana
|
||||||
hosts:
|
hosts:
|
||||||
- &host "grafana.${SECRET_CLUSTER_DOMAIN}"
|
- &host "grafana.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
|||||||
@@ -124,15 +124,15 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
nginx.ingress.kubernetes.io/auth-method: GET
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/appName: "Prometheus"
|
hajimari.io/appName: "Prometheus"
|
||||||
hajimari.io/icon: simple-icons:prometheus
|
hajimari.io/icon: simple-icons:prometheus
|
||||||
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
|
hosts: ["prometheus.${SECRET_EXTERNAL_DOMAIN}"]
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "prometheus.${SECRET_CLUSTER_DOMAIN}"
|
- "prometheus.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
prometheusSpec:
|
prometheusSpec:
|
||||||
podMetadata:
|
podMetadata:
|
||||||
annotations:
|
annotations:
|
||||||
@@ -242,15 +242,15 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/appName: "Alert Manager"
|
hajimari.io/appName: "Alert Manager"
|
||||||
hajimari.io/icon: mdi:alert-decagram-outline
|
hajimari.io/icon: mdi:alert-decagram-outline
|
||||||
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
|
hosts: ["alert-manager.${SECRET_EXTERNAL_DOMAIN}"]
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "alert-manager.${SECRET_CLUSTER_DOMAIN}"
|
- "alert-manager.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
prometheus:
|
prometheus:
|
||||||
monitor:
|
monitor:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -63,7 +63,7 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
hajimari.io/icon: mdi:harddiskstatus
|
hajimari.io/icon: mdi:harddiskstatus
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -75,7 +75,7 @@ spec:
|
|||||||
size: 10Gi
|
size: 10Gi
|
||||||
query:
|
query:
|
||||||
replicas: 3
|
replicas: 3
|
||||||
extraArgs: ["--alert.query-url=https://thanos.${SECRET_CLUSTER_DOMAIN}"]
|
extraArgs: ["--alert.query-url=https://thanos.${SECRET_EXTERNAL_DOMAIN}"]
|
||||||
# additionalStores: ["thanos.turbo.ac:10901"]
|
# additionalStores: ["thanos.turbo.ac:10901"]
|
||||||
queryFrontend:
|
queryFrontend:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -91,7 +91,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
hosts:
|
hosts:
|
||||||
- thanos.${SECRET_CLUSTER_DOMAIN}
|
- thanos.${SECRET_EXTERNAL_DOMAIN}
|
||||||
podAnnotations: &podAnnotations
|
podAnnotations: &podAnnotations
|
||||||
configmap.reloader.stakater.com/reload: *configMap
|
configmap.reloader.stakater.com/reload: *configMap
|
||||||
rule:
|
rule:
|
||||||
|
|||||||
@@ -27,6 +27,8 @@ spec:
|
|||||||
uninstall:
|
uninstall:
|
||||||
keepHistory: false
|
keepHistory: false
|
||||||
values:
|
values:
|
||||||
|
podAnnotations:
|
||||||
|
reloader.stakater.com/auto: "true"
|
||||||
interval: 2m
|
interval: 2m
|
||||||
logLevel: debug
|
logLevel: debug
|
||||||
provider: ovh
|
provider: ovh
|
||||||
@@ -51,7 +53,7 @@ spec:
|
|||||||
policy: sync
|
policy: sync
|
||||||
sources:
|
sources:
|
||||||
- ingress
|
- ingress
|
||||||
txtOwnerId: "default"
|
txtOwnerId: default
|
||||||
domainFilters:
|
domainFilters:
|
||||||
- "${SECRET_DOMAIN}"
|
- "${SECRET_DOMAIN}"
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
|
|||||||
@@ -67,7 +67,7 @@ spec:
|
|||||||
any: true
|
any: true
|
||||||
extraArgs:
|
extraArgs:
|
||||||
default-ssl-certificate: |-
|
default-ssl-certificate: |-
|
||||||
networking/${SECRET_CLUSTER_DOMAIN//./-}-tls
|
networking/${SECRET_EXTERNAL_DOMAIN//./-}-tls
|
||||||
topologySpreadConstraints:
|
topologySpreadConstraints:
|
||||||
- maxSkew: 1
|
- maxSkew: 1
|
||||||
topologyKey: kubernetes.io/hostname
|
topologyKey: kubernetes.io/hostname
|
||||||
|
|||||||
@@ -2,14 +2,14 @@
|
|||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: Certificate
|
kind: Certificate
|
||||||
metadata:
|
metadata:
|
||||||
name: ${SECRET_CLUSTER_DOMAIN//./-}
|
name: ${SECRET_EXTERNAL_DOMAIN//./-}
|
||||||
namespace: networking
|
namespace: networking
|
||||||
spec:
|
spec:
|
||||||
secretName: ${SECRET_CLUSTER_DOMAIN//./-}-tls
|
secretName: ${SECRET_EXTERNAL_DOMAIN//./-}-tls
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: letsencrypt-production
|
name: letsencrypt-production
|
||||||
kind: ClusterIssuer
|
kind: ClusterIssuer
|
||||||
commonName: "${SECRET_CLUSTER_DOMAIN}"
|
commonName: "${SECRET_EXTERNAL_DOMAIN}"
|
||||||
dnsNames:
|
dnsNames:
|
||||||
- ${SECRET_CLUSTER_DOMAIN}
|
- ${SECRET_EXTERNAL_DOMAIN}
|
||||||
- "*.${SECRET_CLUSTER_DOMAIN}"
|
- "*.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
|
|||||||
@@ -5,12 +5,7 @@
|
|||||||
lameduck 5s
|
lameduck 5s
|
||||||
}
|
}
|
||||||
ready
|
ready
|
||||||
k8s_gateway ${SECRET_CLUSTER_DOMAIN} {
|
k8s_gateway ${SECRET_EXTERNAL_DOMAIN} {
|
||||||
apex k8s-gateway.network
|
|
||||||
resources Ingress Service
|
|
||||||
ttl 300
|
|
||||||
}
|
|
||||||
k8s_gateway ${SECRET_DOMAIN} {
|
|
||||||
apex k8s-gateway.network
|
apex k8s-gateway.network
|
||||||
resources Ingress Service
|
resources Ingress Service
|
||||||
ttl 300
|
ttl 300
|
||||||
|
|||||||
@@ -55,7 +55,7 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -55,7 +55,7 @@ spec:
|
|||||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
|
|||||||
@@ -37,11 +37,11 @@ spec:
|
|||||||
hajimari.io/appName: Rook
|
hajimari.io/appName: Rook
|
||||||
hajimari.io/icon: mdi:chess-rook
|
hajimari.io/icon: mdi:chess-rook
|
||||||
host:
|
host:
|
||||||
name: "rook.${SECRET_CLUSTER_DOMAIN}"
|
name: "rook.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
path: /
|
path: /
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "rook.${SECRET_CLUSTER_DOMAIN}"
|
- "rook.${SECRET_EXTERNAL_DOMAIN}"
|
||||||
configOverride: |
|
configOverride: |
|
||||||
[global]
|
[global]
|
||||||
bdev_enable_discard = true
|
bdev_enable_discard = true
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/gitrepository_v1beta2.json
|
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
metadata:
|
metadata:
|
||||||
|
|||||||
@@ -5,12 +5,11 @@ metadata:
|
|||||||
name: cluster-secrets
|
name: cluster-secrets
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
stringData:
|
stringData:
|
||||||
SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:hWobTs6NA15tpKWe5gOijZQ/g04=,iv:+AHLg4o03aoZYQtamlfKnZXVlwy36+8NrwLhnL1ayHo=,tag:0vGWliDmkhsevARDdJzZ+g==,type:str]
|
SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:8HotHVJva77fd9S+j2BB,iv:fqCDD0NuK9ySCsGGT3G4QsfViM2L9oPp9ZLgwXf0tLI=,tag:rX1quD8RTjvzV75fmwmC6w==,type:str]
|
||||||
SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str]
|
SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str]
|
||||||
SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str]
|
SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str]
|
||||||
SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:Brd9H7gizPxew+4=,iv:YaIxv9TFF0mAks9gJXwXA1N7b8k5mcSJ6hs9lpaUV/M=,tag:8xdRoWun3IUVywagpsrsBw==,type:str]
|
SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:Brd9H7gizPxew+4=,iv:YaIxv9TFF0mAks9gJXwXA1N7b8k5mcSJ6hs9lpaUV/M=,tag:8xdRoWun3IUVywagpsrsBw==,type:str]
|
||||||
SECRET_INTERNAL_DOMAIN: ENC[AES256_GCM,data:WLuQAi9JsUsD5Q==,iv:Zc+5/rQONxepZFVC/ia01aBdlVyG99thOeIipeAVS3E=,tag:FwwjDKoUMfZ/taFPRRThOQ==,type:str]
|
SECRET_INTERNAL_DOMAIN: ENC[AES256_GCM,data:WLuQAi9JsUsD5Q==,iv:Zc+5/rQONxepZFVC/ia01aBdlVyG99thOeIipeAVS3E=,tag:FwwjDKoUMfZ/taFPRRThOQ==,type:str]
|
||||||
SECRET_CLUSTER_DOMAIN: ENC[AES256_GCM,data:Go+HZnPQCW5GKPqRB0MnmQ==,iv:bUGmzu42TVxhF94pGZuEi++A5a72wgGmWbOjmgau6Cg=,tag:eUIyZ/wcsOXYamTgiQYMjA==,type:str]
|
|
||||||
SECRET_CROWDSEC_NGINX_BOUNCER_API_KEY: ENC[AES256_GCM,data:ecukkFOK40WWIxJ48sXrxJUBaHx2BnzqxkIT+cXYZg4=,iv:y6AfslVPufBfrIL3GQqTw0cDAan64mB9J7RY9OzKQqw=,tag:+V4Rgz26wey2UtA32S0PJQ==,type:str]
|
SECRET_CROWDSEC_NGINX_BOUNCER_API_KEY: ENC[AES256_GCM,data:ecukkFOK40WWIxJ48sXrxJUBaHx2BnzqxkIT+cXYZg4=,iv:y6AfslVPufBfrIL3GQqTw0cDAan64mB9J7RY9OzKQqw=,tag:+V4Rgz26wey2UtA32S0PJQ==,type:str]
|
||||||
SECRET_KOMF_MAL_CLIENT_ID: ENC[AES256_GCM,data:HuKHFrICgCj6nbcbix8u7qGeggFmmKht7Elk9dINZtE=,iv:c3mqFdFkIO9dctZ3ooPh4ajOZaY0ZudEeNWbG+lryPI=,tag:jWG2+pgkAf/XUgJyUvdrNg==,type:str]
|
SECRET_KOMF_MAL_CLIENT_ID: ENC[AES256_GCM,data:HuKHFrICgCj6nbcbix8u7qGeggFmmKht7Elk9dINZtE=,iv:c3mqFdFkIO9dctZ3ooPh4ajOZaY0ZudEeNWbG+lryPI=,tag:jWG2+pgkAf/XUgJyUvdrNg==,type:str]
|
||||||
SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str]
|
SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str]
|
||||||
@@ -36,8 +35,8 @@ sops:
|
|||||||
WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
|
WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
|
||||||
pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
|
pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-05-13T19:25:25Z"
|
lastmodified: "2024-06-16T22:10:15Z"
|
||||||
mac: ENC[AES256_GCM,data:II+IEFKhi740xrv8uA8Gu0F39X+KGRlT+0egVrnNkvfLNeSV85YAB+F/PXo4MmfdeK9b/EN0C6z2Wms6NOpUQ76g8E/xJ7GG6OqIhQM5Q+jqahD2PZMYgo62Efwq17zzUz2WqUbt6eM5H03dhRv/Da+WUtdijv2d7cMnTxEpqh8=,iv:kRY9Fhh+upvyexhxJjmy2PJvvwEtAO58JQHblXF/4Jw=,tag:boWsM6Ii4rPo+i0sXabWdA==,type:str]
|
mac: ENC[AES256_GCM,data:E/7/eH1+c3FL3i3JGq9M5WzW504RdyJiMAaKIeQ35lz9I6k10ohZd4z9sVeRfshveKLKZ5Kk6vzzjHNdjjFO0W0SqM8ix2JB+3+KiUBL/KteTDxcfUZ3SjiL42YB86uwI+msrCekXrHpsSY/dtBgmNyItuVZdvMWDjJBZ9cM8P8=,iv:eJIUMdqx8pr82goXGaoNHZgWIjUZ0nU0QfJAsP1Kk94=,tag:wEPUgxfQXE5qoxAFi3dsfw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData)$
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ data:
|
|||||||
endpoints:
|
endpoints:
|
||||||
- name: "${APP}"
|
- name: "${APP}"
|
||||||
group: external
|
group: external
|
||||||
url: "https://${GATUS_SUBDOMAIN:-${APP}}.${SECRET_CLUSTER_DOMAIN}${GATUS_PATH:-/}"
|
url: "https://${GATUS_SUBDOMAIN:-${APP}}.${SECRET_EXTERNAL_DOMAIN}${GATUS_PATH:-/}"
|
||||||
interval: 1m
|
interval: 1m
|
||||||
client:
|
client:
|
||||||
dns-resolver: tcp://192.168.8.1:53
|
dns-resolver: tcp://192.168.8.1:53
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ data:
|
|||||||
endpoints:
|
endpoints:
|
||||||
- name: "${APP}"
|
- name: "${APP}"
|
||||||
group: guarded
|
group: guarded
|
||||||
url: "https://${GATUS_SUBDOMAIN:-${APP}}.${GATUS_DOMAIN:-${SECRET_CLUSTER_DOMAIN}}${GATUS_PATH:-/}"
|
url: "https://${GATUS_SUBDOMAIN:-${APP}}.${GATUS_DOMAIN:-${SECRET_EXTERNAL_DOMAIN}}${GATUS_PATH:-/}"
|
||||||
interval: 1m
|
interval: 1m
|
||||||
ui:
|
ui:
|
||||||
hide-hostname: true
|
hide-hostname: true
|
||||||
|
|||||||
Reference in New Issue
Block a user