mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
feat: change cluster url
This commit is contained in:
auricom
@@ -1,5 +1,5 @@
|
||||
kind: Secret
|
||||
secret_cluster_domain: ENC[AES256_GCM,data:V+KhvpQZ0bxjMDNZq4vYXg==,iv:WP0hlWvDEL0fu1aFR0UQW31nQKWxkkfgoXbfdV4WZ9w=,tag:e3Ky3kenlL71zyQBOXclsQ==,type:str]
|
||||
SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:V+KhvpQZ0bxjMDNZq4vYXg==,iv:WP0hlWvDEL0fu1aFR0UQW31nQKWxkkfgoXbfdV4WZ9w=,tag:e3Ky3kenlL71zyQBOXclsQ==,type:str]
|
||||
secret_domain: ENC[AES256_GCM,data:SjdnR9pDjveodvo=,iv:GKvdD7c3bmaQN+CAYoKwAy78em9vYljGyl6VfGmJk9E=,tag:hz92J7d1NokEeyB6vxr3Uw==,type:str]
|
||||
public_ssh_keys:
|
||||
- ENC[AES256_GCM,data:/J9ejzvJHV5wdz9Dj0jUmAaVtIkgVpEoIRJocNGhszY2bmu5mruwWSz6E+XkcAGE0zQMo/9N8imIZoXfq0UQSyfCCitrA09x1z0Hf0s3iSA=,iv:jzA3bIQw+pL4tjNASNMwMcdHW+vSxgVo4Czo/ja0AO8=,tag:iTEDjARfH96oXATQu8VR8Q==,type:str]
|
||||
|
||||
@@ -7,4 +7,4 @@
|
||||
BIN_PATH="{{ scrutiny_dir }}/{{ scrutiny_bin }}"
|
||||
HOSTNAME=$(hostname)
|
||||
|
||||
$BIN_PATH run --host-id=${HOSTNAME} --api-endpoint=https://scrutiny.{{ secret_cluster_domain }}
|
||||
$BIN_PATH run --host-id=${HOSTNAME} --api-endpoint=https://scrutiny.{{ SECRET_EXTERNAL_DOMAIN }}
|
||||
|
||||
@@ -32,11 +32,9 @@ spec:
|
||||
installCRDs: true
|
||||
webhook:
|
||||
enabled: true
|
||||
extraArgs:
|
||||
- --dns01-recursive-nameservers=ns15.ovh.net:53,dns15.ovh.net:53
|
||||
- --dns01-recursive-nameservers-only
|
||||
cainjector:
|
||||
replicaCount: 1
|
||||
enableCertificateOwnerRef: true
|
||||
dns01RecursiveNameservers: 8.8.8.8:53,1.1.1.1:53
|
||||
dns01RecursiveNameserversOnly: true
|
||||
prometheus:
|
||||
enabled: true
|
||||
servicemonitor:
|
||||
|
||||
@@ -27,6 +27,8 @@ spec:
|
||||
uninstall:
|
||||
keepHistory: false
|
||||
values:
|
||||
podAnnotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
groupName: "${SECRET_DOMAIN}"
|
||||
certManager:
|
||||
namespace: cert-manager
|
||||
@@ -36,7 +38,7 @@ spec:
|
||||
create: true
|
||||
kind: ClusterIssuer
|
||||
acmeServerUrl: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
|
||||
email: "${SECRET_EXTERNAL_DOMAIN_EMAIL}"
|
||||
ovhEndpointName: ovh-eu
|
||||
ovhAuthenticationRef:
|
||||
applicationKeyRef:
|
||||
@@ -52,7 +54,7 @@ spec:
|
||||
create: true
|
||||
kind: ClusterIssuer
|
||||
acmeServerUrl: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: "${SECRET_CLUSTER_DOMAIN_EMAIL}"
|
||||
email: "${SECRET_EXTERNAL_DOMAIN_EMAIL}"
|
||||
ovhEndpointName: ovh-eu
|
||||
ovhAuthenticationRef:
|
||||
applicationKeyRef:
|
||||
|
||||
@@ -108,7 +108,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:powershell
|
||||
hosts:
|
||||
- host: &host "sh.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "sh.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -29,9 +29,9 @@ session:
|
||||
remember_me: 1M
|
||||
cookies:
|
||||
- name: authelia_session
|
||||
domain: ${SECRET_CLUSTER_DOMAIN}
|
||||
authelia_url: https://auth.${SECRET_CLUSTER_DOMAIN}
|
||||
default_redirection_url: https://${SECRET_CLUSTER_DOMAIN}
|
||||
domain: ${SECRET_EXTERNAL_DOMAIN}
|
||||
authelia_url: https://auth.${SECRET_EXTERNAL_DOMAIN}
|
||||
default_redirection_url: https://${SECRET_EXTERNAL_DOMAIN}
|
||||
redis:
|
||||
host: dragonfly.database.svc.cluster.local.
|
||||
port: 6379
|
||||
@@ -58,17 +58,17 @@ access_control:
|
||||
rules:
|
||||
# bypass Authelia WAN + LAN
|
||||
- domain:
|
||||
- auth.${SECRET_CLUSTER_DOMAIN}
|
||||
- auth.${SECRET_EXTERNAL_DOMAIN}
|
||||
policy: bypass
|
||||
# One factor auth for LAN
|
||||
- domain:
|
||||
- "*.${SECRET_CLUSTER_DOMAIN}"
|
||||
- "*.${SECRET_EXTERNAL_DOMAIN}"
|
||||
policy: one_factor
|
||||
subject: [group:admins, group:users]
|
||||
networks:
|
||||
- private
|
||||
# Deny public resources
|
||||
- domain: ["navidrome.${SECRET_CLUSTER_DOMAIN}"]
|
||||
- domain: ["navidrome.${SECRET_EXTERNAL_DOMAIN}"]
|
||||
resources: [^/metrics.*$]
|
||||
policy: deny
|
||||
|
||||
@@ -83,7 +83,7 @@ identity_providers:
|
||||
client_secret: "$${FRESHRSS_OAUTH_DIGEST}"
|
||||
public: false
|
||||
authorization_policy: two_factor
|
||||
redirect_uris: ["https://freshrss.${SECRET_CLUSTER_DOMAIN}:443/i/oidc/"]
|
||||
redirect_uris: ["https://freshrss.${SECRET_EXTERNAL_DOMAIN}:443/i/oidc/"]
|
||||
scopes: [openid, profile, groups, email]
|
||||
userinfo_signed_response_alg: none
|
||||
token_endpoint_auth_method: client_secret_basic
|
||||
@@ -94,7 +94,7 @@ identity_providers:
|
||||
authorization_policy: two_factor
|
||||
pre_configured_consent_duration: 1y
|
||||
scopes: [openid, profile, groups, email]
|
||||
redirect_uris: ["https://grafana.${SECRET_CLUSTER_DOMAIN}/login/generic_oauth"]
|
||||
redirect_uris: ["https://grafana.${SECRET_EXTERNAL_DOMAIN}/login/generic_oauth"]
|
||||
userinfo_signed_response_alg: none
|
||||
- client_id: outline
|
||||
client_name: Outline
|
||||
@@ -104,7 +104,7 @@ identity_providers:
|
||||
pre_configured_consent_duration: 1y
|
||||
scopes: [openid, profile, email, offline_access]
|
||||
response_types: code
|
||||
redirect_uris: ["https://docs.${SECRET_CLUSTER_DOMAIN}/auth/oidc.callback"]
|
||||
redirect_uris: ["https://docs.${SECRET_EXTERNAL_DOMAIN}/auth/oidc.callback"]
|
||||
userinfo_signed_response_alg: none
|
||||
token_endpoint_auth_method: client_secret_basic
|
||||
- client_name: jellyfin
|
||||
@@ -116,6 +116,6 @@ identity_providers:
|
||||
pkce_challenge_method: S256
|
||||
pre_configured_consent_duration: 1y
|
||||
scopes: [openid, profile, groups]
|
||||
redirect_uris: [ "https://jellyfin.${SECRET_CLUSTER_DOMAIN}/sso/OID/redirect/authelia"]
|
||||
redirect_uris: [ "https://jellyfin.${SECRET_EXTERNAL_DOMAIN}/sso/OID/redirect/authelia"]
|
||||
userinfo_signed_response_alg: none
|
||||
token_endpoint_auth_method: client_secret_post
|
||||
|
||||
@@ -131,7 +131,7 @@ spec:
|
||||
gethomepage.dev/name: Authelia
|
||||
gethomepage.dev/icon: authelia.png
|
||||
hosts:
|
||||
- host: &host auth.${SECRET_CLUSTER_DOMAIN}
|
||||
- host: &host auth.${SECRET_EXTERNAL_DOMAIN}
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -105,7 +105,7 @@ spec:
|
||||
gethomepage.dev/name: Babybuddy
|
||||
gethomepage.dev/icon: babybuddy.png
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
|
||||
@@ -88,7 +88,7 @@ spec:
|
||||
annotations:
|
||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:subtitles-outline
|
||||
@@ -98,7 +98,7 @@ spec:
|
||||
gethomepage.dev/icon: bazarr.png
|
||||
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -58,7 +58,7 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:bookshelf
|
||||
@@ -67,7 +67,7 @@ spec:
|
||||
gethomepage.dev/name: Calibre
|
||||
gethomepage.dev/icon: calibre.png
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -53,7 +53,7 @@ spec:
|
||||
path: /
|
||||
pathType: Prefix
|
||||
hosts:
|
||||
- &host "emqx.${SECRET_CLUSTER_DOMAIN}"
|
||||
- &host "emqx.${SECRET_EXTERNAL_DOMAIN}"
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
@@ -69,7 +69,7 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:download
|
||||
@@ -78,7 +78,7 @@ spec:
|
||||
gethomepage.dev/name: qBittorrent
|
||||
gethomepage.dev/icon: qbittorrent.png
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -48,9 +48,9 @@ spec:
|
||||
env:
|
||||
TZ: ${TIMEZONE}
|
||||
CRON_MIN: 18,48
|
||||
DOMAIN: "https://freshrss.${SECRET_CLUSTER_DOMAIN}/"
|
||||
DOMAIN: "https://freshrss.${SECRET_EXTERNAL_DOMAIN}/"
|
||||
OIDC_ENABLED: 1
|
||||
OIDC_PROVIDER_METADATA_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/.well-known/openid-configuration
|
||||
OIDC_PROVIDER_METADATA_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/.well-known/openid-configuration
|
||||
OIDC_CLIENT_ID: freshrss
|
||||
OIDC_REMOTE_USER_CLAIM: preferred_username
|
||||
OIDC_SCOPES: openid groups email profile
|
||||
@@ -73,7 +73,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:rss
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -98,13 +98,13 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:cctv
|
||||
className: nginx
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -68,7 +68,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:cash-multiple
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -92,7 +92,7 @@ spec:
|
||||
hajimari.io/icon: "weather-sunset"
|
||||
hajimari.io/instance: "admin"
|
||||
hosts:
|
||||
- host: &host apps.${SECRET_CLUSTER_DOMAIN}
|
||||
- host: &host apps.${SECRET_EXTERNAL_DOMAIN}
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
|
||||
@@ -89,7 +89,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:home-assistant
|
||||
hosts:
|
||||
- host: &host "hass.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "hass.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -78,7 +78,7 @@ spec:
|
||||
enabled: true
|
||||
className: nginx
|
||||
hosts:
|
||||
- host: &host hass-code.${SECRET_CLUSTER_DOMAIN}
|
||||
- host: &host hass-code.${SECRET_EXTERNAL_DOMAIN}
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -63,7 +63,7 @@ spec:
|
||||
hajimari.io/icon: devices
|
||||
hajimari.io/targetBlank: "true"
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
- Home:
|
||||
- HomeAssistant:
|
||||
href: https://hass.${SECRET_CLUSTER_DOMAIN}
|
||||
href: https://hass.${SECRET_EXTERNAL_DOMAIN}
|
||||
icon: home-assistant.png
|
||||
description: Home Assistant
|
||||
widget:
|
||||
@@ -11,7 +11,7 @@
|
||||
- Media:
|
||||
- Jellyfin:
|
||||
icon: jellyfin.png
|
||||
href: https://jellyfin.${SECRET_CLUSTER_DOMAIN}
|
||||
href: https://jellyfin.${SECRET_EXTERNAL_DOMAIN}
|
||||
description: Media Server
|
||||
widget:
|
||||
type: jellyfin
|
||||
|
||||
@@ -69,7 +69,7 @@ spec:
|
||||
enabled: true
|
||||
className: nginx
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -19,7 +19,7 @@ spec:
|
||||
database_url: postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres16-rw.database.svc.cluster.local.:5432/invidious
|
||||
check_tables: true
|
||||
port: 3000
|
||||
domain: invidious.${SECRET_CLUSTER_DOMAIN}
|
||||
domain: invidious.${SECRET_EXTERNAL_DOMAIN}
|
||||
https_only: false
|
||||
hmac_key: {{ .HMAC_KEY }}
|
||||
# Postgres Init
|
||||
|
||||
@@ -64,7 +64,7 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||
@@ -72,7 +72,7 @@ spec:
|
||||
hajimari.io/icon: mdi:youtube
|
||||
hajimari.io/name: invidious
|
||||
hosts:
|
||||
- host: &host "invidious.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "invidious.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -114,7 +114,7 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: simple-icons:jellyfin
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -47,7 +47,7 @@ spec:
|
||||
repository: joplin/server
|
||||
tag: 2.14.2-beta@sha256:b87564ef34e9ed0513e9b925b617cb8a1371eddfc8476f1fbd3fa85341d51508
|
||||
env:
|
||||
APP_BASE_URL: https://joplin.${SECRET_CLUSTER_DOMAIN}
|
||||
APP_BASE_URL: https://joplin.${SECRET_EXTERNAL_DOMAIN}
|
||||
APP_PORT: &port 8080
|
||||
DB_CLIENT: pg
|
||||
MAILER_ENABLED: 1
|
||||
@@ -76,7 +76,7 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:text
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -57,7 +57,7 @@ spec:
|
||||
hajimari.io/icon: mdi:ideogram-cjk-variant
|
||||
className: nginx
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -83,12 +83,12 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:cash
|
||||
hosts:
|
||||
- host: &host "cash.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "cash.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -9,7 +9,7 @@ port = 7000
|
||||
#IP address. Enter 0.0.0.0 to listen on all availale addresses
|
||||
ip= "0.0.0.0"
|
||||
# enter your hostname, eg: example.com
|
||||
domain = "${SECRET_CLUSTER_DOMAIN}"
|
||||
domain = "${SECRET_EXTERNAL_DOMAIN}"
|
||||
allow_registration = false
|
||||
proxy_has_tls = false
|
||||
#workers = 2
|
||||
|
||||
@@ -55,14 +55,14 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:file-document-arrow-right-outline
|
||||
hosts:
|
||||
- host: &host "libmedium.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "libmedium.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -58,7 +58,7 @@ spec:
|
||||
LIDARR__INSTANCE_NAME: Lidarr
|
||||
LIDARR__PORT: &port 8080
|
||||
LIDARR__LOG_LEVEL: info
|
||||
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
PUSHOVER_PRIORITY: "0"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
@@ -82,7 +82,7 @@ spec:
|
||||
annotations:
|
||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:headphones
|
||||
|
||||
@@ -79,7 +79,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: link
|
||||
hosts:
|
||||
- host: &host "links.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "links.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -59,7 +59,7 @@ spec:
|
||||
env:
|
||||
TZ: ${TIMEZONE}
|
||||
LLDAP_HTTP_PORT: &port 8080
|
||||
LLDAP_HTTP_URL: https://lldap.${SECRET_CLUSTER_DOMAIN}
|
||||
LLDAP_HTTP_URL: https://lldap.${SECRET_EXTERNAL_DOMAIN}
|
||||
LLDAP_LDAP_PORT: &ldapPort 5389
|
||||
LLDAP_LDAP_BASE_DN: dc=home,dc=arpa
|
||||
envFrom: *envFrom
|
||||
@@ -85,7 +85,7 @@ spec:
|
||||
hajimari.io/icon: mdi:account-multiple
|
||||
className: nginx
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -73,7 +73,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:file-music
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -48,7 +48,7 @@ spec:
|
||||
env:
|
||||
TIMEZONE: ${TIMEZONE}
|
||||
APP_NAME: Lychee
|
||||
APP_URL: https://lychee.${SECRET_CLUSTER_DOMAIN}
|
||||
APP_URL: https://lychee.${SECRET_EXTERNAL_DOMAIN}
|
||||
DB_CONNECTION: pgsql
|
||||
PHP_TZ: ${TIMEZONE}
|
||||
REDIS_HOST: dragonfly.database.svc.cluster.local.
|
||||
@@ -74,7 +74,7 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:camera
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -74,7 +74,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/enable: "false"
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -71,14 +71,14 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:music
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -56,12 +56,12 @@ spec:
|
||||
AWS_S3_UPLOAD_BUCKET_URL: "https://s3.${SECRET_INTERNAL_DOMAIN}"
|
||||
ENABLE_UPDATES: "false"
|
||||
FILE_STORAGE_UPLOAD_MAX_SIZE: "26214400"
|
||||
OIDC_AUTH_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization"
|
||||
OIDC_AUTH_URI: "https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/authorization"
|
||||
OIDC_CLIENT_ID: outline
|
||||
OIDC_DISPLAY_NAME: Authelia
|
||||
OIDC_SCOPES: openid profile email offline_access
|
||||
OIDC_TOKEN_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token"
|
||||
OIDC_USERINFO_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo"
|
||||
OIDC_TOKEN_URI: "https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/token"
|
||||
OIDC_USERINFO_URI: "https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/userinfo"
|
||||
OIDC_USERNAME_CLAIM: email
|
||||
PORT: 8080
|
||||
REDIS_URL: redis://dragonfly.database.svc.cluster.local.:6379
|
||||
@@ -69,7 +69,7 @@ spec:
|
||||
SMTP_PORT: 2525
|
||||
SMTP_FROM_EMAIL: "outline@${SECRET_DOMAIN}"
|
||||
SMTP_SECURE: "false"
|
||||
URL: "https://docs.${SECRET_CLUSTER_DOMAIN}"
|
||||
URL: "https://docs.${SECRET_EXTERNAL_DOMAIN}"
|
||||
WEB_CONCURRENCY: 10
|
||||
command:
|
||||
[
|
||||
@@ -96,7 +96,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:text-box-multiple
|
||||
hosts:
|
||||
- host: &host "docs.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "docs.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -60,7 +60,7 @@ spec:
|
||||
PAPERLESS_REDIS: redis://dragonfly.database.svc.cluster.local.:6379
|
||||
PAPERLESS_TASK_WORKERS: 2
|
||||
PAPERLESS_TIME_ZONE: Europe/Paris
|
||||
PAPERLESS_URL: https://paperless.${SECRET_CLUSTER_DOMAIN}
|
||||
PAPERLESS_URL: https://paperless.${SECRET_EXTERNAL_DOMAIN}
|
||||
envFrom: *envFrom
|
||||
resources:
|
||||
requests:
|
||||
@@ -81,7 +81,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:barcode-scan
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -67,7 +67,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:database
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -43,7 +43,7 @@ spec:
|
||||
PHOTOPRISM_ORIGINALS_PATH: &originals /var/mnt/vol1/photo/Gallery
|
||||
PHOTOPRISM_DEBUG: "false"
|
||||
PHOTOPRISM_PUBLIC: "true"
|
||||
PHOTOPRISM_SITE_URL: "https://photos.${SECRET_CLUSTER_DOMAIN}/"
|
||||
PHOTOPRISM_SITE_URL: "https://photos.${SECRET_EXTERNAL_DOMAIN}/"
|
||||
PHOTOPRISM_ORIGINALS_LIMIT: 4000 # in MB (default 1000)
|
||||
envFrom:
|
||||
- secretRef:
|
||||
@@ -67,13 +67,13 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 4G
|
||||
hajimari.io/icon: arcticons:photoprism
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -72,12 +72,12 @@ spec:
|
||||
annotations:
|
||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:movie-search
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -76,7 +76,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:download
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -54,12 +54,12 @@ spec:
|
||||
tag: 5.6.0.8846@sha256:99c264af3f2d177e6674a9b304b64a35261202de30e54b35d5758d40edd94366
|
||||
env:
|
||||
TZ: "${TIMEZONE}"
|
||||
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
PUSHOVER_DEBUG: "false"
|
||||
PUSHOVER_PRIORITY: "0"
|
||||
RADARR__INSTANCE_NAME: Radarr
|
||||
RADARR__PORT: &port 8080
|
||||
RADARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
RADARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
RADARR__LOG_LEVEL: info
|
||||
RADARR__THEME: dark
|
||||
envFrom: *envFrom
|
||||
@@ -82,7 +82,7 @@ spec:
|
||||
annotations:
|
||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:filmstrip
|
||||
|
||||
@@ -67,14 +67,14 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:web
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -57,7 +57,7 @@ spec:
|
||||
sabnzbd.default.svc,
|
||||
sabnzbd.default.svc.cluster,
|
||||
sabnzbd.default.svc.cluster.local,
|
||||
sabnzbd.${SECRET_CLUSTER_DOMAIN}
|
||||
sabnzbd.${SECRET_EXTERNAL_DOMAIN}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: sabnzbd-secret
|
||||
@@ -95,12 +95,12 @@ spec:
|
||||
annotations:
|
||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:download
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
sharry.restserver {
|
||||
base-url = "https://sharry.${SECRET_CLUSTER_DOMAIN}"
|
||||
base-url = "https://sharry.${SECRET_EXTERNAL_DOMAIN}"
|
||||
bind {
|
||||
address = "0.0.0.0"
|
||||
port =9090
|
||||
|
||||
@@ -69,7 +69,7 @@ spec:
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
hajimari.io/icon: mdi:account-arrow-up
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -54,14 +54,14 @@ spec:
|
||||
tag: 4.0.5.1719@sha256:602af44d766a8c7c494d01fb79f6e7624aed58f0b86ffe10e1ecad280160a3df
|
||||
env:
|
||||
TZ: "${TIMEZONE}"
|
||||
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
PUSHOVER_DEBUG: "false"
|
||||
PUSHOVER_PRIORITY: "0"
|
||||
SONARR__AUTHENTICATION_METHOD: External
|
||||
SONARR__AUTHENTICATION_REQUIRED: DisabledForLocalAddresses
|
||||
SONARR__INSTANCE_NAME: Sonarr
|
||||
SONARR__PORT: &port 8080
|
||||
SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
SONARR__APPLICATION_URL: "https://{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
SONARR__LOG_LEVEL: info
|
||||
SONARR__THEME: dark
|
||||
envFrom: *envFrom
|
||||
@@ -99,7 +99,7 @@ spec:
|
||||
annotations:
|
||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:television-classic
|
||||
|
||||
@@ -110,7 +110,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:chef-hat
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -96,12 +96,12 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: material-symbols:switch-video-outline
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -94,7 +94,7 @@ spec:
|
||||
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
||||
hajimari.io/icon: mdi:lan
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -49,7 +49,7 @@ spec:
|
||||
DATA_FOLDER: data
|
||||
ICON_CACHE_FOLDER: data/icon_cache
|
||||
ATTACHMENTS_FOLDER: data/attachments
|
||||
DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}"
|
||||
DOMAIN: "https://vaultwarden.${SECRET_EXTERNAL_DOMAIN}"
|
||||
TZ: "${TIMEZONE}"
|
||||
SIGNUPS_ALLOWED: "false"
|
||||
WEBSOCKET_ENABLED: "true"
|
||||
@@ -82,7 +82,7 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:lock
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -80,7 +80,7 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:format-list-checks
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -52,7 +52,7 @@ spec:
|
||||
envFrom: *envFrom
|
||||
env: &env
|
||||
SYMFONY__ENV__DATABASE_DRIVER: pdo_pgsql
|
||||
SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${SECRET_CLUSTER_DOMAIN}
|
||||
SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${SECRET_EXTERNAL_DOMAIN}
|
||||
SYMFONY__ENV__FOSUSER_REGISTRATION: "true"
|
||||
SYMFONY__ENV__FOSUSER_CONFIRMATION: "true"
|
||||
SYMFONY__ENV__FROM_EMAIL: wallabag@${SECRET_DOMAIN}
|
||||
@@ -93,7 +93,7 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:newspaper-variant
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -39,10 +39,10 @@ spec:
|
||||
repository: docker.io/benbusby/whoogle-search
|
||||
tag: 0.8.4
|
||||
env:
|
||||
# WHOOGLE_ALT_TW: nitter.${SECRET_CLUSTER_DOMAIN}
|
||||
WHOOGLE_ALT_YT: invidious.${SECRET_CLUSTER_DOMAIN}
|
||||
# WHOOGLE_ALT_TW: nitter.${SECRET_EXTERNAL_DOMAIN}
|
||||
WHOOGLE_ALT_YT: invidious.${SECRET_EXTERNAL_DOMAIN}
|
||||
WHOOGLE_ALT_IG: imginn.com
|
||||
WHOOGLE_ALT_RD: libreddit.${SECRET_CLUSTER_DOMAIN}
|
||||
WHOOGLE_ALT_RD: libreddit.${SECRET_EXTERNAL_DOMAIN}
|
||||
# WHOOGLE_ALT_MD: scripe.rip
|
||||
WHOOGLE_ALT_TL: farside.link/lingva
|
||||
WHOOGLE_ALT_IMG: bibliogram.art
|
||||
@@ -51,7 +51,7 @@ spec:
|
||||
WHOOGLE_CONFIG_COUNTRY: FR
|
||||
# WHOOGLE_CONFIG_GET_ONLY: 1
|
||||
WHOOGLE_CONFIG_THEME: dark
|
||||
WHOOGLE_CONFIG_URL: https://whoogle.${SECRET_CLUSTER_DOMAIN}/
|
||||
WHOOGLE_CONFIG_URL: https://whoogle.${SECRET_EXTERNAL_DOMAIN}/
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
@@ -71,14 +71,14 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:google
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -60,7 +60,7 @@ spec:
|
||||
ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: "true"
|
||||
ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: "true"
|
||||
ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: 8080
|
||||
ZIGBEE2MQTT_CONFIG_FRONTEND_URL: "https://zigbee.${SECRET_CLUSTER_DOMAIN}"
|
||||
ZIGBEE2MQTT_CONFIG_FRONTEND_URL: "https://zigbee.${SECRET_EXTERNAL_DOMAIN}"
|
||||
ZIGBEE2MQTT_CONFIG_HOMEASSISTANT: "true"
|
||||
ZIGBEE2MQTT_CONFIG_MQTT_INCLUDE_DEVICE_INFORMATION: "true"
|
||||
ZIGBEE2MQTT_CONFIG_MQTT_KEEPALIVE: 60
|
||||
@@ -102,12 +102,12 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:zigbee
|
||||
hosts:
|
||||
- host: &host "zigbee.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "zigbee.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -90,12 +90,12 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/icon: mdi:z-wave
|
||||
hosts:
|
||||
- host: &host "zwave.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "zwave.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
|
||||
@@ -11,7 +11,7 @@ metadata:
|
||||
spec:
|
||||
ingressClassName: "nginx"
|
||||
rules:
|
||||
- host: "flux-webhook.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: "flux-webhook.${SECRET_EXTERNAL_DOMAIN}"
|
||||
http:
|
||||
paths:
|
||||
- path: /hook/
|
||||
@@ -23,4 +23,4 @@ spec:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- "flux-webhook.${SECRET_CLUSTER_DOMAIN}"
|
||||
- "flux-webhook.${SECRET_EXTERNAL_DOMAIN}"
|
||||
|
||||
@@ -62,7 +62,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:sync
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
@@ -71,4 +71,3 @@ spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ spec:
|
||||
enabled: true
|
||||
className: nginx
|
||||
hosts:
|
||||
- &host "cilium.${SECRET_CLUSTER_DOMAIN}"
|
||||
- &host "cilium.${SECRET_EXTERNAL_DOMAIN}"
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
@@ -111,7 +111,7 @@ spec:
|
||||
ingressController:
|
||||
enabled: false
|
||||
defaultSecretNamespace: networking
|
||||
defaultSecretName: ${SECRET_CLUSTER_DOMAIN//./-}-tls
|
||||
defaultSecretName: ${SECRET_EXTERNAL_DOMAIN//./-}-tls
|
||||
loadbalancerMode: shared
|
||||
service:
|
||||
loadBalancerIP: 192.168.169.115
|
||||
|
||||
@@ -124,7 +124,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/enable: "false"
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -26,7 +26,7 @@ connectivity:
|
||||
endpoints:
|
||||
- name: status
|
||||
group: external
|
||||
url: https://status.${SECRET_CLUSTER_DOMAIN}
|
||||
url: https://status.${SECRET_EXTERNAL_DOMAIN}
|
||||
interval: 1m
|
||||
client:
|
||||
dns-resolver: tcp://192.168.8.1:53
|
||||
|
||||
@@ -67,7 +67,7 @@ spec:
|
||||
TZ: ${TIMEZONE}
|
||||
GATUS_CONFIG_PATH: /config
|
||||
CUSTOM_WEB_PORT: &port 8080
|
||||
SECRET_CLUSTER_DOMAIN: ${SECRET_CLUSTER_DOMAIN}
|
||||
SECRET_EXTERNAL_DOMAIN: ${SECRET_EXTERNAL_DOMAIN}
|
||||
envFrom: *envFrom
|
||||
resources:
|
||||
requests:
|
||||
@@ -110,7 +110,7 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hajimari.io/icon: mdi:list-status
|
||||
hosts:
|
||||
- host: &host "status.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "status.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -29,10 +29,10 @@ spec:
|
||||
rbac:
|
||||
pspEnabled: false
|
||||
env:
|
||||
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/userinfo
|
||||
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization
|
||||
GF_AUTH_GENERIC_OAUTH_API_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/userinfo
|
||||
GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/authorization
|
||||
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: grafana
|
||||
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token
|
||||
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://auth.${SECRET_EXTERNAL_DOMAIN}/api/oidc/token
|
||||
GF_DATE_FORMATS_USE_BROWSER_LOCALE: true
|
||||
GF_EXPLORE_ENABLED: true
|
||||
GF_PANELS_DISABLE_SANITIZE_HTML: true
|
||||
@@ -41,7 +41,7 @@ spec:
|
||||
GF_DATE_FORMATS_FULL_DATE: "DD.MM.YYYY hh:mm:ss"
|
||||
GF_SECURITY_ALLOW_EMBEDDING: true
|
||||
GF_SECURITY_COOKIE_SAMESITE: grafana
|
||||
GF_SERVER_ROOT_URL: https://grafana.${SECRET_CLUSTER_DOMAIN}
|
||||
GF_SERVER_ROOT_URL: https://grafana.${SECRET_EXTERNAL_DOMAIN}
|
||||
envFromSecrets:
|
||||
- name: grafana-secret
|
||||
grafana.ini:
|
||||
@@ -50,7 +50,7 @@ spec:
|
||||
check_for_plugin_updates: false
|
||||
reporting_enabled: false
|
||||
auth:
|
||||
signout_redirect_url: "https://auth.${SECRET_CLUSTER_DOMAIN}/logout"
|
||||
signout_redirect_url: "https://auth.${SECRET_EXTERNAL_DOMAIN}/logout"
|
||||
oauth_auto_login: true
|
||||
oauth_allow_insecure_email_lookup: true
|
||||
auth.generic_oauth:
|
||||
@@ -369,7 +369,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: simple-icons:grafana
|
||||
hosts:
|
||||
- &host "grafana.${SECRET_CLUSTER_DOMAIN}"
|
||||
- &host "grafana.${SECRET_EXTERNAL_DOMAIN}"
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
|
||||
@@ -124,15 +124,15 @@ spec:
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/appName: "Prometheus"
|
||||
hajimari.io/icon: simple-icons:prometheus
|
||||
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
|
||||
hosts: ["prometheus.${SECRET_EXTERNAL_DOMAIN}"]
|
||||
tls:
|
||||
- hosts:
|
||||
- "prometheus.${SECRET_CLUSTER_DOMAIN}"
|
||||
- "prometheus.${SECRET_EXTERNAL_DOMAIN}"
|
||||
prometheusSpec:
|
||||
podMetadata:
|
||||
annotations:
|
||||
@@ -242,15 +242,15 @@ spec:
|
||||
annotations:
|
||||
# nginx.ingress.kubernetes.io/auth-method: GET
|
||||
# nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method
|
||||
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
# nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||
hajimari.io/appName: "Alert Manager"
|
||||
hajimari.io/icon: mdi:alert-decagram-outline
|
||||
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
|
||||
hosts: ["alert-manager.${SECRET_EXTERNAL_DOMAIN}"]
|
||||
tls:
|
||||
- hosts:
|
||||
- "alert-manager.${SECRET_CLUSTER_DOMAIN}"
|
||||
- "alert-manager.${SECRET_EXTERNAL_DOMAIN}"
|
||||
prometheus:
|
||||
monitor:
|
||||
enabled: true
|
||||
|
||||
@@ -63,7 +63,7 @@ spec:
|
||||
annotations:
|
||||
hajimari.io/icon: mdi:harddiskstatus
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -75,7 +75,7 @@ spec:
|
||||
size: 10Gi
|
||||
query:
|
||||
replicas: 3
|
||||
extraArgs: ["--alert.query-url=https://thanos.${SECRET_CLUSTER_DOMAIN}"]
|
||||
extraArgs: ["--alert.query-url=https://thanos.${SECRET_EXTERNAL_DOMAIN}"]
|
||||
# additionalStores: ["thanos.turbo.ac:10901"]
|
||||
queryFrontend:
|
||||
enabled: true
|
||||
@@ -91,7 +91,7 @@ spec:
|
||||
enabled: true
|
||||
ingressClassName: nginx
|
||||
hosts:
|
||||
- thanos.${SECRET_CLUSTER_DOMAIN}
|
||||
- thanos.${SECRET_EXTERNAL_DOMAIN}
|
||||
podAnnotations: &podAnnotations
|
||||
configmap.reloader.stakater.com/reload: *configMap
|
||||
rule:
|
||||
|
||||
@@ -27,6 +27,8 @@ spec:
|
||||
uninstall:
|
||||
keepHistory: false
|
||||
values:
|
||||
podAnnotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
interval: 2m
|
||||
logLevel: debug
|
||||
provider: ovh
|
||||
@@ -51,7 +53,7 @@ spec:
|
||||
policy: sync
|
||||
sources:
|
||||
- ingress
|
||||
txtOwnerId: "default"
|
||||
txtOwnerId: default
|
||||
domainFilters:
|
||||
- "${SECRET_DOMAIN}"
|
||||
serviceMonitor:
|
||||
|
||||
@@ -67,7 +67,7 @@ spec:
|
||||
any: true
|
||||
extraArgs:
|
||||
default-ssl-certificate: |-
|
||||
networking/${SECRET_CLUSTER_DOMAIN//./-}-tls
|
||||
networking/${SECRET_EXTERNAL_DOMAIN//./-}-tls
|
||||
topologySpreadConstraints:
|
||||
- maxSkew: 1
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
@@ -2,14 +2,14 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: ${SECRET_CLUSTER_DOMAIN//./-}
|
||||
name: ${SECRET_EXTERNAL_DOMAIN//./-}
|
||||
namespace: networking
|
||||
spec:
|
||||
secretName: ${SECRET_CLUSTER_DOMAIN//./-}-tls
|
||||
secretName: ${SECRET_EXTERNAL_DOMAIN//./-}-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-production
|
||||
kind: ClusterIssuer
|
||||
commonName: "${SECRET_CLUSTER_DOMAIN}"
|
||||
commonName: "${SECRET_EXTERNAL_DOMAIN}"
|
||||
dnsNames:
|
||||
- ${SECRET_CLUSTER_DOMAIN}
|
||||
- "*.${SECRET_CLUSTER_DOMAIN}"
|
||||
- ${SECRET_EXTERNAL_DOMAIN}
|
||||
- "*.${SECRET_EXTERNAL_DOMAIN}"
|
||||
|
||||
@@ -5,12 +5,7 @@
|
||||
lameduck 5s
|
||||
}
|
||||
ready
|
||||
k8s_gateway ${SECRET_CLUSTER_DOMAIN} {
|
||||
apex k8s-gateway.network
|
||||
resources Ingress Service
|
||||
ttl 300
|
||||
}
|
||||
k8s_gateway ${SECRET_DOMAIN} {
|
||||
k8s_gateway ${SECRET_EXTERNAL_DOMAIN} {
|
||||
apex k8s-gateway.network
|
||||
resources Ingress Service
|
||||
ttl 300
|
||||
|
||||
@@ -55,7 +55,7 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -55,7 +55,7 @@ spec:
|
||||
external-dns.alpha.kubernetes.io/enabled: "true"
|
||||
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||
hosts:
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||
- host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
||||
@@ -37,11 +37,11 @@ spec:
|
||||
hajimari.io/appName: Rook
|
||||
hajimari.io/icon: mdi:chess-rook
|
||||
host:
|
||||
name: "rook.${SECRET_CLUSTER_DOMAIN}"
|
||||
name: "rook.${SECRET_EXTERNAL_DOMAIN}"
|
||||
path: /
|
||||
tls:
|
||||
- hosts:
|
||||
- "rook.${SECRET_CLUSTER_DOMAIN}"
|
||||
- "rook.${SECRET_EXTERNAL_DOMAIN}"
|
||||
configOverride: |
|
||||
[global]
|
||||
bdev_enable_discard = true
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/gitrepository_v1beta2.json
|
||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
|
||||
@@ -5,12 +5,11 @@ metadata:
|
||||
name: cluster-secrets
|
||||
namespace: flux-system
|
||||
stringData:
|
||||
SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:hWobTs6NA15tpKWe5gOijZQ/g04=,iv:+AHLg4o03aoZYQtamlfKnZXVlwy36+8NrwLhnL1ayHo=,tag:0vGWliDmkhsevARDdJzZ+g==,type:str]
|
||||
SECRET_CLUSTER_CERTIFICATE_DEFAULT: ENC[AES256_GCM,data:8HotHVJva77fd9S+j2BB,iv:fqCDD0NuK9ySCsGGT3G4QsfViM2L9oPp9ZLgwXf0tLI=,tag:rX1quD8RTjvzV75fmwmC6w==,type:str]
|
||||
SECRET_CLUSTER_DOMAIN_EMAIL: ENC[AES256_GCM,data:j1yBajAlXKQeDuvbV2IyJp8IT3wA,iv:pxPgYZEZ6pvcr6trM1gkL5MZORewARaiVfwRTyWxny0=,tag:y31EGp46NgF/Pf3hQ2Iavw==,type:str]
|
||||
SECRET_DOMAIN: ENC[AES256_GCM,data:UtdBDs6+azVHO7Y=,iv:ZnWrBW+vW6HiMs1PbgY2LjcwUwuUh1HxYjqvOXvCrDk=,tag:r6uDIJhVoTIcizIfRW+lHw==,type:str]
|
||||
SECRET_EXTERNAL_DOMAIN: ENC[AES256_GCM,data:Brd9H7gizPxew+4=,iv:YaIxv9TFF0mAks9gJXwXA1N7b8k5mcSJ6hs9lpaUV/M=,tag:8xdRoWun3IUVywagpsrsBw==,type:str]
|
||||
SECRET_INTERNAL_DOMAIN: ENC[AES256_GCM,data:WLuQAi9JsUsD5Q==,iv:Zc+5/rQONxepZFVC/ia01aBdlVyG99thOeIipeAVS3E=,tag:FwwjDKoUMfZ/taFPRRThOQ==,type:str]
|
||||
SECRET_CLUSTER_DOMAIN: ENC[AES256_GCM,data:Go+HZnPQCW5GKPqRB0MnmQ==,iv:bUGmzu42TVxhF94pGZuEi++A5a72wgGmWbOjmgau6Cg=,tag:eUIyZ/wcsOXYamTgiQYMjA==,type:str]
|
||||
SECRET_CROWDSEC_NGINX_BOUNCER_API_KEY: ENC[AES256_GCM,data:ecukkFOK40WWIxJ48sXrxJUBaHx2BnzqxkIT+cXYZg4=,iv:y6AfslVPufBfrIL3GQqTw0cDAan64mB9J7RY9OzKQqw=,tag:+V4Rgz26wey2UtA32S0PJQ==,type:str]
|
||||
SECRET_KOMF_MAL_CLIENT_ID: ENC[AES256_GCM,data:HuKHFrICgCj6nbcbix8u7qGeggFmmKht7Elk9dINZtE=,iv:c3mqFdFkIO9dctZ3ooPh4ajOZaY0ZudEeNWbG+lryPI=,tag:jWG2+pgkAf/XUgJyUvdrNg==,type:str]
|
||||
SECRET_KUBE_PROMETHEUS_STACK_ALERTMANAGER_PUSHOVER_USER_KEY: ENC[AES256_GCM,data:X1J9WLT26soYzlDb8+YtPotGw8p0lJKMuNkn69WX,iv:mW2cJOq5gfzSE+U24IuvPVL+dL2nZcTFpPAkG77Ohus=,tag:kxokidtuE5RAGJlj4Q4P2A==,type:str]
|
||||
@@ -36,8 +35,8 @@ sops:
|
||||
WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
|
||||
pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-13T19:25:25Z"
|
||||
mac: ENC[AES256_GCM,data:II+IEFKhi740xrv8uA8Gu0F39X+KGRlT+0egVrnNkvfLNeSV85YAB+F/PXo4MmfdeK9b/EN0C6z2Wms6NOpUQ76g8E/xJ7GG6OqIhQM5Q+jqahD2PZMYgo62Efwq17zzUz2WqUbt6eM5H03dhRv/Da+WUtdijv2d7cMnTxEpqh8=,iv:kRY9Fhh+upvyexhxJjmy2PJvvwEtAO58JQHblXF/4Jw=,tag:boWsM6Ii4rPo+i0sXabWdA==,type:str]
|
||||
lastmodified: "2024-06-16T22:10:15Z"
|
||||
mac: ENC[AES256_GCM,data:E/7/eH1+c3FL3i3JGq9M5WzW504RdyJiMAaKIeQ35lz9I6k10ohZd4z9sVeRfshveKLKZ5Kk6vzzjHNdjjFO0W0SqM8ix2JB+3+KiUBL/KteTDxcfUZ3SjiL42YB86uwI+msrCekXrHpsSY/dtBgmNyItuVZdvMWDjJBZ9cM8P8=,iv:eJIUMdqx8pr82goXGaoNHZgWIjUZ0nU0QfJAsP1Kk94=,tag:wEPUgxfQXE5qoxAFi3dsfw==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
||||
|
||||
@@ -10,7 +10,7 @@ data:
|
||||
endpoints:
|
||||
- name: "${APP}"
|
||||
group: external
|
||||
url: "https://${GATUS_SUBDOMAIN:-${APP}}.${SECRET_CLUSTER_DOMAIN}${GATUS_PATH:-/}"
|
||||
url: "https://${GATUS_SUBDOMAIN:-${APP}}.${SECRET_EXTERNAL_DOMAIN}${GATUS_PATH:-/}"
|
||||
interval: 1m
|
||||
client:
|
||||
dns-resolver: tcp://192.168.8.1:53
|
||||
|
||||
@@ -10,7 +10,7 @@ data:
|
||||
endpoints:
|
||||
- name: "${APP}"
|
||||
group: guarded
|
||||
url: "https://${GATUS_SUBDOMAIN:-${APP}}.${GATUS_DOMAIN:-${SECRET_CLUSTER_DOMAIN}}${GATUS_PATH:-/}"
|
||||
url: "https://${GATUS_SUBDOMAIN:-${APP}}.${GATUS_DOMAIN:-${SECRET_EXTERNAL_DOMAIN}}${GATUS_PATH:-/}"
|
||||
interval: 1m
|
||||
ui:
|
||||
hide-hostname: true
|
||||
|
||||
Reference in New Issue
Block a user