shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

♻️ renove kyverno annotations

Browse Source
This commit is contained in:
auricom
2023-11-30 22:17:46 +01:00
parent d4edfcea49
commit e8df666789
37 changed files with 129 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
archive/kubernetes/attic/apiserver/helmrelease.yaml
View File

@@ -70,7 +70,7 @@ spec:
enabled: true
ingressClassName: nginx
annotations:
# external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/enable: "false"
hosts:
- host: &host nix-cache.${SECRET_CLUSTER_DOMAIN}

2
kubernetes/apps/default/authelia/app/helmrelease.yaml
View File

@@ -145,7 +145,7 @@ spec:
enabled: true
className: nginx
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
nginx.ingress.kubernetes.io/configuration-snippet: |
add_header Cache-Control "no-store";
add_header Pragma "no-cache";

6
kubernetes/apps/default/bazarr/app/helmrelease.yaml
View File

@@ -94,7 +94,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:subtitles-outline
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/calibre/app/helmrelease.yaml
View File

@@ -63,7 +63,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:bookshelf
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/flood/app/helmrelease.yaml
View File

@@ -74,7 +74,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:download
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/frigate/app/helmrelease.yaml
View File

@@ -103,7 +103,11 @@ spec:
main:
enabled: true
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:cctv
className: nginx
hosts:

2
kubernetes/apps/default/immich/app/server/helmrelease.yaml
View File

@@ -89,7 +89,7 @@ spec:
enabled: true
className: nginx
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/appName: Immich
nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"

8
kubernetes/apps/default/invidious/app/helmrelease.yaml
View File

@@ -61,8 +61,12 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
external-dns.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:youtube
hajimari.io/name: invidious
hosts:

2
kubernetes/apps/default/joplin/app/helmrelease.yaml
View File

@@ -71,7 +71,7 @@ spec:
enabled: true
className: "nginx"
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:text
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/kresus/app/helmrelease.yaml
View File

@@ -90,7 +90,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:cash
hosts:
- host: &host "cash.${SECRET_CLUSTER_DOMAIN}"

2
kubernetes/apps/default/kubernetes-schemas/app/helmrelease.yaml
View File

@@ -51,7 +51,7 @@ spec:
enabled: true
className: nginx
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/enable: "false"
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

8
kubernetes/apps/default/libmedium/app/helmrelease.yaml
View File

@@ -51,8 +51,12 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
external-dns.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:file-document-arrow-right-outline
hosts:
- host: &host "libmedium.${SECRET_CLUSTER_DOMAIN}"

8
kubernetes/apps/default/libreddit/app/helmrelease.yaml
View File

@@ -64,8 +64,12 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
external-dns.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:web
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/lidarr/app/helmrelease.yaml
View File

@@ -78,7 +78,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:headphones
hosts:
- host: *host

2
kubernetes/apps/default/lychee/app/helmrelease.yaml
View File

@@ -77,7 +77,7 @@ spec:
enabled: true
className: "nginx"
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:camera
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/media-browser/app/helmrelease.yaml
View File

@@ -82,7 +82,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:folder-play-outline
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

8
kubernetes/apps/default/navidrome/app/helmrelease.yaml
View File

@@ -79,8 +79,12 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
external-dns.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:music
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

2
kubernetes/apps/default/paperless/app/helmrelease.yaml
View File

@@ -80,7 +80,7 @@ spec:
enabled: true
className: "nginx"
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:barcode-scan
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/prowlarr/app/helmrelease.yaml
View File

@@ -69,7 +69,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:movie-search
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/pyload/app/helmrelease.yaml
View File

@@ -81,7 +81,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:download
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/radarr/app/helmrelease.yaml
View File

@@ -80,7 +80,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:filmstrip
hosts:
- host: *host

6
kubernetes/apps/default/sabnzbd/app/helmrelease.yaml
View File

@@ -99,7 +99,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:download
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

2
kubernetes/apps/default/sharry/app/helmrelease.yaml
View File

@@ -63,7 +63,7 @@ spec:
enabled: true
className: "nginx"
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hajimari.io/icon: mdi:account-arrow-up
hosts:

6
kubernetes/apps/default/sonarr/app/helmrelease.yaml
View File

@@ -96,7 +96,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:television-classic
hosts:
- host: *host

2
kubernetes/apps/default/vaultwarden/app/helmrelease.yaml
View File

@@ -86,7 +86,7 @@ spec:
enabled: true
className: "nginx"
anotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:lock
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

2
kubernetes/apps/default/vikunja/app/helmrelease.yaml
View File

@@ -84,7 +84,7 @@ spec:
enabled: true
className: "nginx"
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:format-list-checks
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

2
kubernetes/apps/default/wallabag/app/helmrelease.yaml
View File

@@ -99,7 +99,7 @@ spec:
enabled: true
className: "nginx"
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:newspaper-variant
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

8
kubernetes/apps/default/whoogle/app/helmrelease.yaml
View File

@@ -67,8 +67,12 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
external-dns.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:google
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml
View File

@@ -107,7 +107,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:zigbee
hosts:
- host: &host "zigbee.${SECRET_CLUSTER_DOMAIN}"

6
kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml
View File

@@ -88,7 +88,11 @@ spec:
enabled: true
className: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/icon: mdi:z-wave
hosts:
- host: &host "zwave.${SECRET_CLUSTER_DOMAIN}"

2
kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: webhook-receiver
namespace: flux-system
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/enable: "false"
spec:
ingressClassName: "nginx"

2
kubernetes/apps/monitoring/gatus/app/helmrelease.yaml
View File

@@ -100,7 +100,7 @@ spec:
enabled: true
className: nginx
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hajimari.io/icon: mdi:list-status
hosts:
- host: &host "status.${SECRET_CLUSTER_DOMAIN}"

12
kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml
View File

@@ -117,7 +117,11 @@ spec:
pathType: Prefix
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/appName: "Prometheus"
hajimari.io/icon: simple-icons:prometheus
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
@@ -261,7 +265,11 @@ spec:
pathType: Prefix
ingressClassName: "nginx"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/appName: "Alert Manager"
hajimari.io/icon: mdi:alert-decagram-outline
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]

6
kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
View File

@@ -53,7 +53,11 @@ spec:
enabled: true
hostname: &host "thanos-query.${SECRET_CLUSTER_DOMAIN}"
annotations:
auth.home.arpa/enabled: "true"
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
hajimari.io/enable: "false"
ingressClassName: "nginx"
tls: true

76
kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml
View File

@@ -1,76 +0,0 @@
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: ingress-auth-annotations
annotations:
policies.kyverno.io/title: Ingress Auth Annotations
policies.kyverno.io/subject: Ingress
policies.kyverno.io/description: >-
This policy creates auth annotations on ingresses. When
the `auth.home.arpa/enabled` annotation is `true` it
applies the nginx auth annotations for use with Authelia.
spec:
mutateExistingOnPolicyUpdate: true
generateExistingOnPolicyUpdate: true
rules:
- name: auth
match:
any:
- resources:
kinds: ["Ingress"]
annotations:
auth.home.arpa/enabled: "true"
mutate:
targets:
- apiVersion: networking.k8s.io/v1
kind: Ingress
name: "{{request.object.metadata.name}}"
namespace: "{{ request.object.metadata.namespace }}"
patchStrategicMerge:
metadata:
annotations:
+(nginx.ingress.kubernetes.io/auth-method): GET
+(nginx.ingress.kubernetes.io/auth-url): |-
http://authelia.default.svc.cluster.local.:8888/api/verify
+(nginx.ingress.kubernetes.io/auth-signin): |-
https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
+(nginx.ingress.kubernetes.io/auth-response-headers): |-
Remote-User,Remote-Name,Remote-Groups,Remote-Email
+(nginx.ingress.kubernetes.io/auth-snippet): |
proxy_set_header X-Forwarded-Method $request_method;
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: ingress-external-dns-annotations
annotations:
policies.kyverno.io/title: Ingress External-DNS Annotations
policies.kyverno.io/subject: Ingress
policies.kyverno.io/description: >-
This policy creates external-dns annotations on ingresses.
When the `external-dns.home.arpa/enabled` annotation is `true`
it applies the external-dns annotations for use with external
application access.
spec:
mutateExistingOnPolicyUpdate: true
generateExistingOnPolicyUpdate: true
rules:
- name: external-dns
match:
any:
- resources:
kinds: ["Ingress"]
annotations:
external-dns.home.arpa/enabled: "true"
mutate:
targets:
- apiVersion: networking.k8s.io/v1
kind: Ingress
name: "{{request.object.metadata.name}}"
namespace: "{{ request.object.metadata.namespace }}"
patchStrategicMerge:
metadata:
annotations:
+(external-dns.alpha.kubernetes.io/target): |-
services.${SECRET_DOMAIN}.

1
kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml
View File

@@ -6,4 +6,3 @@ namespace: networking
resources:
- ./dashboard
- ./helmrelease.yaml
- ./clusterpolicy.yaml

2
kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml
View File

@@ -50,7 +50,7 @@ spec:
enabled: true
className: nginx
annotations:
external-dns.home.arpa/enabled: "true"
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths: