From e8df666789a2d278cd3eeae69d2f189b4a9d1df4 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Thu, 30 Nov 2023 22:17:46 +0100 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20renove=20kyverno=20annotat?= =?UTF-8?q?ions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../attic/apiserver/helmrelease.yaml | 2 +- .../default/authelia/app/helmrelease.yaml | 2 +- .../apps/default/bazarr/app/helmrelease.yaml | 6 +- .../apps/default/calibre/app/helmrelease.yaml | 6 +- .../apps/default/flood/app/helmrelease.yaml | 6 +- .../apps/default/frigate/app/helmrelease.yaml | 6 +- .../immich/app/server/helmrelease.yaml | 2 +- .../default/invidious/app/helmrelease.yaml | 8 +- .../apps/default/joplin/app/helmrelease.yaml | 2 +- .../apps/default/kresus/app/helmrelease.yaml | 6 +- .../kubernetes-schemas/app/helmrelease.yaml | 2 +- .../default/libmedium/app/helmrelease.yaml | 8 +- .../default/libreddit/app/helmrelease.yaml | 8 +- .../apps/default/lidarr/app/helmrelease.yaml | 6 +- .../apps/default/lychee/app/helmrelease.yaml | 2 +- .../media-browser/app/helmrelease.yaml | 6 +- .../default/navidrome/app/helmrelease.yaml | 8 +- .../default/paperless/app/helmrelease.yaml | 2 +- .../default/prowlarr/app/helmrelease.yaml | 6 +- .../apps/default/pyload/app/helmrelease.yaml | 6 +- .../apps/default/radarr/app/helmrelease.yaml | 6 +- .../apps/default/sabnzbd/app/helmrelease.yaml | 6 +- .../apps/default/sharry/app/helmrelease.yaml | 2 +- .../apps/default/sonarr/app/helmrelease.yaml | 6 +- .../default/vaultwarden/app/helmrelease.yaml | 2 +- .../apps/default/vikunja/app/helmrelease.yaml | 2 +- .../default/wallabag/app/helmrelease.yaml | 2 +- .../apps/default/whoogle/app/helmrelease.yaml | 8 +- .../default/zigbee2mqtt/app/helmrelease.yaml | 6 +- .../default/zwave-js-ui/app/helmrelease.yaml | 6 +- .../addons/webhooks/github/ingress.yaml | 2 +- .../monitoring/gatus/app/helmrelease.yaml | 2 +- .../app/helmrelease.yaml | 12 ++- .../monitoring/thanos/app/helmrelease.yaml | 6 +- .../ingress-nginx/app/clusterpolicy.yaml | 76 ------------------- .../ingress-nginx/app/kustomization.yaml | 1 - .../ngnode/landing-page/app/helmrelease.yaml | 2 +- 37 files changed, 129 insertions(+), 118 deletions(-) delete mode 100644 kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml diff --git a/archive/kubernetes/attic/apiserver/helmrelease.yaml b/archive/kubernetes/attic/apiserver/helmrelease.yaml index 739ff0ff0..17bded098 100644 --- a/archive/kubernetes/attic/apiserver/helmrelease.yaml +++ b/archive/kubernetes/attic/apiserver/helmrelease.yaml @@ -70,7 +70,7 @@ spec: enabled: true ingressClassName: nginx annotations: - # external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/enable: "false" hosts: - host: &host nix-cache.${SECRET_CLUSTER_DOMAIN} diff --git a/kubernetes/apps/default/authelia/app/helmrelease.yaml b/kubernetes/apps/default/authelia/app/helmrelease.yaml index 729afdcd6..e94d7ad6e 100644 --- a/kubernetes/apps/default/authelia/app/helmrelease.yaml +++ b/kubernetes/apps/default/authelia/app/helmrelease.yaml @@ -145,7 +145,7 @@ spec: enabled: true className: nginx annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. nginx.ingress.kubernetes.io/configuration-snippet: | add_header Cache-Control "no-store"; add_header Pragma "no-cache"; diff --git a/kubernetes/apps/default/bazarr/app/helmrelease.yaml b/kubernetes/apps/default/bazarr/app/helmrelease.yaml index ffa86e688..046939266 100644 --- a/kubernetes/apps/default/bazarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/bazarr/app/helmrelease.yaml @@ -94,7 +94,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:subtitles-outline hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/calibre/app/helmrelease.yaml b/kubernetes/apps/default/calibre/app/helmrelease.yaml index b426e4a53..5ea615a8a 100644 --- a/kubernetes/apps/default/calibre/app/helmrelease.yaml +++ b/kubernetes/apps/default/calibre/app/helmrelease.yaml @@ -63,7 +63,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:bookshelf hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/flood/app/helmrelease.yaml b/kubernetes/apps/default/flood/app/helmrelease.yaml index 015a06fc5..7c67855ca 100644 --- a/kubernetes/apps/default/flood/app/helmrelease.yaml +++ b/kubernetes/apps/default/flood/app/helmrelease.yaml @@ -74,7 +74,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:download hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/frigate/app/helmrelease.yaml b/kubernetes/apps/default/frigate/app/helmrelease.yaml index 137b968ad..d9d813b3d 100644 --- a/kubernetes/apps/default/frigate/app/helmrelease.yaml +++ b/kubernetes/apps/default/frigate/app/helmrelease.yaml @@ -103,7 +103,11 @@ spec: main: enabled: true annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:cctv className: nginx hosts: diff --git a/kubernetes/apps/default/immich/app/server/helmrelease.yaml b/kubernetes/apps/default/immich/app/server/helmrelease.yaml index dcafa36a6..db3404374 100644 --- a/kubernetes/apps/default/immich/app/server/helmrelease.yaml +++ b/kubernetes/apps/default/immich/app/server/helmrelease.yaml @@ -89,7 +89,7 @@ spec: enabled: true className: nginx annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/appName: Immich nignx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" diff --git a/kubernetes/apps/default/invidious/app/helmrelease.yaml b/kubernetes/apps/default/invidious/app/helmrelease.yaml index 9e5788ac3..dc6be6f22 100644 --- a/kubernetes/apps/default/invidious/app/helmrelease.yaml +++ b/kubernetes/apps/default/invidious/app/helmrelease.yaml @@ -61,8 +61,12 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" - external-dns.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:youtube hajimari.io/name: invidious hosts: diff --git a/kubernetes/apps/default/joplin/app/helmrelease.yaml b/kubernetes/apps/default/joplin/app/helmrelease.yaml index c7cb45113..0b0fade0d 100644 --- a/kubernetes/apps/default/joplin/app/helmrelease.yaml +++ b/kubernetes/apps/default/joplin/app/helmrelease.yaml @@ -71,7 +71,7 @@ spec: enabled: true className: "nginx" annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:text hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/kresus/app/helmrelease.yaml b/kubernetes/apps/default/kresus/app/helmrelease.yaml index ea668724c..acaea94f4 100644 --- a/kubernetes/apps/default/kresus/app/helmrelease.yaml +++ b/kubernetes/apps/default/kresus/app/helmrelease.yaml @@ -90,7 +90,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:cash hosts: - host: &host "cash.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/kubernetes-schemas/app/helmrelease.yaml b/kubernetes/apps/default/kubernetes-schemas/app/helmrelease.yaml index 6b2a64d8c..84da4d81b 100644 --- a/kubernetes/apps/default/kubernetes-schemas/app/helmrelease.yaml +++ b/kubernetes/apps/default/kubernetes-schemas/app/helmrelease.yaml @@ -51,7 +51,7 @@ spec: enabled: true className: nginx annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/enable: "false" hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/libmedium/app/helmrelease.yaml b/kubernetes/apps/default/libmedium/app/helmrelease.yaml index 3fcd18c8e..a69c6e5aa 100644 --- a/kubernetes/apps/default/libmedium/app/helmrelease.yaml +++ b/kubernetes/apps/default/libmedium/app/helmrelease.yaml @@ -51,8 +51,12 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" - external-dns.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:file-document-arrow-right-outline hosts: - host: &host "libmedium.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/libreddit/app/helmrelease.yaml b/kubernetes/apps/default/libreddit/app/helmrelease.yaml index dc109048c..9a14de16b 100644 --- a/kubernetes/apps/default/libreddit/app/helmrelease.yaml +++ b/kubernetes/apps/default/libreddit/app/helmrelease.yaml @@ -64,8 +64,12 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" - external-dns.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:web hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/lidarr/app/helmrelease.yaml b/kubernetes/apps/default/lidarr/app/helmrelease.yaml index 42f31ffbd..7cda7bda4 100644 --- a/kubernetes/apps/default/lidarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/lidarr/app/helmrelease.yaml @@ -78,7 +78,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:headphones hosts: - host: *host diff --git a/kubernetes/apps/default/lychee/app/helmrelease.yaml b/kubernetes/apps/default/lychee/app/helmrelease.yaml index d3379c353..98a6d7df1 100644 --- a/kubernetes/apps/default/lychee/app/helmrelease.yaml +++ b/kubernetes/apps/default/lychee/app/helmrelease.yaml @@ -77,7 +77,7 @@ spec: enabled: true className: "nginx" annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:camera hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/media-browser/app/helmrelease.yaml b/kubernetes/apps/default/media-browser/app/helmrelease.yaml index 51d0219c2..b77e14d2b 100644 --- a/kubernetes/apps/default/media-browser/app/helmrelease.yaml +++ b/kubernetes/apps/default/media-browser/app/helmrelease.yaml @@ -82,7 +82,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:folder-play-outline hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/navidrome/app/helmrelease.yaml b/kubernetes/apps/default/navidrome/app/helmrelease.yaml index 43830863f..1b8ae0d3a 100644 --- a/kubernetes/apps/default/navidrome/app/helmrelease.yaml +++ b/kubernetes/apps/default/navidrome/app/helmrelease.yaml @@ -79,8 +79,12 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" - external-dns.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:music hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/paperless/app/helmrelease.yaml b/kubernetes/apps/default/paperless/app/helmrelease.yaml index b61465410..4f26188da 100644 --- a/kubernetes/apps/default/paperless/app/helmrelease.yaml +++ b/kubernetes/apps/default/paperless/app/helmrelease.yaml @@ -80,7 +80,7 @@ spec: enabled: true className: "nginx" annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:barcode-scan hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml index e4edcba0f..713b11259 100644 --- a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml @@ -69,7 +69,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:movie-search hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/pyload/app/helmrelease.yaml b/kubernetes/apps/default/pyload/app/helmrelease.yaml index c98bca928..455708f7a 100644 --- a/kubernetes/apps/default/pyload/app/helmrelease.yaml +++ b/kubernetes/apps/default/pyload/app/helmrelease.yaml @@ -81,7 +81,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:download hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/radarr/app/helmrelease.yaml b/kubernetes/apps/default/radarr/app/helmrelease.yaml index 4711f8866..7d4f80407 100644 --- a/kubernetes/apps/default/radarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml @@ -80,7 +80,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:filmstrip hosts: - host: *host diff --git a/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml index 35a55d54d..ff5c3862e 100644 --- a/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml +++ b/kubernetes/apps/default/sabnzbd/app/helmrelease.yaml @@ -99,7 +99,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:download hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/sharry/app/helmrelease.yaml b/kubernetes/apps/default/sharry/app/helmrelease.yaml index 3ff408f10..83471f88b 100644 --- a/kubernetes/apps/default/sharry/app/helmrelease.yaml +++ b/kubernetes/apps/default/sharry/app/helmrelease.yaml @@ -63,7 +63,7 @@ spec: enabled: true className: "nginx" annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. nginx.ingress.kubernetes.io/proxy-body-size: "0" hajimari.io/icon: mdi:account-arrow-up hosts: diff --git a/kubernetes/apps/default/sonarr/app/helmrelease.yaml b/kubernetes/apps/default/sonarr/app/helmrelease.yaml index 1d75e74ff..4cdb6e448 100644 --- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml @@ -96,7 +96,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:television-classic hosts: - host: *host diff --git a/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml b/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml index bd38bfe4d..c73e575f0 100644 --- a/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml +++ b/kubernetes/apps/default/vaultwarden/app/helmrelease.yaml @@ -86,7 +86,7 @@ spec: enabled: true className: "nginx" anotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:lock hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/vikunja/app/helmrelease.yaml b/kubernetes/apps/default/vikunja/app/helmrelease.yaml index deb776718..9a02e7ae8 100644 --- a/kubernetes/apps/default/vikunja/app/helmrelease.yaml +++ b/kubernetes/apps/default/vikunja/app/helmrelease.yaml @@ -84,7 +84,7 @@ spec: enabled: true className: "nginx" annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:format-list-checks hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/wallabag/app/helmrelease.yaml b/kubernetes/apps/default/wallabag/app/helmrelease.yaml index f1df0e526..c411403b2 100644 --- a/kubernetes/apps/default/wallabag/app/helmrelease.yaml +++ b/kubernetes/apps/default/wallabag/app/helmrelease.yaml @@ -99,7 +99,7 @@ spec: enabled: true className: "nginx" annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:newspaper-variant hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/whoogle/app/helmrelease.yaml b/kubernetes/apps/default/whoogle/app/helmrelease.yaml index 4a0cbf83d..b8db4627a 100644 --- a/kubernetes/apps/default/whoogle/app/helmrelease.yaml +++ b/kubernetes/apps/default/whoogle/app/helmrelease.yaml @@ -67,8 +67,12 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" - external-dns.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:google hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml index 4434f94fd..b6125dc9c 100644 --- a/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml +++ b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml @@ -107,7 +107,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:zigbee hosts: - host: &host "zigbee.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml b/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml index b2769abdd..eb96a85a0 100644 --- a/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml +++ b/kubernetes/apps/default/zwave-js-ui/app/helmrelease.yaml @@ -88,7 +88,11 @@ spec: enabled: true className: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:z-wave hosts: - host: &host "zwave.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml b/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml index 17b92bf53..c1f6b598d 100644 --- a/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml +++ b/kubernetes/apps/flux-system/addons/webhooks/github/ingress.yaml @@ -5,7 +5,7 @@ metadata: name: webhook-receiver namespace: flux-system annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/enable: "false" spec: ingressClassName: "nginx" diff --git a/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml b/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml index 5a18d4fa5..29efbf248 100644 --- a/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/gatus/app/helmrelease.yaml @@ -100,7 +100,7 @@ spec: enabled: true className: nginx annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hajimari.io/icon: mdi:list-status hosts: - host: &host "status.${SECRET_CLUSTER_DOMAIN}" diff --git a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml index 4c8824c8c..57d52fae8 100644 --- a/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/kube-prometheus-stack/app/helmrelease.yaml @@ -117,7 +117,11 @@ spec: pathType: Prefix ingressClassName: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/appName: "Prometheus" hajimari.io/icon: simple-icons:prometheus hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"] @@ -261,7 +265,11 @@ spec: pathType: Prefix ingressClassName: "nginx" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/appName: "Alert Manager" hajimari.io/icon: mdi:alert-decagram-outline hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"] diff --git a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml index ce5672b21..b57d812e5 100644 --- a/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml +++ b/kubernetes/apps/monitoring/thanos/app/helmrelease.yaml @@ -53,7 +53,11 @@ spec: enabled: true hostname: &host "thanos-query.${SECRET_CLUSTER_DOMAIN}" annotations: - auth.home.arpa/enabled: "true" + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/enable: "false" ingressClassName: "nginx" tls: true diff --git a/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml b/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml deleted file mode 100644 index 8951d5005..000000000 --- a/kubernetes/apps/networking/ingress-nginx/app/clusterpolicy.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: ingress-auth-annotations - annotations: - policies.kyverno.io/title: Ingress Auth Annotations - policies.kyverno.io/subject: Ingress - policies.kyverno.io/description: >- - This policy creates auth annotations on ingresses. When - the `auth.home.arpa/enabled` annotation is `true` it - applies the nginx auth annotations for use with Authelia. -spec: - mutateExistingOnPolicyUpdate: true - generateExistingOnPolicyUpdate: true - rules: - - name: auth - match: - any: - - resources: - kinds: ["Ingress"] - annotations: - auth.home.arpa/enabled: "true" - mutate: - targets: - - apiVersion: networking.k8s.io/v1 - kind: Ingress - name: "{{request.object.metadata.name}}" - namespace: "{{ request.object.metadata.namespace }}" - patchStrategicMerge: - metadata: - annotations: - +(nginx.ingress.kubernetes.io/auth-method): GET - +(nginx.ingress.kubernetes.io/auth-url): |- - http://authelia.default.svc.cluster.local.:8888/api/verify - +(nginx.ingress.kubernetes.io/auth-signin): |- - https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method - +(nginx.ingress.kubernetes.io/auth-response-headers): |- - Remote-User,Remote-Name,Remote-Groups,Remote-Email - +(nginx.ingress.kubernetes.io/auth-snippet): | - proxy_set_header X-Forwarded-Method $request_method; ---- -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: ingress-external-dns-annotations - annotations: - policies.kyverno.io/title: Ingress External-DNS Annotations - policies.kyverno.io/subject: Ingress - policies.kyverno.io/description: >- - This policy creates external-dns annotations on ingresses. - When the `external-dns.home.arpa/enabled` annotation is `true` - it applies the external-dns annotations for use with external - application access. -spec: - mutateExistingOnPolicyUpdate: true - generateExistingOnPolicyUpdate: true - rules: - - name: external-dns - match: - any: - - resources: - kinds: ["Ingress"] - annotations: - external-dns.home.arpa/enabled: "true" - mutate: - targets: - - apiVersion: networking.k8s.io/v1 - kind: Ingress - name: "{{request.object.metadata.name}}" - namespace: "{{ request.object.metadata.namespace }}" - patchStrategicMerge: - metadata: - annotations: - +(external-dns.alpha.kubernetes.io/target): |- - services.${SECRET_DOMAIN}. diff --git a/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml b/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml index 63405f803..32b294662 100644 --- a/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml +++ b/kubernetes/apps/networking/ingress-nginx/app/kustomization.yaml @@ -6,4 +6,3 @@ namespace: networking resources: - ./dashboard - ./helmrelease.yaml - - ./clusterpolicy.yaml diff --git a/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml b/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml index aacffefdd..57abc500f 100644 --- a/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml +++ b/kubernetes/apps/ngnode/landing-page/app/helmrelease.yaml @@ -50,7 +50,7 @@ spec: enabled: true className: nginx annotations: - external-dns.home.arpa/enabled: "true" + external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}. hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" paths: