mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
♻️ renove kyverno annotations
This commit is contained in:
auricom
@@ -70,7 +70,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
annotations:
|
annotations:
|
||||||
# external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/enable: "false"
|
hajimari.io/enable: "false"
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host nix-cache.${SECRET_CLUSTER_DOMAIN}
|
- host: &host nix-cache.${SECRET_CLUSTER_DOMAIN}
|
||||||
|
|||||||
@@ -145,7 +145,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||||
add_header Cache-Control "no-store";
|
add_header Cache-Control "no-store";
|
||||||
add_header Pragma "no-cache";
|
add_header Pragma "no-cache";
|
||||||
|
|||||||
@@ -94,7 +94,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:subtitles-outline
|
hajimari.io/icon: mdi:subtitles-outline
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -63,7 +63,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:bookshelf
|
hajimari.io/icon: mdi:bookshelf
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -74,7 +74,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:download
|
hajimari.io/icon: mdi:download
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -103,7 +103,11 @@ spec:
|
|||||||
main:
|
main:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:cctv
|
hajimari.io/icon: mdi:cctv
|
||||||
className: nginx
|
className: nginx
|
||||||
hosts:
|
hosts:
|
||||||
|
|||||||
@@ -89,7 +89,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/appName: Immich
|
hajimari.io/appName: Immich
|
||||||
nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
nignx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||||
|
|||||||
@@ -61,8 +61,12 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
external-dns.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:youtube
|
hajimari.io/icon: mdi:youtube
|
||||||
hajimari.io/name: invidious
|
hajimari.io/name: invidious
|
||||||
hosts:
|
hosts:
|
||||||
|
|||||||
@@ -71,7 +71,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:text
|
hajimari.io/icon: mdi:text
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -90,7 +90,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:cash
|
hajimari.io/icon: mdi:cash
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "cash.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "cash.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/enable: "false"
|
hajimari.io/enable: "false"
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -51,8 +51,12 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
external-dns.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:file-document-arrow-right-outline
|
hajimari.io/icon: mdi:file-document-arrow-right-outline
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "libmedium.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "libmedium.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -64,8 +64,12 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
external-dns.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:web
|
hajimari.io/icon: mdi:web
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -78,7 +78,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:headphones
|
hajimari.io/icon: mdi:headphones
|
||||||
hosts:
|
hosts:
|
||||||
- host: *host
|
- host: *host
|
||||||
|
|||||||
@@ -77,7 +77,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:camera
|
hajimari.io/icon: mdi:camera
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -82,7 +82,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:folder-play-outline
|
hajimari.io/icon: mdi:folder-play-outline
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -79,8 +79,12 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
external-dns.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:music
|
hajimari.io/icon: mdi:music
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -80,7 +80,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:barcode-scan
|
hajimari.io/icon: mdi:barcode-scan
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -69,7 +69,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:movie-search
|
hajimari.io/icon: mdi:movie-search
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -81,7 +81,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:download
|
hajimari.io/icon: mdi:download
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -80,7 +80,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:filmstrip
|
hajimari.io/icon: mdi:filmstrip
|
||||||
hosts:
|
hosts:
|
||||||
- host: *host
|
- host: *host
|
||||||
|
|||||||
@@ -99,7 +99,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:download
|
hajimari.io/icon: mdi:download
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -63,7 +63,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||||
hajimari.io/icon: mdi:account-arrow-up
|
hajimari.io/icon: mdi:account-arrow-up
|
||||||
hosts:
|
hosts:
|
||||||
|
|||||||
@@ -96,7 +96,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:television-classic
|
hajimari.io/icon: mdi:television-classic
|
||||||
hosts:
|
hosts:
|
||||||
- host: *host
|
- host: *host
|
||||||
|
|||||||
@@ -86,7 +86,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
anotations:
|
anotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:lock
|
hajimari.io/icon: mdi:lock
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -84,7 +84,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:format-list-checks
|
hajimari.io/icon: mdi:format-list-checks
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -99,7 +99,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:newspaper-variant
|
hajimari.io/icon: mdi:newspaper-variant
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -67,8 +67,12 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
external-dns.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:google
|
hajimari.io/icon: mdi:google
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -107,7 +107,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:zigbee
|
hajimari.io/icon: mdi:zigbee
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "zigbee.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "zigbee.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -88,7 +88,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: "nginx"
|
className: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/icon: mdi:z-wave
|
hajimari.io/icon: mdi:z-wave
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "zwave.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "zwave.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ metadata:
|
|||||||
name: webhook-receiver
|
name: webhook-receiver
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/enable: "false"
|
hajimari.io/enable: "false"
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
|
|||||||
@@ -100,7 +100,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hajimari.io/icon: mdi:list-status
|
hajimari.io/icon: mdi:list-status
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "status.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "status.${SECRET_CLUSTER_DOMAIN}"
|
||||||
|
|||||||
@@ -117,7 +117,11 @@ spec:
|
|||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/appName: "Prometheus"
|
hajimari.io/appName: "Prometheus"
|
||||||
hajimari.io/icon: simple-icons:prometheus
|
hajimari.io/icon: simple-icons:prometheus
|
||||||
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
|
hosts: ["prometheus.${SECRET_CLUSTER_DOMAIN}"]
|
||||||
@@ -261,7 +265,11 @@ spec:
|
|||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/appName: "Alert Manager"
|
hajimari.io/appName: "Alert Manager"
|
||||||
hajimari.io/icon: mdi:alert-decagram-outline
|
hajimari.io/icon: mdi:alert-decagram-outline
|
||||||
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
|
hosts: ["alert-manager.${SECRET_CLUSTER_DOMAIN}"]
|
||||||
|
|||||||
@@ -53,7 +53,11 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
hostname: &host "thanos-query.${SECRET_CLUSTER_DOMAIN}"
|
hostname: &host "thanos-query.${SECRET_CLUSTER_DOMAIN}"
|
||||||
annotations:
|
annotations:
|
||||||
auth.home.arpa/enabled: "true"
|
nginx.ingress.kubernetes.io/auth-method: GET
|
||||||
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify
|
||||||
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
||||||
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||||
|
nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method;
|
||||||
hajimari.io/enable: "false"
|
hajimari.io/enable: "false"
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
tls: true
|
tls: true
|
||||||
|
|||||||
@@ -1,76 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kyverno.io/v1
|
|
||||||
kind: ClusterPolicy
|
|
||||||
metadata:
|
|
||||||
name: ingress-auth-annotations
|
|
||||||
annotations:
|
|
||||||
policies.kyverno.io/title: Ingress Auth Annotations
|
|
||||||
policies.kyverno.io/subject: Ingress
|
|
||||||
policies.kyverno.io/description: >-
|
|
||||||
This policy creates auth annotations on ingresses. When
|
|
||||||
the `auth.home.arpa/enabled` annotation is `true` it
|
|
||||||
applies the nginx auth annotations for use with Authelia.
|
|
||||||
spec:
|
|
||||||
mutateExistingOnPolicyUpdate: true
|
|
||||||
generateExistingOnPolicyUpdate: true
|
|
||||||
rules:
|
|
||||||
- name: auth
|
|
||||||
match:
|
|
||||||
any:
|
|
||||||
- resources:
|
|
||||||
kinds: ["Ingress"]
|
|
||||||
annotations:
|
|
||||||
auth.home.arpa/enabled: "true"
|
|
||||||
mutate:
|
|
||||||
targets:
|
|
||||||
- apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
name: "{{request.object.metadata.name}}"
|
|
||||||
namespace: "{{ request.object.metadata.namespace }}"
|
|
||||||
patchStrategicMerge:
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
+(nginx.ingress.kubernetes.io/auth-method): GET
|
|
||||||
+(nginx.ingress.kubernetes.io/auth-url): |-
|
|
||||||
http://authelia.default.svc.cluster.local.:8888/api/verify
|
|
||||||
+(nginx.ingress.kubernetes.io/auth-signin): |-
|
|
||||||
https://auth.${SECRET_CLUSTER_DOMAIN}?rm=$request_method
|
|
||||||
+(nginx.ingress.kubernetes.io/auth-response-headers): |-
|
|
||||||
Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
|
||||||
+(nginx.ingress.kubernetes.io/auth-snippet): |
|
|
||||||
proxy_set_header X-Forwarded-Method $request_method;
|
|
||||||
---
|
|
||||||
apiVersion: kyverno.io/v1
|
|
||||||
kind: ClusterPolicy
|
|
||||||
metadata:
|
|
||||||
name: ingress-external-dns-annotations
|
|
||||||
annotations:
|
|
||||||
policies.kyverno.io/title: Ingress External-DNS Annotations
|
|
||||||
policies.kyverno.io/subject: Ingress
|
|
||||||
policies.kyverno.io/description: >-
|
|
||||||
This policy creates external-dns annotations on ingresses.
|
|
||||||
When the `external-dns.home.arpa/enabled` annotation is `true`
|
|
||||||
it applies the external-dns annotations for use with external
|
|
||||||
application access.
|
|
||||||
spec:
|
|
||||||
mutateExistingOnPolicyUpdate: true
|
|
||||||
generateExistingOnPolicyUpdate: true
|
|
||||||
rules:
|
|
||||||
- name: external-dns
|
|
||||||
match:
|
|
||||||
any:
|
|
||||||
- resources:
|
|
||||||
kinds: ["Ingress"]
|
|
||||||
annotations:
|
|
||||||
external-dns.home.arpa/enabled: "true"
|
|
||||||
mutate:
|
|
||||||
targets:
|
|
||||||
- apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
name: "{{request.object.metadata.name}}"
|
|
||||||
namespace: "{{ request.object.metadata.namespace }}"
|
|
||||||
patchStrategicMerge:
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
+(external-dns.alpha.kubernetes.io/target): |-
|
|
||||||
services.${SECRET_DOMAIN}.
|
|
||||||
@@ -6,4 +6,3 @@ namespace: networking
|
|||||||
resources:
|
resources:
|
||||||
- ./dashboard
|
- ./dashboard
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
- ./clusterpolicy.yaml
|
|
||||||
|
|||||||
@@ -50,7 +50,7 @@ spec:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
annotations:
|
annotations:
|
||||||
external-dns.home.arpa/enabled: "true"
|
external-dns.alpha.kubernetes.io/target: services.${SECRET_DOMAIN}.
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
|
||||||
paths:
|
paths:
|
||||||
|
|||||||
Reference in New Issue
Block a user