Fascinated/homelab
Archived
1
1
Fork 0
Code Issues 1 Pull Requests 9 Actions Activity

move k8s cluster data to its own dir

Browse Source
This commit is contained in:
Lee
2024-09-23 10:08:50 +01:00
parent 65148505bd
commit cd9b8a1b2c
95 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
kubernetes/apps/production/flyimg/config.yaml Normal file
View File

@ -0,0 +1,154 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: flyimg-config
namespace: public-services
data:
parameters.yml: |
---
# Debug
debug: false
# Home page title
home_page_title: Flyimg
# Number of days for header cache expires `max_age`
header_cache_days: 365
# To enable the Cleanup Cronjob to purge the var/tmp folder
enable_cronjob_cleanup: true
# The cronjob interval to cleanup the var/tmp folder
cronjob_cleanup_interval: "0 */5 * * *"
# Options separator
# When changing this value, you should change the OPTIONS_SEPARATOR value in web/js/main.js!
options_separator: ','
# Security: Signature generation
# Security key
security_key: ''
# Secret Initialization vector(IV)
security_iv: ''
# Restrict domains, false by default
restricted_domains: false
# If restricted_domains is enabled, put whitelist domains here
whitelist_domains:
- domain-1.com
- domain-2.com
# Default storage system is local, to use AWS S3, change this param to s3
storage_system: local
# In case storage_system: s3, you need to add those AWS S3 parameters:
aws_s3:
access_id: ''
secret_key: ''
region: 'eu-central-1'
bucket_name: ''
# Number of threads for Imagemagick to use
thread: 1
# For Avif format: conversion speed parameter for the HEIF library.
heic_speed: 8
# Read source image timeout in seconds
source_image_request_timeout: 5
# When set to true the generated image will be deleted from the cache in web/upload and served directly in the response
disable_cache: false
# When supported by the browser, AVIF format will be served as default output
enable_avif: true
# When supported by the browser, Webp format will be served as default output (after checking AVIF support)
enable_webp: true
# Extra options for the header sent to source image server, as some servers requires the User-Agent.
header_extra_options:
- 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201'
# List of request header to forward to source image server (example Authorization)
forward_request_headers: []
# Keys used in url to match options. Ex: q_80,w_200,h_100
options_keys:
q: quality
o: output
unsh: unsharp
sh: sharpen
blr: blur
fc: face-crop
fcp: face-crop-position
fb: face-blur
w: width
h: height
c: crop
bg: background
st: strip
ao: auto-orient
rz: resize
g: gravity
f: filter
r: rotate
sc: scale
sf: sampling-factor
rf: refresh
smc: smart-crop
ett: extent
par: preserve-aspect-ratio
pns: preserve-natural-size
webpl: webp-lossless
gf: gif-frame
e: extract
p1x: extract-top-x
p1y: extract-top-y
p2x: extract-bottom-x
p2y: extract-bottom-y
pdfp: pdf-page-number
tm: time
clsp: colorspace
mnchr: monochrome
# Default options values
default_options:
quality: 70
output: webp
unsharp: null
sharpen: null
blur: null
face-crop: 0
face-crop-position: 0
face-blur: 0
width: null
height: null
crop: null
background: null
strip: 1
auto-orient: 0
resize: null
gravity: Center
filter: Lanczos
rotate: null
scale: null
sampling-factor: 1x1
refresh: false
smart-crop: false
extent: null
preserve-aspect-ratio: 1
preserve-natural-size: 1
webp-lossless: 0
gif-frame: 0
extract: null
extract-top-x: null
extract-top-y: null
extract-bottom-x: null
extract-bottom-y: null
pdf-page-number: 1
time: '00:00:01'
colorspace: 'sRGB'
monochrome: null

45
kubernetes/apps/production/flyimg/deployment.yaml Normal file
View File

@ -0,0 +1,45 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flyimg
namespace: public-services
spec:
replicas: 1
selector:
matchLabels:
app: flyimg
template:
metadata:
labels:
app: flyimg
spec:
containers:
- name: flyimg-container
image: flyimg/flyimg:1.4.12
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- containerPort: 80
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 1000m # 1 vCPU
memory: 200Mi
volumeMounts:
- name: flyimg-storage
mountPath: /var/www/html/web/uploads
- name: config-volume
mountPath: /var/www/html/config/parameters.yml
subPath: parameters.yml
volumes:
- name: flyimg-storage
persistentVolumeClaim:
claimName: flyimg-pvc
- name: config-volume
configMap:
name: flyimg-config

21
kubernetes/apps/production/flyimg/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: capacitor-external-ingress
namespace: public-services
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`img.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: flyimg-service
port: 80
tls:
secretName: fascinated-cc

10
kubernetes/apps/production/flyimg/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: public-services
resources:
- config.yaml
- pvc.yaml
- deployment.yaml
- service.yaml
- ingress.yaml

12
kubernetes/apps/production/flyimg/pvc.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flyimg-pvc
namespace: public-services
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

13
kubernetes/apps/production/flyimg/service.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: flyimg-service
namespace: public-services
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 80
selector:
app: flyimg

16
kubernetes/clusters/production/apps.yaml Normal file
View File

@ -0,0 +1,16 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
interval: 10m0s
dependsOn:
- name: infrastructure
sourceRef:
kind: GitRepository
name: flux-system
path: ./apps/production
prune: true
wait: true

14306
kubernetes/clusters/production/flux-system/gotk-components.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

27
kubernetes/clusters/production/flux-system/gotk-sync.yaml Normal file
View File

@ -0,0 +1,27 @@
# This manifest was generated by flux. DO NOT EDIT.
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10s
ref:
branch: master
secretRef:
name: flux-system
url: https://git.fascinated.cc/fascinated/home-ops.git
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: flux-system
namespace: flux-system
spec:
interval: 10m0s
path: ./clusters/production
prune: true
sourceRef:
kind: GitRepository
name: flux-system

5
kubernetes/clusters/production/flux-system/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml

14
kubernetes/clusters/production/infrastructure.yaml Normal file
View File

@ -0,0 +1,14 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: infrastructure
namespace: flux-system
spec:
interval: 10m0s
sourceRef:
kind: GitRepository
name: flux-system
path: ./infrastructure
prune: true
wait: true

BIN
kubernetes/images/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

25
kubernetes/infrastructure/alerting/flux/alert.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Provider
metadata:
name: discord
namespace: flux-system
spec:
type: discord
address: "https://discord.com/api/webhooks/1287224007820574841/4lZh3e3OxI6Qu0BnzyEBzbGBc3tdhzWG66Dh9t8RdVbenClhOOAnqooclrw1amRoY5nB"
---
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Alert
metadata:
name: discord-alert
namespace: flux-system
spec:
summary: "Discord Alert"
providerRef:
name: discord # Changed from discord-webhook to discord
eventSeverity: info
eventSources:
- kind: GitRepository
name: "*"
- kind: Kustomization
name: "*"

5
kubernetes/infrastructure/alerting/flux/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- alert.yaml

27
kubernetes/infrastructure/backup/backup-task-template.yaml Normal file
View File

@ -0,0 +1,27 @@
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: kubernetes-backups
namespace: backups
spec:
# The PVC to be backed up
sourcePVC: set me
trigger:
# Take a backup every hour
schedule: "* * * * *"
restic:
# Prune the repository (repack to free space) every 2 weeks
pruneIntervalDays: 14
# Name of the Secret with the connection information
repository: restic-config
# Retention policy for backups
retain:
hourly: 6
daily: 5
weekly: 4
monthly: 2
yearly: 1
# Clone the source volume prior to taking a backup to ensure a
# point-in-time image.
copyMethod: Clone

7
kubernetes/infrastructure/backup/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: backups
resources:
- namespace.yaml
- volsync.yaml

5
kubernetes/infrastructure/backup/namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: backups

26
kubernetes/infrastructure/backup/volsync.yaml Normal file
View File

@ -0,0 +1,26 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: volsync-repository
namespace: backups
spec:
interval: 12h
url: https://backube.github.io/helm-charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: volsync
namespace: backups
spec:
interval: 30m
chart:
spec:
chart: volsync
version: "0.10.0"
sourceRef:
kind: HelmRepository
name: volsync
namespace: backups
interval: 12h

28
kubernetes/infrastructure/capacitor/capacitor.yaml Normal file
View File

@ -0,0 +1,28 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: capacitor
namespace: flux-system
spec:
interval: 12h
url: oci://ghcr.io/gimlet-io/capacitor-manifests
ref:
semver: ">=0.1.0"
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: capacitor
namespace: flux-system
spec:
targetNamespace: flux-system
interval: 1h
retryInterval: 2m
timeout: 5m
wait: true
prune: true
path: "./"
sourceRef:
kind: OCIRepository
name: capacitor

21
kubernetes/infrastructure/capacitor/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: capacitor-external-ingress
namespace: flux-system
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`capacitor.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: capacitor
port: 9000
tls:
secretName: fascinated-cc

7
kubernetes/infrastructure/capacitor/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flux-system
resources:
- capacitor.yaml
- ingress.yaml

28
kubernetes/infrastructure/cert-manager/cert-manager.yaml Normal file
View File

@ -0,0 +1,28 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 12h
url: https://charts.jetstack.io
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 30m
chart:
spec:
chart: cert-manager
version: "1.15.3"
sourceRef:
kind: HelmRepository
name: cert-manager
namespace: cert-manager
interval: 12h
values:
installCRDs: false

22
kubernetes/infrastructure/cert-manager/issuer.yaml Normal file
View File

@ -0,0 +1,22 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: liam@fascinated.cc
privateKeySecretRef:
name: letsencrypt-production
solvers:
- dns01:
cloudflare:
email: liam@fascinated.cc
apiTokenSecretRef:
name: cloudflare-token-secret
key: cloudflare-token
selector:
dnsZones:
- "fascinated.cc"
- "mcutils.xyz"

8
kubernetes/infrastructure/cert-manager/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- namespace.yaml
- cert-manager.yaml
- issuer.yaml

5
kubernetes/infrastructure/cert-manager/namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager

8200
kubernetes/infrastructure/crds/cert-manager.crds.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

7
kubernetes/infrastructure/crds/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flux-system
resources:
- traefik.crds.yaml
- cert-manager.crds.yaml

57
kubernetes/infrastructure/crds/traefik.crds.yaml Normal file
View File

@ -0,0 +1,57 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: traefik-crds
namespace: flux-system
spec:
interval: 30m
url: https://github.com/traefik/traefik-helm-chart.git
ref:
tag: v31.1.1
ignore: |
# exclude all
/*
# path to crds
!/traefik/crds/
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik-api-crds
namespace: flux-system
spec:
interval: 15m
prune: false
sourceRef:
kind: GitRepository
name: traefik-crds
namespace: flux-system
healthChecks:
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: ingressroutes.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: ingressroutetcps.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: ingressrouteudps.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: middlewares.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: middlewaretcps.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: serverstransports.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: tlsoptions.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: tlsstores.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: traefikservices.traefik.containo.us

14
kubernetes/infrastructure/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces
- cert-manager
- crds
- metallb
- nfs
- traefik
- capacitor
- monitoring
- alerting/flux
#- backup

9
kubernetes/infrastructure/metallb/ipaddresspool.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default
namespace: metallb-system
spec:
addresses:
- 10.0.69.200-10.0.69.254

8
kubernetes/infrastructure/metallb/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: metallb-system
resources:
- metallb.yaml
- ipaddresspool.yaml
- l2advertisement.yaml

5
kubernetes/infrastructure/metallb/l2advertisement.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
namespace: metallb-system

1985
kubernetes/infrastructure/metallb/metallb.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

21
kubernetes/infrastructure/monitoring/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-grafana-external-ingress
namespace: monitoring
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`kubernetes-grafana.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: kube-prometheus-stack-grafana
port: 80
tls:
secretName: fascinated-cc

58
kubernetes/infrastructure/monitoring/kube-prometheus-stack.yaml Normal file
View File

@ -0,0 +1,58 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: monitoring
namespace: monitoring
spec:
interval: 12h
url: https://prometheus-community.github.io/helm-charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: kube-prometheus-stack
namespace: monitoring
spec:
interval: 30m
chart:
spec:
chart: kube-prometheus-stack
version: "62.7.0"
sourceRef:
kind: HelmRepository
name: monitoring
namespace: monitoring
interval: 12h
values:
# Prometheus Volume
prometheus:
prometheusSpec:
scrapeInterval: 30s
evaluationInterval: 30s
ruleSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false
probeSelectorNilUsesHelmValues: false
scrapeConfigSelectorNilUsesHelmValues: false
enableAdminAPI: true
walCompression: true
enableFeatures:
- auto-gomemlimit
- memory-snapshot-on-shutdown
- new-service-discovery-manager
retention: 30d
retentionSize: 40GB
resources:
requests:
cpu: 100m
limits:
memory: 1500Mi
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: nfs-csi
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 50Gi

8
kubernetes/infrastructure/monitoring/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring
resources:
- namespace.yaml
- kube-prometheus-stack.yaml
- ingress.yaml

8
kubernetes/infrastructure/monitoring/namespace.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/enforce-version: latest

6
kubernetes/infrastructure/namespaces/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: public-services
resources:
- public-services-namespace.yaml

5
kubernetes/infrastructure/namespaces/public-services-namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: public-services

7
kubernetes/infrastructure/nfs/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- nfs-driver.yaml
- nfs-csi.yaml

16
kubernetes/infrastructure/nfs/nfs-csi.yaml Normal file
View File

@ -0,0 +1,16 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-csi
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: nfs.csi.k8s.io
parameters:
server: 10.0.0.136
share: /mnt/user/Kubernetes
reclaimPolicy: Delete
volumeBindingMode: Immediate
mountOptions:
- hard
- nfsvers=4.1

25
kubernetes/infrastructure/nfs/nfs-driver.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: csi-driver-nfs
namespace: kube-system
spec:
interval: 12h
url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: csi-driver-nfs
namespace: kube-system
spec:
interval: 30m
chart:
spec:
chart: csi-driver-nfs
version: "v4.9.0"
sourceRef:
kind: HelmRepository
name: csi-driver-nfs
namespace: kube-system

15
kubernetes/infrastructure/traefik/certificates/fascinated-cc.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: fascinated-cc
namespace: traefik
spec:
secretName: fascinated-cc
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "*.fascinated.cc"
dnsNames:
- "fascinated.cc"
- "*.fascinated.cc"

14
kubernetes/infrastructure/traefik/certificates/local-fascinated-cc.yaml Normal file
View File

@ -0,0 +1,14 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: local-fascinated-cc
namespace: traefik
spec:
secretName: local-fascinated-cc
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "*.local.fascinated.cc"
dnsNames:
- "*.local.fascinated.cc"

15
kubernetes/infrastructure/traefik/certificates/mcutils-xyz.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: mcutils-xyz
namespace: traefik
spec:
secretName: mcutils-xyz
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "*.mcutils.xyz"
dnsNames:
- "mcutils.xyz"
- "*.mcutils.xyz"

33
kubernetes/infrastructure/traefik/external-services/aetheria-grafana.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: aetheria-grafana-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.225
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: aetheria-grafana-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`aetheria-grafana.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: aetheria-grafana-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/aetheria-influx.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: aetheria-influx-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.225
ports:
- name: http
port: 8086
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: aetheria-influx-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`aetheria-influx.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: aetheria-influx-external
port: 8086
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/analytics.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: analytics-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.120
ports:
- name: http
port: 8000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: analytics-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`analytics.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: analytics-external
port: 8000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/api.mcutils.xyz.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-utils-api-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.137
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-utils-api-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`api.mcutils.xyz`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-utils-api-external
port: 80
tls:
secretName: mcutils-xyz

33
kubernetes/infrastructure/traefik/external-services/azure-metrics.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: azure-metrics-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.204
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: azure-metrics-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`azure-metrics.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: azure-metrics-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/azure-phpma.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: azure-phpma-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.204
ports:
- name: http
port: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: azure-phpma-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`azure-phpma.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: azure-phpma-external
port: 8080
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/bitmagnet.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: bitmagnet-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.142
ports:
- name: http
port: 3333
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: bitmagnet-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`bitmagnet.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: bitmagnet-local-external
port: 3333
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/cdn.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: cdn-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8087
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: cdn-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`cdn.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: cdn-external
port: 8087
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/cloud.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: nextcloud-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.160
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`cloud.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: nextcloud-external
port: 80
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/docs.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: docs-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.254
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: docs-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`docs.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: docs-external
port: 80
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: main-site-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.209
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: main-site-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: main-site-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/git.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: git-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.235
ports:
- name: http
port: 3003
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: git-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`git.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: git-external
port: 3003
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/glitchtip.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: sentry-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.36
ports:
- name: http
port: 8000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: sentry-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`glitchtip.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: sentry-external
port: 8000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/grafana.mcutils.xyz.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-utils-grafana-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.137
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-utils-grafana-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`grafana.mcutils.xyz`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-utils-grafana-external
port: 3000
tls:
secretName: mcutils-xyz

33
kubernetes/infrastructure/traefik/external-services/influx.mcutils.xyz.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-utils-influx-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.137
ports:
- name: http
port: 8086
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-utils-influx-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`influx.mcutils.xyz`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-utils-influx-external
port: 8086
tls:
secretName: mcutils-xyz

33
kubernetes/infrastructure/traefik/external-services/mastodon.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mastodon-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mastodon-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`mastodon.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mastodon-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/mc-tracker.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-tracker-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.3.76
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-tracker-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`mc-tracker.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-tracker-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/mcutils.xyz.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-utils-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.137
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-utils-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`mcutils.xyz`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-utils-external
port: 80
tls:
secretName: mcutils-xyz

33
kubernetes/infrastructure/traefik/external-services/node-hl-01.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: node-hl-01-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.222
ports:
- name: http
port: 443
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: node-hl-01-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`node-hl-01.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: node-hl-01-external
port: 443
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/obsidian-sync.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: obsidian-sync-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.184
ports:
- name: http
port: 5984
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: obsidian-sync-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`obsidian-sync.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: obsidian-sync-external
port: 5984
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/overseerr.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: overseerr-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 5055
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: overseerr-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`overseerr.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: overseerr-external
port: 5055
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/owntracks-web.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: owntracks-web-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.43
ports:
- name: http
port: 6969
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: owntracks-web-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`owntracks-web.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: owntracks-web-external
port: 6969
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/owntracks.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: owntracks-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.43
ports:
- name: http
port: 8083
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: owntracks-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`owntracks.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: owntracks-external
port: 8083
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/panel.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: panel-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.244
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: panel-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`panel.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: panel-external
port: 80
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/paste-grafana.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: paste-grafana-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.118
ports:
- name: http
port: 3035
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: paste-grafana-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`paste-grafana.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: paste-grafana-local-external
port: 3035
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/plex.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: plex-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.235
ports:
- name: http
port: 32400
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: plex-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`plex.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: plex-external
port: 32400
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/proxmox.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: proxmox-luna-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.2
ports:
- name: https
port: 8006
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: proxmox-luna-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`proxmox.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: proxmox-luna-local-external
port: 8006
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/repo.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: repo-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.164
ports:
- name: http
port: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: repo-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`repo.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: repo-external
port: 8080
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/restic.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: restic-backups-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: restic-backups-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`restic.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: restic-backups-external
port: 8000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/s.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: slash-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.133
ports:
- name: http
port: 5231
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: slash-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`s.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: slash-external
port: 5231
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/sonarr-anime.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: sonarr-anime-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8988
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: sonarr-anime-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`sonarr-anime.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: sonarr-anime-local-external
port: 8988
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/sonarr.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: sonarr-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8989
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: sonarr-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`sonarr.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: sonarr-local-external
port: 8989
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/ssr-staging.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: ssr-staging-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.65
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ssr-staging-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`ssr-staging.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: ssr-staging-external
port: 80
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/status.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: status-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.8
ports:
- name: http
port: 3001
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: status-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`status.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: status-external
port: 3001
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/subscriptions.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: subscriptions-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.35
ports:
- name: http
port: 8282
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: subscriptions-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`subscriptions.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: subscriptions-external
port: 8282
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/tautulli.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: tautulli-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.183
ports:
- name: http
port: 8181
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: tautulli-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`tautulli.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: tautulli-external
port: 8181
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/tdarr.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: tdarr-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8265
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: tdarr-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`tdarr.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: tdarr-local-external
port: 8265
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/teleport.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: teleport-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.182
ports:
- name: https
port: 3080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: teleport-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`teleport.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: teleport-external
port: 3080
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/torrent.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: torrent-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: torrent-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`torrent.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: torrent-local-external
port: 8080
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/translate.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: translate-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.116
ports:
- name: http
port: 5000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: translate-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`translate.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: translate-external
port: 5000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/tube.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: tube-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8209
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: tube-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`tube.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: tube-external
port: 8209
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/vaultwarden.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: vaultwarden-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.224
ports:
- name: http
port: 4743
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: vaultwarden-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`vaultwarden.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: vaultwarden-external
port: 4743
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/vencloud.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: vencloud-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.202
ports:
- name: http
port: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: vencloud-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`vencloud.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: vencloud-external
port: 8080
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/wakatime.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: wakatime-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.251
ports:
- name: http
port: 3355
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wakatime-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`wakatime.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: wakatime-external
port: 3355
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/wazuh.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: wazuh-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.212
ports:
- name: https
port: 443
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wazuh-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`wazuh.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: wazuh-external
port: 443
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/wiki.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: wiki-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.254
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wiki-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`wiki.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: wiki-external
port: 80
tls:
secretName: fascinated-cc

13
kubernetes/infrastructure/traefik/kustomization.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: traefik
resources:
- namespace.yaml
- traefik.yaml
- ./certificates/fascinated-cc.yaml
- ./certificates/local-fascinated-cc.yaml
- ./certificates/mcutils-xyz.yaml
- ./middlewares/default-headers.yaml
#- ./external-services
# for some stupid fucking reason kustomize doesn't support wildcards or globs?!?!?!??!?

18
kubernetes/infrastructure/traefik/middlewares/default-headers.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: default-headers
namespace: traefik
spec:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
referrerPolicy: no-referrer
contentSecurityPolicy: "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self';"
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https

5
kubernetes/infrastructure/traefik/namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: traefik

91
kubernetes/infrastructure/traefik/traefik.yaml Normal file
View File

@ -0,0 +1,91 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: traefik
namespace: traefik
spec:
interval: 12h
url: https://helm.traefik.io/traefik
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: traefik
namespace: traefik
spec:
interval: 30m
chart:
spec:
chart: traefik
version: "31.1.1"
sourceRef:
kind: HelmRepository
name: traefik
namespace: traefik
interval: 12h
values:
globalArguments:
- "--global.sendanonymoususage=false"
- "--global.checknewversion=false"
additionalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--log.level=INFO"
- "--providers.kubernetescrd.allowCrossNamespace=true"
- "--accesslog=true"
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 500m
memory: 1Gi # Update when traefik fixes their shitty mem leak
deployment:
enabled: true
replicas: 1
annotations: {}
podAnnotations: {}
additionalContainers: []
initContainers: []
ports:
web:
redirectTo:
port: websecure
priority: 10
websecure:
tls:
enabled: true
ingressRoute:
dashboard:
enabled: false
providers:
kubernetesCRD:
enabled: true
ingressClass: traefik-external
allowExternalNameServices: true
allowCrossNamespace: true
kubernetesIngress:
enabled: true
allowExternalNameServices: true
allowCrossNamespace: true
publishedService:
enabled: false
rbac:
enabled: true
service:
enabled: true
type: LoadBalancer
annotations: {}
labels: {}
spec:
loadBalancerIP: 10.0.69.250
loadBalancerSourceRanges: []
externalIPs: []