Fascinated/homelab
Archived
1
1
Fork 0
Code Issues 1 Pull Requests 9 Actions Activity

move k8s cluster data to its own dir

Browse Source
This commit is contained in:
Lee
2024-09-23 10:08:50 +01:00
parent 65148505bd
commit cd9b8a1b2c
95 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
kubernetes/infrastructure/alerting/flux/alert.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Provider
metadata:
name: discord
namespace: flux-system
spec:
type: discord
address: "https://discord.com/api/webhooks/1287224007820574841/4lZh3e3OxI6Qu0BnzyEBzbGBc3tdhzWG66Dh9t8RdVbenClhOOAnqooclrw1amRoY5nB"
---
apiVersion: notification.toolkit.fluxcd.io/v1beta3
kind: Alert
metadata:
name: discord-alert
namespace: flux-system
spec:
summary: "Discord Alert"
providerRef:
name: discord # Changed from discord-webhook to discord
eventSeverity: info
eventSources:
- kind: GitRepository
name: "*"
- kind: Kustomization
name: "*"

5
kubernetes/infrastructure/alerting/flux/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- alert.yaml

27
kubernetes/infrastructure/backup/backup-task-template.yaml Normal file
View File

@ -0,0 +1,27 @@
---
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: kubernetes-backups
namespace: backups
spec:
# The PVC to be backed up
sourcePVC: set me
trigger:
# Take a backup every hour
schedule: "* * * * *"
restic:
# Prune the repository (repack to free space) every 2 weeks
pruneIntervalDays: 14
# Name of the Secret with the connection information
repository: restic-config
# Retention policy for backups
retain:
hourly: 6
daily: 5
weekly: 4
monthly: 2
yearly: 1
# Clone the source volume prior to taking a backup to ensure a
# point-in-time image.
copyMethod: Clone

7
kubernetes/infrastructure/backup/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: backups
resources:
- namespace.yaml
- volsync.yaml

5
kubernetes/infrastructure/backup/namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: backups

26
kubernetes/infrastructure/backup/volsync.yaml Normal file
View File

@ -0,0 +1,26 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: volsync-repository
namespace: backups
spec:
interval: 12h
url: https://backube.github.io/helm-charts/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: volsync
namespace: backups
spec:
interval: 30m
chart:
spec:
chart: volsync
version: "0.10.0"
sourceRef:
kind: HelmRepository
name: volsync
namespace: backups
interval: 12h

28
kubernetes/infrastructure/capacitor/capacitor.yaml Normal file
View File

@ -0,0 +1,28 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: capacitor
namespace: flux-system
spec:
interval: 12h
url: oci://ghcr.io/gimlet-io/capacitor-manifests
ref:
semver: ">=0.1.0"
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: capacitor
namespace: flux-system
spec:
targetNamespace: flux-system
interval: 1h
retryInterval: 2m
timeout: 5m
wait: true
prune: true
path: "./"
sourceRef:
kind: OCIRepository
name: capacitor

21
kubernetes/infrastructure/capacitor/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: capacitor-external-ingress
namespace: flux-system
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`capacitor.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: capacitor
port: 9000
tls:
secretName: fascinated-cc

7
kubernetes/infrastructure/capacitor/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flux-system
resources:
- capacitor.yaml
- ingress.yaml

28
kubernetes/infrastructure/cert-manager/cert-manager.yaml Normal file
View File

@ -0,0 +1,28 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 12h
url: https://charts.jetstack.io
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 30m
chart:
spec:
chart: cert-manager
version: "1.15.3"
sourceRef:
kind: HelmRepository
name: cert-manager
namespace: cert-manager
interval: 12h
values:
installCRDs: false

22
kubernetes/infrastructure/cert-manager/issuer.yaml Normal file
View File

@ -0,0 +1,22 @@
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: liam@fascinated.cc
privateKeySecretRef:
name: letsencrypt-production
solvers:
- dns01:
cloudflare:
email: liam@fascinated.cc
apiTokenSecretRef:
name: cloudflare-token-secret
key: cloudflare-token
selector:
dnsZones:
- "fascinated.cc"
- "mcutils.xyz"

8
kubernetes/infrastructure/cert-manager/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: cert-manager
resources:
- namespace.yaml
- cert-manager.yaml
- issuer.yaml

5
kubernetes/infrastructure/cert-manager/namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager

8200
kubernetes/infrastructure/crds/cert-manager.crds.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

7
kubernetes/infrastructure/crds/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flux-system
resources:
- traefik.crds.yaml
- cert-manager.crds.yaml

57
kubernetes/infrastructure/crds/traefik.crds.yaml Normal file
View File

@ -0,0 +1,57 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: traefik-crds
namespace: flux-system
spec:
interval: 30m
url: https://github.com/traefik/traefik-helm-chart.git
ref:
tag: v31.1.1
ignore: |
# exclude all
/*
# path to crds
!/traefik/crds/
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: traefik-api-crds
namespace: flux-system
spec:
interval: 15m
prune: false
sourceRef:
kind: GitRepository
name: traefik-crds
namespace: flux-system
healthChecks:
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: ingressroutes.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: ingressroutetcps.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: ingressrouteudps.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: middlewares.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: middlewaretcps.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: serverstransports.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: tlsoptions.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: tlsstores.traefik.containo.us
- apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
name: traefikservices.traefik.containo.us

14
kubernetes/infrastructure/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespaces
- cert-manager
- crds
- metallb
- nfs
- traefik
- capacitor
- monitoring
- alerting/flux
#- backup

9
kubernetes/infrastructure/metallb/ipaddresspool.yaml Normal file
View File

@ -0,0 +1,9 @@
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default
namespace: metallb-system
spec:
addresses:
- 10.0.69.200-10.0.69.254

8
kubernetes/infrastructure/metallb/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: metallb-system
resources:
- metallb.yaml
- ipaddresspool.yaml
- l2advertisement.yaml

5
kubernetes/infrastructure/metallb/l2advertisement.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
namespace: metallb-system

1985
kubernetes/infrastructure/metallb/metallb.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

21
kubernetes/infrastructure/monitoring/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-grafana-external-ingress
namespace: monitoring
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`kubernetes-grafana.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: kube-prometheus-stack-grafana
port: 80
tls:
secretName: fascinated-cc

58
kubernetes/infrastructure/monitoring/kube-prometheus-stack.yaml Normal file
View File

@ -0,0 +1,58 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: monitoring
namespace: monitoring
spec:
interval: 12h
url: https://prometheus-community.github.io/helm-charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: kube-prometheus-stack
namespace: monitoring
spec:
interval: 30m
chart:
spec:
chart: kube-prometheus-stack
version: "62.7.0"
sourceRef:
kind: HelmRepository
name: monitoring
namespace: monitoring
interval: 12h
values:
# Prometheus Volume
prometheus:
prometheusSpec:
scrapeInterval: 30s
evaluationInterval: 30s
ruleSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false
probeSelectorNilUsesHelmValues: false
scrapeConfigSelectorNilUsesHelmValues: false
enableAdminAPI: true
walCompression: true
enableFeatures:
- auto-gomemlimit
- memory-snapshot-on-shutdown
- new-service-discovery-manager
retention: 30d
retentionSize: 40GB
resources:
requests:
cpu: 100m
limits:
memory: 1500Mi
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: nfs-csi
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 50Gi

8
kubernetes/infrastructure/monitoring/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring
resources:
- namespace.yaml
- kube-prometheus-stack.yaml
- ingress.yaml

8
kubernetes/infrastructure/monitoring/namespace.yaml Normal file
View File

@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/enforce-version: latest

6
kubernetes/infrastructure/namespaces/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: public-services
resources:
- public-services-namespace.yaml

5
kubernetes/infrastructure/namespaces/public-services-namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: public-services

7
kubernetes/infrastructure/nfs/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- nfs-driver.yaml
- nfs-csi.yaml

16
kubernetes/infrastructure/nfs/nfs-csi.yaml Normal file
View File

@ -0,0 +1,16 @@
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-csi
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: nfs.csi.k8s.io
parameters:
server: 10.0.0.136
share: /mnt/user/Kubernetes
reclaimPolicy: Delete
volumeBindingMode: Immediate
mountOptions:
- hard
- nfsvers=4.1

25
kubernetes/infrastructure/nfs/nfs-driver.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: csi-driver-nfs
namespace: kube-system
spec:
interval: 12h
url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: csi-driver-nfs
namespace: kube-system
spec:
interval: 30m
chart:
spec:
chart: csi-driver-nfs
version: "v4.9.0"
sourceRef:
kind: HelmRepository
name: csi-driver-nfs
namespace: kube-system

15
kubernetes/infrastructure/traefik/certificates/fascinated-cc.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: fascinated-cc
namespace: traefik
spec:
secretName: fascinated-cc
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "*.fascinated.cc"
dnsNames:
- "fascinated.cc"
- "*.fascinated.cc"

14
kubernetes/infrastructure/traefik/certificates/local-fascinated-cc.yaml Normal file
View File

@ -0,0 +1,14 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: local-fascinated-cc
namespace: traefik
spec:
secretName: local-fascinated-cc
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "*.local.fascinated.cc"
dnsNames:
- "*.local.fascinated.cc"

15
kubernetes/infrastructure/traefik/certificates/mcutils-xyz.yaml Normal file
View File

@ -0,0 +1,15 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: mcutils-xyz
namespace: traefik
spec:
secretName: mcutils-xyz
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
commonName: "*.mcutils.xyz"
dnsNames:
- "mcutils.xyz"
- "*.mcutils.xyz"

33
kubernetes/infrastructure/traefik/external-services/aetheria-grafana.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: aetheria-grafana-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.225
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: aetheria-grafana-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`aetheria-grafana.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: aetheria-grafana-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/aetheria-influx.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: aetheria-influx-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.225
ports:
- name: http
port: 8086
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: aetheria-influx-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`aetheria-influx.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: aetheria-influx-external
port: 8086
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/analytics.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: analytics-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.120
ports:
- name: http
port: 8000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: analytics-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`analytics.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: analytics-external
port: 8000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/api.mcutils.xyz.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-utils-api-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.137
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-utils-api-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`api.mcutils.xyz`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-utils-api-external
port: 80
tls:
secretName: mcutils-xyz

33
kubernetes/infrastructure/traefik/external-services/azure-metrics.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: azure-metrics-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.204
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: azure-metrics-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`azure-metrics.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: azure-metrics-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/azure-phpma.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: azure-phpma-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.204
ports:
- name: http
port: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: azure-phpma-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`azure-phpma.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: azure-phpma-external
port: 8080
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/bitmagnet.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: bitmagnet-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.142
ports:
- name: http
port: 3333
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: bitmagnet-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`bitmagnet.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: bitmagnet-local-external
port: 3333
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/cdn.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: cdn-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8087
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: cdn-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`cdn.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: cdn-external
port: 8087
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/cloud.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: nextcloud-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.160
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`cloud.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: nextcloud-external
port: 80
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/docs.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: docs-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.254
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: docs-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`docs.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: docs-external
port: 80
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: main-site-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.209
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: main-site-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: main-site-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/git.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: git-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.235
ports:
- name: http
port: 3003
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: git-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`git.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: git-external
port: 3003
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/glitchtip.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: sentry-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.36
ports:
- name: http
port: 8000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: sentry-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`glitchtip.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: sentry-external
port: 8000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/grafana.mcutils.xyz.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-utils-grafana-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.137
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-utils-grafana-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`grafana.mcutils.xyz`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-utils-grafana-external
port: 3000
tls:
secretName: mcutils-xyz

33
kubernetes/infrastructure/traefik/external-services/influx.mcutils.xyz.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-utils-influx-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.137
ports:
- name: http
port: 8086
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-utils-influx-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`influx.mcutils.xyz`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-utils-influx-external
port: 8086
tls:
secretName: mcutils-xyz

33
kubernetes/infrastructure/traefik/external-services/mastodon.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mastodon-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mastodon-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`mastodon.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mastodon-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/mc-tracker.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-tracker-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.3.76
ports:
- name: http
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-tracker-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`mc-tracker.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-tracker-external
port: 3000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/mcutils.xyz.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: mc-utils-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.137
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mc-utils-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`mcutils.xyz`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: mc-utils-external
port: 80
tls:
secretName: mcutils-xyz

33
kubernetes/infrastructure/traefik/external-services/node-hl-01.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: node-hl-01-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.222
ports:
- name: http
port: 443
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: node-hl-01-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`node-hl-01.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: node-hl-01-external
port: 443
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/obsidian-sync.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: obsidian-sync-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.184
ports:
- name: http
port: 5984
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: obsidian-sync-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`obsidian-sync.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: obsidian-sync-external
port: 5984
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/overseerr.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: overseerr-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 5055
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: overseerr-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`overseerr.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: overseerr-external
port: 5055
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/owntracks-web.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: owntracks-web-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.43
ports:
- name: http
port: 6969
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: owntracks-web-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`owntracks-web.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: owntracks-web-external
port: 6969
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/owntracks.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: owntracks-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.43
ports:
- name: http
port: 8083
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: owntracks-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`owntracks.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: owntracks-external
port: 8083
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/panel.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: panel-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.244
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: panel-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`panel.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: panel-external
port: 80
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/paste-grafana.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: paste-grafana-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.118
ports:
- name: http
port: 3035
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: paste-grafana-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`paste-grafana.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: paste-grafana-local-external
port: 3035
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/plex.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: plex-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.235
ports:
- name: http
port: 32400
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: plex-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`plex.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: plex-external
port: 32400
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/proxmox.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: proxmox-luna-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.2
ports:
- name: https
port: 8006
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: proxmox-luna-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`proxmox.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: proxmox-luna-local-external
port: 8006
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/repo.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: repo-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.164
ports:
- name: http
port: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: repo-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`repo.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: repo-external
port: 8080
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/restic.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: restic-backups-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: restic-backups-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`restic.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: restic-backups-external
port: 8000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/s.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: slash-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.133
ports:
- name: http
port: 5231
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: slash-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`s.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: slash-external
port: 5231
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/sonarr-anime.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: sonarr-anime-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8988
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: sonarr-anime-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`sonarr-anime.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: sonarr-anime-local-external
port: 8988
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/sonarr.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: sonarr-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8989
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: sonarr-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`sonarr.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: sonarr-local-external
port: 8989
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/ssr-staging.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: ssr-staging-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.65
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ssr-staging-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`ssr-staging.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: ssr-staging-external
port: 80
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/status.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: status-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.8
ports:
- name: http
port: 3001
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: status-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`status.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: status-external
port: 3001
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/subscriptions.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: subscriptions-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.35
ports:
- name: http
port: 8282
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: subscriptions-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`subscriptions.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: subscriptions-external
port: 8282
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/tautulli.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: tautulli-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.183
ports:
- name: http
port: 8181
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: tautulli-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`tautulli.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: tautulli-external
port: 8181
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/tdarr.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: tdarr-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8265
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: tdarr-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`tdarr.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: tdarr-local-external
port: 8265
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/teleport.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: teleport-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.182
ports:
- name: https
port: 3080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: teleport-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`teleport.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: teleport-external
port: 3080
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/torrent.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: torrent-local-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: torrent-local-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`torrent.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: torrent-local-external
port: 8080
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/translate.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: translate-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.116
ports:
- name: http
port: 5000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: translate-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`translate.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: translate-external
port: 5000
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/tube.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: tube-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.0.136
ports:
- name: http
port: 8209
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: tube-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`tube.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: tube-external
port: 8209
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/vaultwarden.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: vaultwarden-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.224
ports:
- name: http
port: 4743
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: vaultwarden-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`vaultwarden.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: vaultwarden-external
port: 4743
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/vencloud.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: vencloud-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.202
ports:
- name: http
port: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: vencloud-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`vencloud.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: vencloud-external
port: 8080
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/wakatime.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: wakatime-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.251
ports:
- name: http
port: 3355
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wakatime-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`wakatime.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: wakatime-external
port: 3355
tls:
secretName: fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/wazuh.local.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: wazuh-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.212
ports:
- name: https
port: 443
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wazuh-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`wazuh.local.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: wazuh-external
port: 443
tls:
secretName: local-fascinated-cc

33
kubernetes/infrastructure/traefik/external-services/wiki.fascinated.cc.yml Normal file
View File

@ -0,0 +1,33 @@
kind: Service
apiVersion: v1
metadata:
name: wiki-external
namespace: traefik
spec:
type: ExternalName
externalName: 10.0.50.254
ports:
- name: http
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wiki-external-ingress
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`wiki.fascinated.cc`)
kind: Rule
middlewares:
- name: default-headers
namespace: traefik
services:
- name: wiki-external
port: 80
tls:
secretName: fascinated-cc

13
kubernetes/infrastructure/traefik/kustomization.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: traefik
resources:
- namespace.yaml
- traefik.yaml
- ./certificates/fascinated-cc.yaml
- ./certificates/local-fascinated-cc.yaml
- ./certificates/mcutils-xyz.yaml
- ./middlewares/default-headers.yaml
#- ./external-services
# for some stupid fucking reason kustomize doesn't support wildcards or globs?!?!?!??!?

18
kubernetes/infrastructure/traefik/middlewares/default-headers.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: default-headers
namespace: traefik
spec:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
referrerPolicy: no-referrer
contentSecurityPolicy: "default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self';"
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https

5
kubernetes/infrastructure/traefik/namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: traefik

91
kubernetes/infrastructure/traefik/traefik.yaml Normal file
View File

@ -0,0 +1,91 @@
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: traefik
namespace: traefik
spec:
interval: 12h
url: https://helm.traefik.io/traefik
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: traefik
namespace: traefik
spec:
interval: 30m
chart:
spec:
chart: traefik
version: "31.1.1"
sourceRef:
kind: HelmRepository
name: traefik
namespace: traefik
interval: 12h
values:
globalArguments:
- "--global.sendanonymoususage=false"
- "--global.checknewversion=false"
additionalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--log.level=INFO"
- "--providers.kubernetescrd.allowCrossNamespace=true"
- "--accesslog=true"
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 500m
memory: 1Gi # Update when traefik fixes their shitty mem leak
deployment:
enabled: true
replicas: 1
annotations: {}
podAnnotations: {}
additionalContainers: []
initContainers: []
ports:
web:
redirectTo:
port: websecure
priority: 10
websecure:
tls:
enabled: true
ingressRoute:
dashboard:
enabled: false
providers:
kubernetesCRD:
enabled: true
ingressClass: traefik-external
allowExternalNameServices: true
allowCrossNamespace: true
kubernetesIngress:
enabled: true
allowExternalNameServices: true
allowCrossNamespace: true
publishedService:
enabled: false
rbac:
enabled: true
service:
enabled: true
type: LoadBalancer
annotations: {}
labels: {}
spec:
loadBalancerIP: 10.0.69.250
loadBalancerSourceRanges: []
externalIPs: []