From 6b412e0a09ed98de83166eaa10361049ab94d217 Mon Sep 17 00:00:00 2001 From: alexlebens Date: Thu, 15 Aug 2024 17:48:27 -0500 Subject: [PATCH] migrate ingress to tailscale --- .../book-bounty/templates/ingress-route.yaml | 37 ------------------ .../book-bounty/templates/middleware.yaml | 27 ------------- .../cl01tl/applications/homepage/values.yaml | 28 +++++++------- .../lidatube/templates/ingress-route.yaml | 37 ------------------ .../lidatube/templates/middleware.yaml | 27 ------------- .../cl01tl/applications/prowlarr/Chart.yaml | 2 +- .../cl01tl/applications/prowlarr/values.yaml | 38 +++++++++---------- clusters/cl01tl/applications/tdarr/Chart.yaml | 2 +- .../cl01tl/applications/tdarr/values.yaml | 36 +++++++++--------- .../cl01tl/platform/qbittorrent/Chart.yaml | 2 +- .../cl01tl/platform/qbittorrent/values.yaml | 36 +++++++++--------- 11 files changed, 72 insertions(+), 200 deletions(-) delete mode 100644 clusters/cl01tl/applications/book-bounty/templates/ingress-route.yaml delete mode 100644 clusters/cl01tl/applications/book-bounty/templates/middleware.yaml delete mode 100644 clusters/cl01tl/applications/lidatube/templates/ingress-route.yaml delete mode 100644 clusters/cl01tl/applications/lidatube/templates/middleware.yaml diff --git a/clusters/cl01tl/applications/book-bounty/templates/ingress-route.yaml b/clusters/cl01tl/applications/book-bounty/templates/ingress-route.yaml deleted file mode 100644 index b3757828d..000000000 --- a/clusters/cl01tl/applications/book-bounty/templates/ingress-route.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: book-bounty - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: book-bounty - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - external-dns.alpha.kubernetes.io/hostname: bookbounty.alexlebens.net - external-dns.alpha.kubernetes.io/target: cl01tl-endpoint.alexlebens.net - kubernetes.io/ingress.class: traefik -spec: - entryPoints: - - websecure - routes: - - kind: Rule - match: Host(`bookbounty.alexlebens.net`) - middlewares: - - name: authentik-book-bounty - namespace: {{ .Release.Namespace }} - priority: 10 - services: - - kind: Service - name: book-bounty - port: 80 - - kind: Rule - match: Host(`bookbounty.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)" - priority: 15 - services: - - kind: Service - name: authentik-outpost-proxy - port: 9000 - namespace: authentik diff --git a/clusters/cl01tl/applications/book-bounty/templates/middleware.yaml b/clusters/cl01tl/applications/book-bounty/templates/middleware.yaml deleted file mode 100644 index 73602c2b7..000000000 --- a/clusters/cl01tl/applications/book-bounty/templates/middleware.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: authentik-book-bounty - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-book-bounty - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: auth - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - forwardAuth: - address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik - trustForwardHeader: true - authResponseHeaders: - - X-authentik-username - - X-authentik-groups - - X-authentik-email - - X-authentik-name - - X-authentik-uid - - X-authentik-jwt - - X-authentik-meta-jwks - - X-authentik-meta-outpost - - X-authentik-meta-provider - - X-authentik-meta-app - - X-authentik-meta-version diff --git a/clusters/cl01tl/applications/homepage/values.yaml b/clusters/cl01tl/applications/homepage/values.yaml index 76aec8b10..13979ea4b 100644 --- a/clusters/cl01tl/applications/homepage/values.yaml +++ b/clusters/cl01tl/applications/homepage/values.yaml @@ -43,7 +43,7 @@ homepage: - Media: tab: Applications icon: mdi-multimedia-#ffffff - - External: + - Public: tab: Applications icon: mdi-application-#ffffff - Internal: @@ -70,10 +70,10 @@ homepage: - Radarr: tab: Servarr icon: mdi-filmstrip-#ffffff - - Otharr: + - Other: tab: Servarr icon: mdi-music-box-multiple-#ffffff - - Media Services: + - Services (Servarr): tab: Servarr icon: mdi-radar-#ffffff - External Services: @@ -165,7 +165,7 @@ homepage: href: https://calibre.alexlebens.net siteMonitor: http://calibre-web-automated.calibre-web-automated:80 statusStyle: dot - - External: + - Public: - Passwords: icon: vaultwarden.png description: Vaultwarden @@ -246,7 +246,7 @@ homepage: siteMonitor: http://calibre-server-web.calibre-server:8080 statusStyle: dot - Code: - - Code (External): + - Code (Public): icon: gitea.png description: Gitea href: https://gitea.alexlebens.dev @@ -258,7 +258,7 @@ homepage: href: https://gitea.lebens-home.net siteMonitor: https://gitea.lebens-home.net statusStyle: dot - - IDE (External): + - IDE (Public): icon: code-server.png description: VS Code href: https://codeserver.alexlebens.dev @@ -345,7 +345,7 @@ homepage: siteMonitor: http://jellystat.jellystat:80 statusStyle: dot - Services: - - Auth (External): + - Auth (Public): icon: authentik.png description: Authentik href: https://auth.alexlebens.dev @@ -508,7 +508,7 @@ homepage: key: {{ "{{HOMEPAGE_VAR_RADARR4K_KEY}}" }} fields: ["wanted", "queued", "movies"] enableQueue: false - - Otharr: + - Other: - Lidarr: icon: lidarr.png description: Music @@ -538,11 +538,11 @@ homepage: href: https://readarr-audiobooks.alexlebens.net siteMonitor: http://readarr-audiobooks.readarr-audiobooks:80 statusStyle: dot - - Media Services: + - Services (Servarr): - qBittorrent: icon: qbittorrent.png description: P2P Downloads - href: https://qbittorrent.alexlebens.net + href: https://qbittorrent-cl01tl.boreal-beaufort.ts.net siteMonitor: http://qbittorrent.qbittorrent:8080 statusStyle: dot widget: @@ -551,7 +551,7 @@ homepage: - Tdarr: icon: tdarr.png description: Media transcoding and health checks - href: https://tdarr.alexlebens.net + href: https://tdarr-cl01tl.boreal-beaufort.ts.net siteMonitor: http://tdarr-web.tdarr:8265 statusStyle: dot widget: @@ -560,7 +560,7 @@ homepage: - Prowlarr: icon: prowlarr.png description: Indexers - href: https://prowlarr.alexlebens.net + href: https://prowlarr-cl01tl.boreal-beaufort.ts.net siteMonitor: http://prowlarr.prowlarr:80 statusStyle: dot widget: @@ -570,13 +570,13 @@ homepage: - Book Bounty: icon: https://raw.githubusercontent.com/TheWicklowWolf/BookBounty/main/src/static/bookbounty.png description: Searches for Books - href: https://bookbounty.alexlebens.net + href: https://bookbounty-cl01tl.boreal-beaufort.ts.net siteMonitor: http://book-bounty.book-bounty:80 statusStyle: dot - LidaTube: icon: https://raw.githubusercontent.com/TheWicklowWolf/LidaTube/main/src/static/lidatube.png description: Searches for Music - href: https://lidatube.alexlebens.net + href: https://lidatube-cl01tl.boreal-beaufort.ts.net siteMonitor: http://lidatube.lidatube:80 statusStyle: dot bookmarks.yaml: | diff --git a/clusters/cl01tl/applications/lidatube/templates/ingress-route.yaml b/clusters/cl01tl/applications/lidatube/templates/ingress-route.yaml deleted file mode 100644 index 969a955a1..000000000 --- a/clusters/cl01tl/applications/lidatube/templates/ingress-route.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: lidatube - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: lidatube - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} - annotations: - external-dns.alpha.kubernetes.io/hostname: lidatube.alexlebens.net - external-dns.alpha.kubernetes.io/target: cl01tl-endpoint.alexlebens.net - kubernetes.io/ingress.class: traefik -spec: - entryPoints: - - websecure - routes: - - kind: Rule - match: Host(`lidatube.alexlebens.net`) - middlewares: - - name: authentik-lidatube - namespace: {{ .Release.Namespace }} - priority: 10 - services: - - kind: Service - name: lidatube - port: 80 - - kind: Rule - match: Host(`lidatube.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)" - priority: 15 - services: - - kind: Service - name: authentik-outpost-proxy - port: 9000 - namespace: authentik diff --git a/clusters/cl01tl/applications/lidatube/templates/middleware.yaml b/clusters/cl01tl/applications/lidatube/templates/middleware.yaml deleted file mode 100644 index 67e93fdd9..000000000 --- a/clusters/cl01tl/applications/lidatube/templates/middleware.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: authentik-lidatube - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: authentik-lidatube - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: auth - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - forwardAuth: - address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik - trustForwardHeader: true - authResponseHeaders: - - X-authentik-username - - X-authentik-groups - - X-authentik-email - - X-authentik-name - - X-authentik-uid - - X-authentik-jwt - - X-authentik-meta-jwks - - X-authentik-meta-outpost - - X-authentik-meta-provider - - X-authentik-meta-app - - X-authentik-meta-version diff --git a/clusters/cl01tl/applications/prowlarr/Chart.yaml b/clusters/cl01tl/applications/prowlarr/Chart.yaml index ed5afc201..a777c654a 100644 --- a/clusters/cl01tl/applications/prowlarr/Chart.yaml +++ b/clusters/cl01tl/applications/prowlarr/Chart.yaml @@ -19,4 +19,4 @@ dependencies: repository: https://bjw-s.github.io/helm-charts/ version: 3.3.2 icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/prowlarr.png -appVersion: 1.18.0.4543 +appVersion: 1.21.2.4649 diff --git a/clusters/cl01tl/applications/prowlarr/values.yaml b/clusters/cl01tl/applications/prowlarr/values.yaml index 875659171..ecde2ddfc 100644 --- a/clusters/cl01tl/applications/prowlarr/values.yaml +++ b/clusters/cl01tl/applications/prowlarr/values.yaml @@ -57,25 +57,25 @@ prowlarr: targetPort: 9696 protocol: HTTP ingress: - main: - enabled: true - className: traefik - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: letsencrypt-issuer - hosts: - - host: prowlarr.alexlebens.net - paths: - - path: / - pathType: Prefix - service: - name: prowlarr - port: 80 - tls: - - secretName: prowlarr-secret-tls - hosts: - - prowlarr.alexlebens.net + # main: + # enabled: true + # className: traefik + # annotations: + # traefik.ingress.kubernetes.io/router.entrypoints: websecure + # traefik.ingress.kubernetes.io/router.tls: "true" + # cert-manager.io/cluster-issuer: letsencrypt-issuer + # hosts: + # - host: prowlarr.alexlebens.net + # paths: + # - path: / + # pathType: Prefix + # service: + # name: prowlarr + # port: 80 + # tls: + # - secretName: prowlarr-secret-tls + # hosts: + # - prowlarr.alexlebens.net tailscale: enabled: true className: tailscale diff --git a/clusters/cl01tl/applications/tdarr/Chart.yaml b/clusters/cl01tl/applications/tdarr/Chart.yaml index fdfd46629..47f5df3d0 100644 --- a/clusters/cl01tl/applications/tdarr/Chart.yaml +++ b/clusters/cl01tl/applications/tdarr/Chart.yaml @@ -26,4 +26,4 @@ dependencies: version: 1.1.2 repository: https://homeylab.github.io/helm-charts/ icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/tdarr.png -appVersion: 2.20.01 +appVersion: 2.24.03 diff --git a/clusters/cl01tl/applications/tdarr/values.yaml b/clusters/cl01tl/applications/tdarr/values.yaml index fac9cdb43..226509482 100644 --- a/clusters/cl01tl/applications/tdarr/values.yaml +++ b/clusters/cl01tl/applications/tdarr/values.yaml @@ -96,24 +96,24 @@ tdarr: targetPort: 8265 protocol: HTTP ingress: - main: - className: traefik - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: letsencrypt-issuer - hosts: - - host: tdarr.alexlebens.net - paths: - - path: / - pathType: Prefix - service: - name: tdarr-web - port: 8265 - tls: - - secretName: tdarr-secret-tls - hosts: - - tdarr.alexlebens.net + # main: + # className: traefik + # annotations: + # traefik.ingress.kubernetes.io/router.entrypoints: websecure + # traefik.ingress.kubernetes.io/router.tls: "true" + # cert-manager.io/cluster-issuer: letsencrypt-issuer + # hosts: + # - host: tdarr.alexlebens.net + # paths: + # - path: / + # pathType: Prefix + # service: + # name: tdarr-web + # port: 8265 + # tls: + # - secretName: tdarr-secret-tls + # hosts: + # - tdarr.alexlebens.net tailscale: enabled: true className: tailscale diff --git a/clusters/cl01tl/platform/qbittorrent/Chart.yaml b/clusters/cl01tl/platform/qbittorrent/Chart.yaml index bb43f588f..8e4b0c304 100644 --- a/clusters/cl01tl/platform/qbittorrent/Chart.yaml +++ b/clusters/cl01tl/platform/qbittorrent/Chart.yaml @@ -25,4 +25,4 @@ dependencies: repository: https://bjw-s.github.io/helm-charts/ version: 3.3.2 icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/qbittorrent.png -appVersion: 4.6.5 +appVersion: 4.6.5-r0-ls335 diff --git a/clusters/cl01tl/platform/qbittorrent/values.yaml b/clusters/cl01tl/platform/qbittorrent/values.yaml index e400041eb..c4566330e 100644 --- a/clusters/cl01tl/platform/qbittorrent/values.yaml +++ b/clusters/cl01tl/platform/qbittorrent/values.yaml @@ -124,24 +124,24 @@ qbittorrent: targetPort: 9022 protocol: HTTP ingress: - main: - className: traefik - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: letsencrypt-issuer - hosts: - - host: qbittorrent.alexlebens.net - paths: - - path: / - pathType: Prefix - service: - name: qbittorrent - port: 8080 - tls: - - secretName: qbittorrent-secret-tls - hosts: - - qbittorrent.alexlebens.net + # main: + # className: traefik + # annotations: + # traefik.ingress.kubernetes.io/router.entrypoints: websecure + # traefik.ingress.kubernetes.io/router.tls: "true" + # cert-manager.io/cluster-issuer: letsencrypt-issuer + # hosts: + # - host: qbittorrent.alexlebens.net + # paths: + # - path: / + # pathType: Prefix + # service: + # name: qbittorrent + # port: 8080 + # tls: + # - secretName: qbittorrent-secret-tls + # hosts: + # - qbittorrent.alexlebens.net tailscale: enabled: true className: tailscale