migrate ingress to tailscale

This commit is contained in:
2024-08-15 17:48:27 -05:00
parent 5100efe4a4
commit 6b412e0a09
11 changed files with 72 additions and 200 deletions

View File

@@ -1,37 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: book-bounty
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: book-bounty
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
external-dns.alpha.kubernetes.io/hostname: bookbounty.alexlebens.net
external-dns.alpha.kubernetes.io/target: cl01tl-endpoint.alexlebens.net
kubernetes.io/ingress.class: traefik
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`bookbounty.alexlebens.net`)
middlewares:
- name: authentik-book-bounty
namespace: {{ .Release.Namespace }}
priority: 10
services:
- kind: Service
name: book-bounty
port: 80
- kind: Rule
match: Host(`bookbounty.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
services:
- kind: Service
name: authentik-outpost-proxy
port: 9000
namespace: authentik

View File

@@ -1,27 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: authentik-book-bounty
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-book-bounty
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: auth
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

View File

@@ -43,7 +43,7 @@ homepage:
- Media:
tab: Applications
icon: mdi-multimedia-#ffffff
- External:
- Public:
tab: Applications
icon: mdi-application-#ffffff
- Internal:
@@ -70,10 +70,10 @@ homepage:
- Radarr:
tab: Servarr
icon: mdi-filmstrip-#ffffff
- Otharr:
- Other:
tab: Servarr
icon: mdi-music-box-multiple-#ffffff
- Media Services:
- Services (Servarr):
tab: Servarr
icon: mdi-radar-#ffffff
- External Services:
@@ -165,7 +165,7 @@ homepage:
href: https://calibre.alexlebens.net
siteMonitor: http://calibre-web-automated.calibre-web-automated:80
statusStyle: dot
- External:
- Public:
- Passwords:
icon: vaultwarden.png
description: Vaultwarden
@@ -246,7 +246,7 @@ homepage:
siteMonitor: http://calibre-server-web.calibre-server:8080
statusStyle: dot
- Code:
- Code (External):
- Code (Public):
icon: gitea.png
description: Gitea
href: https://gitea.alexlebens.dev
@@ -258,7 +258,7 @@ homepage:
href: https://gitea.lebens-home.net
siteMonitor: https://gitea.lebens-home.net
statusStyle: dot
- IDE (External):
- IDE (Public):
icon: code-server.png
description: VS Code
href: https://codeserver.alexlebens.dev
@@ -345,7 +345,7 @@ homepage:
siteMonitor: http://jellystat.jellystat:80
statusStyle: dot
- Services:
- Auth (External):
- Auth (Public):
icon: authentik.png
description: Authentik
href: https://auth.alexlebens.dev
@@ -508,7 +508,7 @@ homepage:
key: {{ "{{HOMEPAGE_VAR_RADARR4K_KEY}}" }}
fields: ["wanted", "queued", "movies"]
enableQueue: false
- Otharr:
- Other:
- Lidarr:
icon: lidarr.png
description: Music
@@ -538,11 +538,11 @@ homepage:
href: https://readarr-audiobooks.alexlebens.net
siteMonitor: http://readarr-audiobooks.readarr-audiobooks:80
statusStyle: dot
- Media Services:
- Services (Servarr):
- qBittorrent:
icon: qbittorrent.png
description: P2P Downloads
href: https://qbittorrent.alexlebens.net
href: https://qbittorrent-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://qbittorrent.qbittorrent:8080
statusStyle: dot
widget:
@@ -551,7 +551,7 @@ homepage:
- Tdarr:
icon: tdarr.png
description: Media transcoding and health checks
href: https://tdarr.alexlebens.net
href: https://tdarr-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://tdarr-web.tdarr:8265
statusStyle: dot
widget:
@@ -560,7 +560,7 @@ homepage:
- Prowlarr:
icon: prowlarr.png
description: Indexers
href: https://prowlarr.alexlebens.net
href: https://prowlarr-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://prowlarr.prowlarr:80
statusStyle: dot
widget:
@@ -570,13 +570,13 @@ homepage:
- Book Bounty:
icon: https://raw.githubusercontent.com/TheWicklowWolf/BookBounty/main/src/static/bookbounty.png
description: Searches for Books
href: https://bookbounty.alexlebens.net
href: https://bookbounty-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://book-bounty.book-bounty:80
statusStyle: dot
- LidaTube:
icon: https://raw.githubusercontent.com/TheWicklowWolf/LidaTube/main/src/static/lidatube.png
description: Searches for Music
href: https://lidatube.alexlebens.net
href: https://lidatube-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://lidatube.lidatube:80
statusStyle: dot
bookmarks.yaml: |

View File

@@ -1,37 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: lidatube
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: lidatube
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
annotations:
external-dns.alpha.kubernetes.io/hostname: lidatube.alexlebens.net
external-dns.alpha.kubernetes.io/target: cl01tl-endpoint.alexlebens.net
kubernetes.io/ingress.class: traefik
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`lidatube.alexlebens.net`)
middlewares:
- name: authentik-lidatube
namespace: {{ .Release.Namespace }}
priority: 10
services:
- kind: Service
name: lidatube
port: 80
- kind: Rule
match: Host(`lidatube.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
services:
- kind: Service
name: authentik-outpost-proxy
port: 9000
namespace: authentik

View File

@@ -1,27 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: authentik-lidatube
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: authentik-lidatube
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: auth
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
forwardAuth:
address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

View File

@@ -19,4 +19,4 @@ dependencies:
repository: https://bjw-s.github.io/helm-charts/
version: 3.3.2
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/prowlarr.png
appVersion: 1.18.0.4543
appVersion: 1.21.2.4649

View File

@@ -57,25 +57,25 @@ prowlarr:
targetPort: 9696
protocol: HTTP
ingress:
main:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hosts:
- host: prowlarr.alexlebens.net
paths:
- path: /
pathType: Prefix
service:
name: prowlarr
port: 80
tls:
- secretName: prowlarr-secret-tls
hosts:
- prowlarr.alexlebens.net
# main:
# enabled: true
# className: traefik
# annotations:
# traefik.ingress.kubernetes.io/router.entrypoints: websecure
# traefik.ingress.kubernetes.io/router.tls: "true"
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# hosts:
# - host: prowlarr.alexlebens.net
# paths:
# - path: /
# pathType: Prefix
# service:
# name: prowlarr
# port: 80
# tls:
# - secretName: prowlarr-secret-tls
# hosts:
# - prowlarr.alexlebens.net
tailscale:
enabled: true
className: tailscale

View File

@@ -26,4 +26,4 @@ dependencies:
version: 1.1.2
repository: https://homeylab.github.io/helm-charts/
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/tdarr.png
appVersion: 2.20.01
appVersion: 2.24.03

View File

@@ -96,24 +96,24 @@ tdarr:
targetPort: 8265
protocol: HTTP
ingress:
main:
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hosts:
- host: tdarr.alexlebens.net
paths:
- path: /
pathType: Prefix
service:
name: tdarr-web
port: 8265
tls:
- secretName: tdarr-secret-tls
hosts:
- tdarr.alexlebens.net
# main:
# className: traefik
# annotations:
# traefik.ingress.kubernetes.io/router.entrypoints: websecure
# traefik.ingress.kubernetes.io/router.tls: "true"
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# hosts:
# - host: tdarr.alexlebens.net
# paths:
# - path: /
# pathType: Prefix
# service:
# name: tdarr-web
# port: 8265
# tls:
# - secretName: tdarr-secret-tls
# hosts:
# - tdarr.alexlebens.net
tailscale:
enabled: true
className: tailscale

View File

@@ -25,4 +25,4 @@ dependencies:
repository: https://bjw-s.github.io/helm-charts/
version: 3.3.2
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/qbittorrent.png
appVersion: 4.6.5
appVersion: 4.6.5-r0-ls335

View File

@@ -124,24 +124,24 @@ qbittorrent:
targetPort: 9022
protocol: HTTP
ingress:
main:
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hosts:
- host: qbittorrent.alexlebens.net
paths:
- path: /
pathType: Prefix
service:
name: qbittorrent
port: 8080
tls:
- secretName: qbittorrent-secret-tls
hosts:
- qbittorrent.alexlebens.net
# main:
# className: traefik
# annotations:
# traefik.ingress.kubernetes.io/router.entrypoints: websecure
# traefik.ingress.kubernetes.io/router.tls: "true"
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# hosts:
# - host: qbittorrent.alexlebens.net
# paths:
# - path: /
# pathType: Prefix
# service:
# name: qbittorrent
# port: 8080
# tls:
# - secretName: qbittorrent-secret-tls
# hosts:
# - qbittorrent.alexlebens.net
tailscale:
enabled: true
className: tailscale