alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity

change ingress to tailscale

Browse Source
This commit is contained in:
Alex Lebens
2024-08-17 12:20:51 -05:00
parent ba85c04b9a
commit 9a4781eddb
2 changed files with 32 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clusters/cl01tl/applications/homepage/values.yaml
View File

@@ -236,7 +236,7 @@ homepage:
- Web Design: - Web Design:
icon: https://raw.githubusercontent.com/penpot/penpot/362d4ea47f06d169dd6e0a34cb9d141200e646e6/frontend/resources/images/icons/penpot-logo-icon.svg icon: https://raw.githubusercontent.com/penpot/penpot/362d4ea47f06d169dd6e0a34cb9d141200e646e6/frontend/resources/images/icons/penpot-logo-icon.svg
description: Penpot description: Penpot
href: https://penpot.alexlebens.net href: https://penpot-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://penpot-frontend.penpot:80 siteMonitor: http://penpot-frontend.penpot:80
statusStyle: dot statusStyle: dot
- Calibre Server: - Calibre Server:
@@ -455,7 +455,7 @@ homepage:
- Object Storage (Penpot): - Object Storage (Penpot):
icon: minio.png icon: minio.png
description: Minio Tenant description: Minio Tenant
href: https://minio-penpot.alexlebens.net href: https://minio-penpot-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://minio-penpot-console.penpot:9090 siteMonitor: http://minio-penpot-console.penpot:9090
statusStyle: dot statusStyle: dot
- Sonarr: - Sonarr:

76
clusters/cl01tl/applications/penpot/values.yaml
View File

@@ -26,7 +26,7 @@ penpot:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PENPOT_PUBLIC_URI - name: PENPOT_PUBLIC_URI
value: https://penpot.alexlebens.net value: https://penpot-cl01tl.boreal-beaufort.ts.net
- name: PENPOT_FLAGS - name: PENPOT_FLAGS
value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning
- name: PENPOT_SECRET_KEY - name: PENPOT_SECRET_KEY
@@ -55,11 +55,11 @@ penpot:
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: penpot value: penpot
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
value: http://minio.penpot:80 value: https://penpot-storage-cl01tl.boreal-beaufort.ts.net/penpot
- name: PENPOT_TELEMETRY_ENABLED - name: PENPOT_TELEMETRY_ENABLED
value: false value: false
- name: PENPOT_OIDC_BASE_URI - name: PENPOT_OIDC_BASE_URI
value: https://authentik.alexlebens.net/application/o/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/
- name: PENPOT_OIDC_CLIENT_ID - name: PENPOT_OIDC_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -71,11 +71,11 @@ penpot:
name: penpot-oidc-secret name: penpot-oidc-secret
key: secret key: secret
- name: PENPOT_OIDC_AUTH_URI - name: PENPOT_OIDC_AUTH_URI
value: https://authentik.alexlebens.net/application/o/authorize/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/
- name: PENPOT_OIDC_TOKEN_URI - name: PENPOT_OIDC_TOKEN_URI
value: https://authentik.alexlebens.net/application/o/token/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/
- name: PENPOT_OIDC_USER_URI - name: PENPOT_OIDC_USER_URI
value: https://authentik.alexlebens.net/application/o/userinfo/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/
- name: PENPOT_OIDC_SCOPES - name: PENPOT_OIDC_SCOPES
value: "openid profile email" value: "openid profile email"
- name: PENPOT_OIDC_NAME_ATTR - name: PENPOT_OIDC_NAME_ATTR
@@ -102,7 +102,7 @@ penpot:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PENPOT_PUBLIC_URI - name: PENPOT_PUBLIC_URI
value: https://penpot.alexlebens.net value: https://penpot-cl01tl.boreal-beaufort.ts.net
- name: PENPOT_FLAGS - name: PENPOT_FLAGS
value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning
- name: PENPOT_SECRET_KEY - name: PENPOT_SECRET_KEY
@@ -131,11 +131,11 @@ penpot:
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: penpot value: penpot
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
value: http://minio.penpot:80 value: https://penpot-storage-cl01tl.boreal-beaufort.ts.net/penpot
- name: PENPOT_TELEMETRY_ENABLED - name: PENPOT_TELEMETRY_ENABLED
value: false value: false
- name: PENPOT_OIDC_BASE_URI - name: PENPOT_OIDC_BASE_URI
value: https://authentik.alexlebens.net/application/o/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/
- name: PENPOT_OIDC_CLIENT_ID - name: PENPOT_OIDC_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -147,11 +147,11 @@ penpot:
name: penpot-oidc-secret name: penpot-oidc-secret
key: secret key: secret
- name: PENPOT_OIDC_AUTH_URI - name: PENPOT_OIDC_AUTH_URI
value: https://authentik.alexlebens.net/application/o/authorize/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/
- name: PENPOT_OIDC_TOKEN_URI - name: PENPOT_OIDC_TOKEN_URI
value: https://authentik.alexlebens.net/application/o/token/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/
- name: PENPOT_OIDC_USER_URI - name: PENPOT_OIDC_USER_URI
value: https://authentik.alexlebens.net/application/o/userinfo/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/
- name: PENPOT_OIDC_SCOPES - name: PENPOT_OIDC_SCOPES
value: "openid profile email" value: "openid profile email"
- name: PENPOT_OIDC_NAME_ATTR - name: PENPOT_OIDC_NAME_ATTR
@@ -186,7 +186,7 @@ penpot:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PENPOT_PUBLIC_URI - name: PENPOT_PUBLIC_URI
value: https://penpot.alexlebens.net value: https://penpot-cl01tl.boreal-beaufort.ts.net
- name: PENPOT_FLAGS - name: PENPOT_FLAGS
value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning value: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning
- name: PENPOT_SECRET_KEY - name: PENPOT_SECRET_KEY
@@ -215,11 +215,11 @@ penpot:
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET - name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: penpot value: penpot
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
value: http://minio.penpot:80 value: https://penpot-storage-cl01tl.boreal-beaufort.ts.net/penpot
- name: PENPOT_TELEMETRY_ENABLED - name: PENPOT_TELEMETRY_ENABLED
value: false value: false
- name: PENPOT_OIDC_BASE_URI - name: PENPOT_OIDC_BASE_URI
value: https://authentik.alexlebens.net/application/o/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/
- name: PENPOT_OIDC_CLIENT_ID - name: PENPOT_OIDC_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -231,11 +231,11 @@ penpot:
name: penpot-oidc-secret name: penpot-oidc-secret
key: secret key: secret
- name: PENPOT_OIDC_AUTH_URI - name: PENPOT_OIDC_AUTH_URI
value: https://authentik.alexlebens.net/application/o/authorize/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/
- name: PENPOT_OIDC_TOKEN_URI - name: PENPOT_OIDC_TOKEN_URI
value: https://authentik.alexlebens.net/application/o/token/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/
- name: PENPOT_OIDC_USER_URI - name: PENPOT_OIDC_USER_URI
value: https://authentik.alexlebens.net/application/o/userinfo/ value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/
- name: PENPOT_OIDC_SCOPES - name: PENPOT_OIDC_SCOPES
value: "openid profile email" value: "openid profile email"
- name: PENPOT_OIDC_NAME_ATTR - name: PENPOT_OIDC_NAME_ATTR
@@ -282,24 +282,6 @@ penpot:
targetPort: 6061 targetPort: 6061
protocol: HTTP protocol: HTTP
ingress: ingress:
main:
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hosts:
- host: penpot.alexlebens.net
paths:
- path: /
pathType: Prefix
service:
name: penpot-frontend
port: 80
tls:
- secretName: penpot-secret-tls
hosts:
- penpot.alexlebens.net
tailscale: tailscale:
enabled: true enabled: true
className: tailscale className: tailscale
@@ -367,19 +349,21 @@ minio:
requestAutoCert: false requestAutoCert: false
ingress: ingress:
api: api:
enabled: false enabled: true
ingressClassName: tailscale
tls:
- hosts:
- penpot-storage-cl01tl
host: penpot-storage-cl01tl
path: /
pathType: Prefix
console: console:
enabled: true enabled: true
ingressClassName: traefik ingressClassName: tailscale
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
tls: tls:
- secretName: minio-penpot-console-secret-tls - hosts:
hosts: - minio-penpot-cl01tl
- minio-penpot.alexlebens.net host: minio-penpot-cl01tl
host: minio-penpot.alexlebens.net
path: / path: /
pathType: Prefix pathType: Prefix
postgres-16-cluster: postgres-16-cluster: