From dace4fdc345219340ec6e90c3675d9eea1db8462 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 13 Mar 2025 19:11:46 -0500 Subject: [PATCH] enable tailscale ingress for key servies --- .../platform/authentik/templates/ingress.yaml | 64 +++++++++---------- .../platform/gitea/templates/ingress.yaml | 64 +++++++++---------- .../platform/vault/templates/ingress.yaml | 64 +++++++++---------- .../services/harbor/templates/ingress.yaml | 59 ----------------- 4 files changed, 96 insertions(+), 155 deletions(-) delete mode 100644 clusters/cl01tl/services/harbor/templates/ingress.yaml diff --git a/clusters/cl01tl/platform/authentik/templates/ingress.yaml b/clusters/cl01tl/platform/authentik/templates/ingress.yaml index 57290b9b8..30d5e6da4 100644 --- a/clusters/cl01tl/platform/authentik/templates/ingress.yaml +++ b/clusters/cl01tl/platform/authentik/templates/ingress.yaml @@ -1,32 +1,32 @@ -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: authentik-tailscale -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: authentik-tailscale -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: web -# app.kubernetes.io/part-of: {{ .Release.Name }} -# labels: -# tailscale.com/proxy-class: no-metrics -# annotations: -# tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -# spec: -# ingressClassName: tailscale -# tls: -# - hosts: -# - auth-cl01tl -# secretName: auth-cl01tl -# rules: -# - host: auth-cl01tl -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: authentik-server -# port: -# number: 80 +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: authentik-tailscale + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: authentik-tailscale + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} + labels: + tailscale.com/proxy-class: no-metrics + annotations: + tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" +spec: + ingressClassName: tailscale + tls: + - hosts: + - auth-cl01tl + secretName: auth-cl01tl + rules: + - host: auth-cl01tl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: authentik-server + port: + number: 80 diff --git a/clusters/cl01tl/platform/gitea/templates/ingress.yaml b/clusters/cl01tl/platform/gitea/templates/ingress.yaml index 473208441..21666fe9c 100644 --- a/clusters/cl01tl/platform/gitea/templates/ingress.yaml +++ b/clusters/cl01tl/platform/gitea/templates/ingress.yaml @@ -1,32 +1,32 @@ -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: gitea-tailscale -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: gitea-tailscale -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: web -# app.kubernetes.io/part-of: {{ .Release.Name }} -# labels: -# tailscale.com/proxy-class: no-metrics -# annotations: -# tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -# spec: -# ingressClassName: tailscale -# tls: -# - hosts: -# - gitea-cl01tl -# secretName: gitea-cl01tl -# rules: -# - host: gitea-cl01tl -# http: -# paths: -# - path: / -# pathType: ImplementationSpecific -# backend: -# service: -# name: gitea-http -# port: -# name: http +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gitea-tailscale + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-tailscale + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} + labels: + tailscale.com/proxy-class: no-metrics + annotations: + tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" +spec: + ingressClassName: tailscale + tls: + - hosts: + - gitea-cl01tl + secretName: gitea-cl01tl + rules: + - host: gitea-cl01tl + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: gitea-http + port: + name: http diff --git a/clusters/cl01tl/platform/vault/templates/ingress.yaml b/clusters/cl01tl/platform/vault/templates/ingress.yaml index a579cb5ac..14f0c8c3b 100644 --- a/clusters/cl01tl/platform/vault/templates/ingress.yaml +++ b/clusters/cl01tl/platform/vault/templates/ingress.yaml @@ -1,32 +1,32 @@ -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: vault-tailscale -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: vault-tailscale -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: web -# app.kubernetes.io/part-of: {{ .Release.Name }} -# labels: -# tailscale.com/proxy-class: no-metrics -# annotations: -# tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -# spec: -# ingressClassName: tailscale -# tls: -# - hosts: -# - vault-cl01tl -# secretName: vault-cl01tl -# rules: -# - host: vault-cl01tl -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: vault-active -# port: -# number: 8200 +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vault-tailscale + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: vault-tailscale + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} + labels: + tailscale.com/proxy-class: no-metrics + annotations: + tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" +spec: + ingressClassName: tailscale + tls: + - hosts: + - vault-cl01tl + secretName: vault-cl01tl + rules: + - host: vault-cl01tl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vault-active + port: + number: 8200 diff --git a/clusters/cl01tl/services/harbor/templates/ingress.yaml b/clusters/cl01tl/services/harbor/templates/ingress.yaml deleted file mode 100644 index 7dd1bbc24..000000000 --- a/clusters/cl01tl/services/harbor/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: harbor-tailscale -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: harbor-tailscale -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: web -# app.kubernetes.io/part-of: {{ .Release.Name }} -# labels: -# tailscale.com/proxy-class: no-metrics -# annotations: -# tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" -# spec: -# ingressClassName: tailscale -# tls: -# - hosts: -# - harbor-cl01tl -# rules: -# - host: harbor-cl01tl -# http: -# paths: -# - backend: -# service: -# name: harbor-core -# port: -# number: 80 -# path: /api/ -# pathType: Prefix -# - backend: -# service: -# name: harbor-core -# port: -# number: 80 -# path: /service/ -# pathType: Prefix -# - backend: -# service: -# name: harbor-core -# port: -# number: 80 -# path: /v2/ -# pathType: Prefix -# - backend: -# service: -# name: harbor-core -# port: -# number: 80 -# path: /c/ -# pathType: Prefix -# - backend: -# service: -# name: harbor-portal -# port: -# number: 80 -# path: / -# pathType: Prefix