forked from k-space/kube
Deprecate Authelia
This commit is contained in:
@@ -3,5 +3,5 @@ Traefik Ingress Controller:
|
||||
```
|
||||
kubectl create namespace traefik
|
||||
helm template --include-crds -n traefik --release-name k6 traefik/traefik -f values.yml > application.yml
|
||||
kubectl apply -n traefik -f application.yml -f application-extras.yml -f whoami.yml -f proxmox.yml -f voron.yml
|
||||
kubectl apply -n traefik -f application.yml -f application-extras.yml -f whoami.yml
|
||||
```
|
||||
|
||||
@@ -1,14 +1,4 @@
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: sso
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: chain-k6-authelia-auth
|
||||
namespace: authelia
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
@@ -16,8 +6,8 @@ metadata:
|
||||
namespace: traefik
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/instance: k6-traefik
|
||||
app.kubernetes.io/name: traefik
|
||||
app.kubernetes.io/instance: k6
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9000
|
||||
@@ -30,13 +20,21 @@ metadata:
|
||||
namespace: traefik
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/instance: k6-traefik
|
||||
app.kubernetes.io/name: traefik
|
||||
app.kubernetes.io/instance: k6
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9100
|
||||
targetPort: 9100
|
||||
---
|
||||
apiVersion: codemowers.io/v1alpha1
|
||||
kind: OIDCGWMiddlewareClient
|
||||
metadata:
|
||||
name: dashboard
|
||||
spec:
|
||||
displayName: Traefik dashboard
|
||||
uri: 'https://traefik.k-space.ee'
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
@@ -44,11 +42,10 @@ metadata:
|
||||
namespace: traefik
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: default
|
||||
# Keep IP address in sync with values.yaml
|
||||
external-dns.alpha.kubernetes.io/target: 193.40.103.36
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-dashboard@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
spec:
|
||||
rules:
|
||||
@@ -63,9 +60,8 @@ spec:
|
||||
port:
|
||||
number: 9000
|
||||
tls:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
secretName: wildcard-tls
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSStore
|
||||
|
||||
@@ -1,159 +0,0 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: ServersTransport
|
||||
metadata:
|
||||
name: proxmox-servers-transport
|
||||
spec:
|
||||
rootCAsSecrets:
|
||||
- pve
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: pve
|
||||
data:
|
||||
# This is not actually secret, this is CA certificate of the key
|
||||
# used to sign Proxmox HTTPS endpoint keypairs.
|
||||
# This makes sure Traefik is talking to the real Proxmox machines,
|
||||
# and not arbitrary machines that have hijacked the Proxmox machine IP-s.
|
||||
# To inspect current value:
|
||||
# kubectl get secret -n traefik pve -o=json | jq '.data ."pve.pem"' -r | base64 -d | openssl x509 -text -inform PEM -noout
|
||||
pve.pem: |
|
||||
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ6VENDQTdXZ0F3SUJBZ0lVUGk5SFNhQlp0
|
||||
ZG5JL01NREFBb05DT3ZpaGJjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2RqRWtNQ0lHQTFVRUF3d2JV
|
||||
SEp2ZUcxdmVDQldhWEowZFdGc0lFVnVkbWx5YjI1dFpXNTBNUzB3S3dZRApWUVFMRENSbFptTmpN
|
||||
elF6WXkweU5HSXhMVFJqWXpNdFlqTXhZaTA0Tm1KaE0yVmxOemt6WTJZeEh6QWRCZ05WCkJBb01G
|
||||
bEJXUlNCRGJIVnpkR1Z5SUUxaGJtRm5aWElnUTBFd0hoY05NakF3T0RJek1Ea3pNalEyV2hjTk16
|
||||
QXcKT0RJeE1Ea3pNalEyV2pCMk1TUXdJZ1lEVlFRRERCdFFjbTk0Ylc5NElGWnBjblIxWVd3Z1JX
|
||||
NTJhWEp2Ym0xbApiblF4TFRBckJnTlZCQXNNSkdWbVkyTXpORE5qTFRJMFlqRXROR05qTXkxaU16
|
||||
RmlMVGcyWW1FelpXVTNPVE5qClpqRWZNQjBHQTFVRUNnd1dVRlpGSUVOc2RYTjBaWElnVFdGdVlX
|
||||
ZGxjaUJEUVRDQ0FpSXdEUVlKS29aSWh2Y04KQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1yTXZq
|
||||
VEJ2ZkdIUEZFbmJhWUh6Qm5TeTJNdnBkV0h3TTIrQU9XRQpnbmpDcjhiYnNWaUxBZnpMdGlNYzM0
|
||||
bEJIRXp6d3JwbmlQdXAyS2doNmtCc3BKa2c0bXZSY25pQW9XK3F4UDlWCmpXRlJiTU9OYVB1UHZF
|
||||
UWhrS2xBakJCL2hqZkRxS3FKaURZeU5CNjZsZG9RbnFFQ3RyRXEvRFFDZHZYWitJWW4KNmZpelBk
|
||||
enp3UHk4dzhxU1RiMmlpNzZjSkplOWdJYWVjdUlCRk5mK1dUYW0vRndGL2ZXbGU1aHMyNTZsa25w
|
||||
OQpKbTV6Q0R3eFljNCt5dVF1WEM0WEgzclNKc2U1UWI5QmhyVEx0VTdiRHZTbzZMWEZsOTR4YTlR
|
||||
VGQ1L3UvT3h0CmdONVN2aTBnS1RXUUdiK0pvTHJHYVducS9ocmN4THpnVzJSclMxOGJUZFE2MEZz
|
||||
WVdXSUFTRmZuSzdzSDJjQ2oKRWI5Sk8yWjJzNXpzQ3ZBYjlQQkF6ZkdwSFc0dnFibHpHdmZtbFV5
|
||||
em10NFpEU3V6cGlwRTJ4SUpWVHNBOXJqdwpJd0plU1E0bitpeUF6cUQwMUprbjdRaEtJQ0kzZ21s
|
||||
ZmJ5YzRuTkxEZlZnQTA0VDBmUG5LMDBTSnN2ek1WRjNMCncvbmNheHBhczlhV2ptQ1BBWTEvREJ2
|
||||
RmU3M05EeGRsazFpd0Y5L1V6OGl2WWlLYlk3K3I4blhGM0V3YjZtQmYKZFdsTUlaYSsyeVEweHl6
|
||||
MDlqanNKU1dSRlduV25oRVg1SDVISERBYXhkZmZXUkRtVXR3d2ExWlN6VU1MNHNENgo4U2NHclFQ
|
||||
YWVicE5ZWWI3WmdGTm82ZVp3YytlWmpJVW9XMXhYNlhqSWQ2UENvSmw5UDdMUnJUTWF3NjhHU3Nn
|
||||
CjdLd0RBZ01CQUFHalV6QlJNQjBHQTFVZERnUVdCQlJxT0VLODdZY2lZM09NSitOcVdRdklaQ2FH
|
||||
NWpBZkJnTlYKSFNNRUdEQVdnQlJxT0VLODdZY2lZM09NSitOcVdRdklaQ2FHNWpBUEJnTlZIUk1C
|
||||
QWY4RUJUQURBUUgvTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQk1JTmszTFlHTHZITlpSWURh
|
||||
YVYwaW45bGtzaWIvd0dZQ01vUDhQZE03Ckw0ZktsUjNDNXJ3clhKNjRwWVJrOFByemFWRjJvclNr
|
||||
REI1Z1Jaa1phbVkzbCtSOU9ISkNheXBNSjVTeHZtVlkKZFBYZ1hBYVlGR1V1cjZHU0RsZkxDUmp1
|
||||
OWdMRnhEbEhZZTVPcm5JbURUcENzK2xXVmcwSDVrUlFNZFJ2eVplTAp1SWs5UEZVcE5GSksyWmtl
|
||||
c0tOWUlPNldwRzBBd0hSZUI0U0MzYzBWNkdrQW84bHUxeGhYMWpUMnFuQXRQTDM4CkkzQkpCNDhY
|
||||
KzkzZGxHcDNBRlp4WmhSSjU1ejdHTm56c1UxaGNTSk1rOUpTN2RhWVhtM3FjTmxZNnY5OCtVK3gK
|
||||
U0RxdUFKU0tIanF5RzRDdjZlL2toamNLMzJpcENuZmYzb2plblpTZlFtN3l3OXpCQjFSc1Z3TU9k
|
||||
aTBCOW44cApDWHpRcHdHTERiNjB1VCtycTJ4eHJici9yT3VtQU5GbXByd1oxbi9yWE45bndxUktW
|
||||
VVBRU1lQdVVKa2xCTktLCnNVL1dTSHBzMGF4dTRUMElFUk0zZHVCWEJ5Yms0TXJXSTBCZ2ptNXZz
|
||||
NFNPNHVGSU96d2RBVkdIQ09lRWhQQzIKMzRiSW9ES09tZDFNcmtjYTQyTWw4bDFtb0hTUFd3djZ4
|
||||
dVo1U1I0UXhPaXdWa0tJRHdvSmg2M2swTmxwUzZFUwp4N253ekZIc01rNTRFTWNMMjJjRk9YK3Rh
|
||||
Q1JtTDVRVVdDMGQ3bEFCMElXQS9UTkRXU3lQbHlRN1VCcjRIZGoxClh2NU43Yks0SUN5NWRhN25h
|
||||
RWRmRHIzNTBpZkRCQkVuL3RvL3JUczFOVjhyOGpjcG14a2MzNjlSQXp3TmJiRVkKMVE9PQotLS0t
|
||||
LUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: pve1
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/service.serverstransport: traefik-proxmox-servers-transport@kubernetescrd
|
||||
spec:
|
||||
type: ExternalName
|
||||
externalName: pve1.proxmox.infra.k-space.ee
|
||||
ports:
|
||||
- name: https
|
||||
port: 8006
|
||||
protocol: TCP
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: pve8
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/service.serverstransport: traefik-proxmox-servers-transport@kubernetescrd
|
||||
spec:
|
||||
type: ExternalName
|
||||
externalName: pve8.proxmox.infra.k-space.ee
|
||||
ports:
|
||||
- name: https
|
||||
port: 8006
|
||||
protocol: TCP
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: pve9
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/service.serverstransport: traefik-proxmox-servers-transport@kubernetescrd
|
||||
spec:
|
||||
type: ExternalName
|
||||
externalName: pve9.proxmox.infra.k-space.ee
|
||||
ports:
|
||||
- name: https
|
||||
port: 8006
|
||||
protocol: TCP
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: pve
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-proxmox-redirect@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
spec:
|
||||
rules:
|
||||
- host: proxmox.k-space.ee
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: /
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
- host: pve.k-space.ee
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: pve1
|
||||
port:
|
||||
number: 8006
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: pve8
|
||||
port:
|
||||
number: 8006
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: pve9
|
||||
port:
|
||||
number: 8006
|
||||
tls:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: proxmox-redirect
|
||||
spec:
|
||||
redirectRegex:
|
||||
regex: ^https://proxmox.k-space.ee/(.*)$
|
||||
replacement: https://pve.k-space.ee/$1
|
||||
permanent: false
|
||||
@@ -1,38 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: voron
|
||||
spec:
|
||||
type: ExternalName
|
||||
externalName: 100.101.3.1
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: voron
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
spec:
|
||||
rules:
|
||||
- host: voron.k-space.ee
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: voron
|
||||
port:
|
||||
name: http
|
||||
tls:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
Reference in New Issue
Block a user