Switch to wildcard *.k-space.ee certificate
This commit is contained in:
parent
30b7e50afb
commit
4686108f42
@ -16,7 +16,6 @@ server:
|
|||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
@ -24,8 +23,7 @@ server:
|
|||||||
- argocd.k-space.ee
|
- argocd.k-space.ee
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- argocd.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: argocd-server-tls
|
|
||||||
configEnabled: true
|
configEnabled: true
|
||||||
config:
|
config:
|
||||||
admin.enabled: "false"
|
admin.enabled: "false"
|
||||||
|
@ -295,7 +295,6 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: authelia
|
app.kubernetes.io/name: authelia
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
kubernetes.io/tls-acme: "true"
|
kubernetes.io/tls-acme: "true"
|
||||||
traefik.ingress.kubernetes.io/router.entryPoints: websecure
|
traefik.ingress.kubernetes.io/router.entryPoints: websecure
|
||||||
@ -315,8 +314,7 @@ spec:
|
|||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- auth.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: authelia-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
|
@ -182,12 +182,6 @@ metadata:
|
|||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
|
|
||||||
# Following specifies the certificate issuer defined in
|
|
||||||
# ../cert-manager/issuer.yml
|
|
||||||
# This is where the HTTPS certificates for the
|
|
||||||
# `tls:` section below are obtained from
|
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
|
|
||||||
# This tells Traefik this Ingress object is associated with the
|
# This tells Traefik this Ingress object is associated with the
|
||||||
# https:// entrypoint
|
# https:// entrypoint
|
||||||
# Global http:// to https:// redirect is enabled in
|
# Global http:// to https:// redirect is enabled in
|
||||||
@ -234,8 +228,7 @@ spec:
|
|||||||
number: 3003
|
number: 3003
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- cams.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: camtiler-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
@ -371,7 +364,6 @@ metadata:
|
|||||||
name: minio
|
name: minio
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
@ -389,8 +381,7 @@ spec:
|
|||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- cams-s3.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: cams-s3-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
|
@ -83,7 +83,6 @@ kind: Ingress
|
|||||||
metadata:
|
metadata:
|
||||||
name: drone
|
name: drone
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
@ -91,8 +90,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "drone.k-space.ee"
|
- "*.k-space.ee"
|
||||||
secretName: drone-tls
|
|
||||||
rules:
|
rules:
|
||||||
- host: "drone.k-space.ee"
|
- host: "drone.k-space.ee"
|
||||||
http:
|
http:
|
||||||
|
@ -283,7 +283,6 @@ metadata:
|
|||||||
name: kibana
|
name: kibana
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
@ -302,8 +301,7 @@ spec:
|
|||||||
number: 5601
|
number: 5601
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- kibana.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: kibana-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: PodMonitor
|
kind: PodMonitor
|
||||||
|
@ -79,7 +79,6 @@ metadata:
|
|||||||
namespace: etherpad
|
namespace: etherpad
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
@ -97,8 +96,7 @@ spec:
|
|||||||
number: 9001
|
number: 9001
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- pad.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: pad-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
|
@ -1001,7 +1001,6 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
app: harbor
|
app: harbor
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
ingress.kubernetes.io/proxy-body-size: "0"
|
ingress.kubernetes.io/proxy-body-size: "0"
|
||||||
ingress.kubernetes.io/ssl-redirect: "true"
|
ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
@ -1012,9 +1011,8 @@ metadata:
|
|||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
spec:
|
spec:
|
||||||
tls:
|
tls:
|
||||||
- secretName: harbor-tls
|
- hosts:
|
||||||
hosts:
|
- "*.k-space.ee"
|
||||||
- harbor.k-space.ee
|
|
||||||
rules:
|
rules:
|
||||||
- http:
|
- http:
|
||||||
paths:
|
paths:
|
||||||
|
@ -269,7 +269,6 @@ metadata:
|
|||||||
certManager: "true"
|
certManager: "true"
|
||||||
rewriteTarget: "true"
|
rewriteTarget: "true"
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
@ -289,5 +288,4 @@ spec:
|
|||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- dashboard.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: dashboard-tls
|
|
||||||
|
@ -5,7 +5,6 @@ metadata:
|
|||||||
namespace: longhorn-system
|
namespace: longhorn-system
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||||
@ -24,9 +23,7 @@ spec:
|
|||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- longhorn.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: longhorn-tls
|
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: PodMonitor
|
kind: PodMonitor
|
||||||
|
@ -40,7 +40,6 @@ metadata:
|
|||||||
name: phpmyadmin
|
name: phpmyadmin
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
@ -59,8 +58,7 @@ spec:
|
|||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- phpmyadmin.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: phpmyadmin-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -399,7 +399,6 @@ kind: Ingress
|
|||||||
metadata:
|
metadata:
|
||||||
name: prometheus
|
name: prometheus
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
@ -418,15 +417,13 @@ spec:
|
|||||||
number: 9090
|
number: 9090
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- prom.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: prom-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: alertmanager
|
name: alertmanager
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
@ -445,8 +442,7 @@ spec:
|
|||||||
number: 9093
|
number: 9093
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- am.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: alertmanager-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: PodMonitor
|
kind: PodMonitor
|
||||||
|
@ -64,8 +64,16 @@ spec:
|
|||||||
number: 9000
|
number: 9000
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- traefik.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: traefik-tls
|
secretName: wildcard-tls
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: TLSStore
|
||||||
|
metadata:
|
||||||
|
name: default
|
||||||
|
spec:
|
||||||
|
defaultCertificate:
|
||||||
|
secretName: wildcard-tls
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
|
@ -104,7 +104,6 @@ metadata:
|
|||||||
name: pve
|
name: pve
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-proxmox-redirect@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-proxmox-redirect@kubernetescrd
|
||||||
@ -147,9 +146,7 @@ spec:
|
|||||||
number: 8006
|
number: 8006
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- pve.k-space.ee
|
- "*.k-space.ee"
|
||||||
- proxmox.k-space.ee
|
|
||||||
secretName: pve-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
|
@ -17,7 +17,6 @@ metadata:
|
|||||||
name: voron
|
name: voron
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
@ -36,5 +35,4 @@ spec:
|
|||||||
name: http
|
name: http
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- voron.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: voron-tls
|
|
||||||
|
@ -41,7 +41,6 @@ kind: Ingress
|
|||||||
metadata:
|
metadata:
|
||||||
name: whoami
|
name: whoami
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
@ -50,8 +49,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "whoami.k-space.ee"
|
- "*.k-space.ee"
|
||||||
secretName: whoami-tls
|
|
||||||
rules:
|
rules:
|
||||||
- host: "whoami.k-space.ee"
|
- host: "whoami.k-space.ee"
|
||||||
http:
|
http:
|
||||||
|
@ -104,7 +104,6 @@ metadata:
|
|||||||
namespace: wildduck
|
namespace: wildduck
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/ingress.class: traefik
|
kubernetes.io/ingress.class: traefik
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
@ -123,8 +122,7 @@ spec:
|
|||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- webmail.k-space.ee
|
- "*.k-space.ee"
|
||||||
secretName: webmail-tls
|
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: KeyDBCluster
|
kind: KeyDBCluster
|
||||||
|
Loading…
Reference in New Issue
Block a user