k-space
/
kube
9
1
Fork 1
Code Issues 17 Pull Requests Projects Activity

Switch to wildcard *.k-space.ee certificate

This commit is contained in:
Lauri Võsandi 2022-10-14 14:26:03 +03:00
parent 30b7e50afb
commit 4686108f42
16 changed files with 28 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
argocd/values.yaml
View File

@ -16,7 +16,6 @@ server:
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
cert-manager.io/cluster-issuer: default
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
@ -24,8 +23,7 @@ server:
- argocd.k-space.ee - argocd.k-space.ee
tls: tls:
- hosts: - hosts:
- argocd.k-space.ee - "*.k-space.ee"
secretName: argocd-server-tls
configEnabled: true configEnabled: true
config: config:
admin.enabled: "false" admin.enabled: "false"

4
authelia/application.yml
View File

@ -295,7 +295,6 @@ metadata:
labels: labels:
app.kubernetes.io/name: authelia app.kubernetes.io/name: authelia
annotations: annotations:
cert-manager.io/cluster-issuer: default
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
kubernetes.io/tls-acme: "true" kubernetes.io/tls-acme: "true"
traefik.ingress.kubernetes.io/router.entryPoints: websecure traefik.ingress.kubernetes.io/router.entryPoints: websecure
@ -315,8 +314,7 @@ spec:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- auth.k-space.ee - "*.k-space.ee"
secretName: authelia-tls
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware

13
camtiler/application.yml
View File

@ -182,12 +182,6 @@ metadata:
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
# Following specifies the certificate issuer defined in
# ../cert-manager/issuer.yml
# This is where the HTTPS certificates for the
# `tls:` section below are obtained from
cert-manager.io/cluster-issuer: default
# This tells Traefik this Ingress object is associated with the # This tells Traefik this Ingress object is associated with the
# https:// entrypoint # https:// entrypoint
# Global http:// to https:// redirect is enabled in # Global http:// to https:// redirect is enabled in
@ -234,8 +228,7 @@ spec:
number: 3003 number: 3003
tls: tls:
- hosts: - hosts:
- cams.k-space.ee - "*.k-space.ee"
secretName: camtiler-tls
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
@ -371,7 +364,6 @@ metadata:
name: minio name: minio
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: default
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
@ -389,8 +381,7 @@ spec:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- cams-s3.k-space.ee - "*.k-space.ee"
secretName: cams-s3-tls
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition

4
drone/application.yml
View File

@ -83,7 +83,6 @@ kind: Ingress
metadata: metadata:
name: drone name: drone
annotations: annotations:
cert-manager.io/cluster-issuer: default
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@ -91,8 +90,7 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- "drone.k-space.ee" - "*.k-space.ee"
secretName: drone-tls
rules: rules:
- host: "drone.k-space.ee" - host: "drone.k-space.ee"
http: http:

4
elastic-system/application.yml
View File

@ -283,7 +283,6 @@ metadata:
name: kibana name: kibana
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: default
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
@ -302,8 +301,7 @@ spec:
number: 5601 number: 5601
tls: tls:
- hosts: - hosts:
- kibana.k-space.ee - "*.k-space.ee"
secretName: kibana-tls
--- ---
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PodMonitor kind: PodMonitor

4
etherpad/application.yml
View File

@ -79,7 +79,6 @@ metadata:
namespace: etherpad namespace: etherpad
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: default
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
@ -97,8 +96,7 @@ spec:
number: 9001 number: 9001
tls: tls:
- hosts: - hosts:
- pad.k-space.ee - "*.k-space.ee"
secretName: pad-tls
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy

6
harbor/application.yml
View File

@ -1001,7 +1001,6 @@ metadata:
labels: labels:
app: harbor app: harbor
annotations: annotations:
cert-manager.io/cluster-issuer: default
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
ingress.kubernetes.io/proxy-body-size: "0" ingress.kubernetes.io/proxy-body-size: "0"
ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/ssl-redirect: "true"
@ -1012,9 +1011,8 @@ metadata:
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
spec: spec:
tls: tls:
- secretName: harbor-tls - hosts:
hosts: - "*.k-space.ee"
- harbor.k-space.ee
rules: rules:
- http: - http:
paths: paths:

4
kubernetes-dashboard/application.yml
View File

@ -269,7 +269,6 @@ metadata:
certManager: "true" certManager: "true"
rewriteTarget: "true" rewriteTarget: "true"
annotations: annotations:
cert-manager.io/cluster-issuer: default
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@ -289,5 +288,4 @@ spec:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- dashboard.k-space.ee - "*.k-space.ee"
secretName: dashboard-tls

5
longhorn-system/application-extras.yml
View File

@ -5,7 +5,6 @@ metadata:
namespace: longhorn-system namespace: longhorn-system
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: default
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
@ -24,9 +23,7 @@ spec:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- longhorn.k-space.ee - "*.k-space.ee"
secretName: longhorn-tls
--- ---
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PodMonitor kind: PodMonitor

4
phpmyadmin/application.yml
View File

@ -40,7 +40,6 @@ metadata:
name: phpmyadmin name: phpmyadmin
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: default
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
@ -59,8 +58,7 @@ spec:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- phpmyadmin.k-space.ee - "*.k-space.ee"
secretName: phpmyadmin-tls
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

8
prometheus-operator/application.yml
View File

@ -399,7 +399,6 @@ kind: Ingress
metadata: metadata:
name: prometheus name: prometheus
annotations: annotations:
cert-manager.io/cluster-issuer: default
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
@ -418,15 +417,13 @@ spec:
number: 9090 number: 9090
tls: tls:
- hosts: - hosts:
- prom.k-space.ee - "*.k-space.ee"
secretName: prom-tls
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: alertmanager name: alertmanager
annotations: annotations:
cert-manager.io/cluster-issuer: default
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
@ -445,8 +442,7 @@ spec:
number: 9093 number: 9093
tls: tls:
- hosts: - hosts:
- am.k-space.ee - "*.k-space.ee"
secretName: alertmanager-tls
--- ---
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PodMonitor kind: PodMonitor

12
traefik/application-extras.yml
View File

@ -64,8 +64,16 @@ spec:
number: 9000 number: 9000
tls: tls:
- hosts: - hosts:
- traefik.k-space.ee - "*.k-space.ee"
secretName: traefik-tls secretName: wildcard-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
name: default
spec:
defaultCertificate:
secretName: wildcard-tls
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware

5
traefik/proxmox.yml
View File

@ -104,7 +104,6 @@ metadata:
name: pve name: pve
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: default
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-proxmox-redirect@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-proxmox-redirect@kubernetescrd
@ -147,9 +146,7 @@ spec:
number: 8006 number: 8006
tls: tls:
- hosts: - hosts:
- pve.k-space.ee - "*.k-space.ee"
- proxmox.k-space.ee
secretName: pve-tls
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware

4
traefik/voron.yml
View File

@ -17,7 +17,6 @@ metadata:
name: voron name: voron
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: default
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
@ -36,5 +35,4 @@ spec:
name: http name: http
tls: tls:
- hosts: - hosts:
- voron.k-space.ee - "*.k-space.ee"
secretName: voron-tls

4
traefik/whoami.yml
View File

@ -41,7 +41,6 @@ kind: Ingress
metadata: metadata:
name: whoami name: whoami
annotations: annotations:
cert-manager.io/cluster-issuer: default
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
@ -50,8 +49,7 @@ metadata:
spec: spec:
tls: tls:
- hosts: - hosts:
- "whoami.k-space.ee" - "*.k-space.ee"
secretName: whoami-tls
rules: rules:
- host: "whoami.k-space.ee" - host: "whoami.k-space.ee"
http: http:

4
wildduck/application.yml
View File

@ -104,7 +104,6 @@ metadata:
namespace: wildduck namespace: wildduck
annotations: annotations:
kubernetes.io/ingress.class: traefik kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: default
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
@ -123,8 +122,7 @@ spec:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- webmail.k-space.ee - "*.k-space.ee"
secretName: webmail-tls
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: KeyDBCluster kind: KeyDBCluster