forked from k-space/kube
Switch to wildcard *.k-space.ee certificate
This commit is contained in:
parent
30b7e50afb
commit
4686108f42
@ -16,7 +16,6 @@ server:
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: default
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
@ -24,8 +23,7 @@ server:
|
||||
- argocd.k-space.ee
|
||||
tls:
|
||||
- hosts:
|
||||
- argocd.k-space.ee
|
||||
secretName: argocd-server-tls
|
||||
- "*.k-space.ee"
|
||||
configEnabled: true
|
||||
config:
|
||||
admin.enabled: "false"
|
||||
|
@ -295,7 +295,6 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: authelia
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: default
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
kubernetes.io/tls-acme: "true"
|
||||
traefik.ingress.kubernetes.io/router.entryPoints: websecure
|
||||
@ -315,8 +314,7 @@ spec:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- auth.k-space.ee
|
||||
secretName: authelia-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
|
@ -182,12 +182,6 @@ metadata:
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
|
||||
# Following specifies the certificate issuer defined in
|
||||
# ../cert-manager/issuer.yml
|
||||
# This is where the HTTPS certificates for the
|
||||
# `tls:` section below are obtained from
|
||||
cert-manager.io/cluster-issuer: default
|
||||
|
||||
# This tells Traefik this Ingress object is associated with the
|
||||
# https:// entrypoint
|
||||
# Global http:// to https:// redirect is enabled in
|
||||
@ -234,8 +228,7 @@ spec:
|
||||
number: 3003
|
||||
tls:
|
||||
- hosts:
|
||||
- cams.k-space.ee
|
||||
secretName: camtiler-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
@ -371,7 +364,6 @@ metadata:
|
||||
name: minio
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: default
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
@ -389,8 +381,7 @@ spec:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- cams-s3.k-space.ee
|
||||
secretName: cams-s3-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
|
@ -83,7 +83,6 @@ kind: Ingress
|
||||
metadata:
|
||||
name: drone
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: default
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
@ -91,8 +90,7 @@ metadata:
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- "drone.k-space.ee"
|
||||
secretName: drone-tls
|
||||
- "*.k-space.ee"
|
||||
rules:
|
||||
- host: "drone.k-space.ee"
|
||||
http:
|
||||
|
@ -283,7 +283,6 @@ metadata:
|
||||
name: kibana
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: default
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
@ -302,8 +301,7 @@ spec:
|
||||
number: 5601
|
||||
tls:
|
||||
- hosts:
|
||||
- kibana.k-space.ee
|
||||
secretName: kibana-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
|
@ -79,7 +79,6 @@ metadata:
|
||||
namespace: etherpad
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: default
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
@ -97,8 +96,7 @@ spec:
|
||||
number: 9001
|
||||
tls:
|
||||
- hosts:
|
||||
- pad.k-space.ee
|
||||
secretName: pad-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
|
@ -1001,7 +1001,6 @@ metadata:
|
||||
labels:
|
||||
app: harbor
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: default
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
ingress.kubernetes.io/proxy-body-size: "0"
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
@ -1012,9 +1011,8 @@ metadata:
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
spec:
|
||||
tls:
|
||||
- secretName: harbor-tls
|
||||
hosts:
|
||||
- harbor.k-space.ee
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
|
@ -269,7 +269,6 @@ metadata:
|
||||
certManager: "true"
|
||||
rewriteTarget: "true"
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: default
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
@ -289,5 +288,4 @@ spec:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- dashboard.k-space.ee
|
||||
secretName: dashboard-tls
|
||||
- "*.k-space.ee"
|
||||
|
@ -5,7 +5,6 @@ metadata:
|
||||
namespace: longhorn-system
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: default
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||
@ -24,9 +23,7 @@ spec:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- longhorn.k-space.ee
|
||||
secretName: longhorn-tls
|
||||
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
|
@ -40,7 +40,6 @@ metadata:
|
||||
name: phpmyadmin
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: default
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
@ -59,8 +58,7 @@ spec:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- phpmyadmin.k-space.ee
|
||||
secretName: phpmyadmin-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
@ -399,7 +399,6 @@ kind: Ingress
|
||||
metadata:
|
||||
name: prometheus
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: default
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
@ -418,15 +417,13 @@ spec:
|
||||
number: 9090
|
||||
tls:
|
||||
- hosts:
|
||||
- prom.k-space.ee
|
||||
secretName: prom-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: alertmanager
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: default
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
@ -445,8 +442,7 @@ spec:
|
||||
number: 9093
|
||||
tls:
|
||||
- hosts:
|
||||
- am.k-space.ee
|
||||
secretName: alertmanager-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
|
@ -64,8 +64,16 @@ spec:
|
||||
number: 9000
|
||||
tls:
|
||||
- hosts:
|
||||
- traefik.k-space.ee
|
||||
secretName: traefik-tls
|
||||
- "*.k-space.ee"
|
||||
secretName: wildcard-tls
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSStore
|
||||
metadata:
|
||||
name: default
|
||||
spec:
|
||||
defaultCertificate:
|
||||
secretName: wildcard-tls
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
|
@ -104,7 +104,6 @@ metadata:
|
||||
name: pve
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: default
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-proxmox-redirect@kubernetescrd
|
||||
@ -147,9 +146,7 @@ spec:
|
||||
number: 8006
|
||||
tls:
|
||||
- hosts:
|
||||
- pve.k-space.ee
|
||||
- proxmox.k-space.ee
|
||||
secretName: pve-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
|
@ -17,7 +17,6 @@ metadata:
|
||||
name: voron
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: default
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
@ -36,5 +35,4 @@ spec:
|
||||
name: http
|
||||
tls:
|
||||
- hosts:
|
||||
- voron.k-space.ee
|
||||
secretName: voron-tls
|
||||
- "*.k-space.ee"
|
||||
|
@ -41,7 +41,6 @@ kind: Ingress
|
||||
metadata:
|
||||
name: whoami
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: default
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
@ -50,8 +49,7 @@ metadata:
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- "whoami.k-space.ee"
|
||||
secretName: whoami-tls
|
||||
- "*.k-space.ee"
|
||||
rules:
|
||||
- host: "whoami.k-space.ee"
|
||||
http:
|
||||
|
@ -104,7 +104,6 @@ metadata:
|
||||
namespace: wildduck
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: default
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
@ -123,8 +122,7 @@ spec:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- webmail.k-space.ee
|
||||
secretName: webmail-tls
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: codemowers.io/v1alpha1
|
||||
kind: KeyDBCluster
|
||||
|
Loading…
Reference in New Issue
Block a user