diff --git a/internalproxy/templates/argocd.yaml b/internalproxy/templates/argocd.yaml index 7868e6b..027db7a 100644 --- a/internalproxy/templates/argocd.yaml +++ b/internalproxy/templates/argocd.yaml @@ -36,7 +36,6 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: argocd-tls - namespace: argocd spec: secretName: argocd-tls issuerRef: diff --git a/internalproxy/templates/heimdall.yaml b/internalproxy/templates/heimdall.yaml index 51660ed..479ca3b 100644 --- a/internalproxy/templates/heimdall.yaml +++ b/internalproxy/templates/heimdall.yaml @@ -27,42 +27,44 @@ subsets: --- -apiVersion: networking.k8s.io/v1 -kind: Ingress +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute metadata: name: heimdall-ingress - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/auth-url: |- - http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx - nginx.ingress.kubernetes.io/auth-signin: |- - https://heimdall.durp.info/outpost.goauthentik.io/start?rd=$escaped_request_uri - nginx.ingress.kubernetes.io/auth-response-headers: |- - Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid - nginx.ingress.kubernetes.io/auth-snippet: | - proxy_set_header X-Forwarded-Host $http_host; spec: - rules: - - host: heimdall.durp.info - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: heimdall - port: - number: 8443 - - path: /outpost.goauthentik.io - pathType: Prefix - backend: - service: - name: ak-outpost-authentik-embedded-outpost - port: - number: 9000 + entryPoints: + - websecure + routes: + - match: Host(`heimdall.internal.durp.info`) && PathPrefix(`/`) + middlewares: + - name: whitelist + namespace: traefik + - name: authentik-proxy-provider + namespace: traefik + kind: Rule + services: + - name: heimdall + port: 8200 + - match: Host(`heimdall.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) + kind: Rule + services: + - name: ak-outpost-authentik-embedded-outpost + namespace: authentik + port: 9000 tls: - - hosts: - - heimdall.durp.info - secretName: heimdall-tls + secretName: heimdall-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: heimdall-tls +spec: + secretName: heimdall-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "heimdall.internal.durp.info" + dnsNames: + - "heimdall.internal.durp.info" \ No newline at end of file diff --git a/internalproxy/templates/unraid-ingress.yaml b/internalproxy/templates/unraid-ingress.yaml index 69d6b65..e60f623 100644 --- a/internalproxy/templates/unraid-ingress.yaml +++ b/internalproxy/templates/unraid-ingress.yaml @@ -27,31 +27,6 @@ subsets: --- -#apiVersion: networking.k8s.io/v1 -#kind: Ingress -#metadata: -# name: unraid-ingress -# annotations: -# kubernetes.io/ingress.class: nginx -# cert-manager.io/cluster-issuer: letsencrypt-production -# nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16" -# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" -#spec: -# rules: -# - host: unraid.internal.durp.info -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: unraid -# port: -# number: 443 -# tls: -# - hosts: -# - unraid.internal.durp.info -# secretName: unraid-tls apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: @@ -63,10 +38,28 @@ spec: - websecure routes: - match: Host(`unraid.internal.durp.info`) + middlewares: + - name: whitelist + namespace: traefik kind: Rule services: - name: unraid port: 443 scheme: https tls: - secretName: unraid-tls \ No newline at end of file + secretName: unraid-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: unraid-tls +spec: + secretName: unraid-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "unraid.internal.durp.info" + dnsNames: + - "unraid.internal.durp.info" \ No newline at end of file