From 5a34fbb1ad9e4790572c5be19f494aa7a0e1b101 Mon Sep 17 00:00:00 2001 From: nold Date: Wed, 5 Jan 2022 20:24:47 +0100 Subject: [PATCH] Update Ingress --- projects/arrstack/values/bazarr.yaml | 1 + projects/arrstack/values/jackett.yaml | 1 + projects/arrstack/values/lidarr.yaml | 1 + projects/arrstack/values/ombi.yaml | 1 + projects/arrstack/values/radarr.yaml | 1 + projects/arrstack/values/sonarr.yaml | 1 + projects/core/values/cilium.yaml | 1 + projects/core/values/ingress-internal.yaml | 6 +- projects/downloader/values/deluge.yaml | 3 +- projects/downloader/values/pyload.yaml | 2 +- projects/downloader/values/rtorrent.yaml | 128 ------------------ projects/downloader/values/youtubedl.yaml | 10 +- projects/grafana/values/loki-stack.yaml | 2 +- .../homeassistant/values/homeassistant.yaml | 1 + projects/navidrome/values/navidrome.yaml | 1 + projects/services/values/minio.yaml | 1 + projects/vault/values/vault.yaml | 2 +- 17 files changed, 21 insertions(+), 142 deletions(-) delete mode 100644 projects/downloader/values/rtorrent.yaml diff --git a/projects/arrstack/values/bazarr.yaml b/projects/arrstack/values/bazarr.yaml index fd42328f..23ef2dbc 100644 --- a/projects/arrstack/values/bazarr.yaml +++ b/projects/arrstack/values/bazarr.yaml @@ -3,6 +3,7 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: bazarr.dc paths: diff --git a/projects/arrstack/values/jackett.yaml b/projects/arrstack/values/jackett.yaml index e64c77f5..49ba0c4d 100644 --- a/projects/arrstack/values/jackett.yaml +++ b/projects/arrstack/values/jackett.yaml @@ -7,6 +7,7 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: jackett.dc paths: diff --git a/projects/arrstack/values/lidarr.yaml b/projects/arrstack/values/lidarr.yaml index 227b8c96..789fb895 100644 --- a/projects/arrstack/values/lidarr.yaml +++ b/projects/arrstack/values/lidarr.yaml @@ -3,6 +3,7 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: lidarr.dc paths: diff --git a/projects/arrstack/values/ombi.yaml b/projects/arrstack/values/ombi.yaml index be413688..a9eec3db 100644 --- a/projects/arrstack/values/ombi.yaml +++ b/projects/arrstack/values/ombi.yaml @@ -3,6 +3,7 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: ombi.dc paths: diff --git a/projects/arrstack/values/radarr.yaml b/projects/arrstack/values/radarr.yaml index 55010dfd..f5b9139c 100644 --- a/projects/arrstack/values/radarr.yaml +++ b/projects/arrstack/values/radarr.yaml @@ -3,6 +3,7 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: radarr.dc paths: diff --git a/projects/arrstack/values/sonarr.yaml b/projects/arrstack/values/sonarr.yaml index 172f6c7e..62a2f911 100644 --- a/projects/arrstack/values/sonarr.yaml +++ b/projects/arrstack/values/sonarr.yaml @@ -6,6 +6,7 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: sonarr.dc paths: diff --git a/projects/core/values/cilium.yaml b/projects/core/values/cilium.yaml index 587c774e..f564d78e 100644 --- a/projects/core/values/cilium.yaml +++ b/projects/core/values/cilium.yaml @@ -9,6 +9,7 @@ hubble: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - cilium.dc tls: diff --git a/projects/core/values/ingress-internal.yaml b/projects/core/values/ingress-internal.yaml index e82184ad..ebe6d6df 100644 --- a/projects/core/values/ingress-internal.yaml +++ b/projects/core/values/ingress-internal.yaml @@ -4,7 +4,7 @@ ingressClass: providers: kubernetesCRD: - ingressClass: internal + ingressClass: traefik globalArguments: [] @@ -23,3 +23,7 @@ service: externalIPs: - 192.168.1.11 + +logs: + general: + level: DEBUG diff --git a/projects/downloader/values/deluge.yaml b/projects/downloader/values/deluge.yaml index 86cbb596..9276cba9 100644 --- a/projects/downloader/values/deluge.yaml +++ b/projects/downloader/values/deluge.yaml @@ -3,7 +3,8 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: "vault-issuer" - kubernetes.io/ingress.class: "nginx" + traefik.ingress.kubernetes.io/router.tls: 'true' + #FIXME: nginx.ingress.kubernetes.io/proxy-body-size: 50m hosts: diff --git a/projects/downloader/values/pyload.yaml b/projects/downloader/values/pyload.yaml index 0744d945..14db64d0 100644 --- a/projects/downloader/values/pyload.yaml +++ b/projects/downloader/values/pyload.yaml @@ -3,7 +3,7 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: "vault-issuer" - kubernetes.io/ingress.class: "nginx" + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: pyload.dc paths: diff --git a/projects/downloader/values/rtorrent.yaml b/projects/downloader/values/rtorrent.yaml deleted file mode 100644 index 0539c565..00000000 --- a/projects/downloader/values/rtorrent.yaml +++ /dev/null @@ -1,128 +0,0 @@ -env: - # -- Set the container timezone - TZ: UTC - # -- Folder where Flood stores it's configuration - HOME: "/config" - # -- The host that Flood should listen for web connections on - FLOOD_OPTION_HOST: "0.0.0.0" - # -- The port that Flood should listen for web connections on - FLOOD_OPTION_PORT: "3000" - # -- ADVANCED: rTorrent daemon managed by Flood - FLOOD_OPTION_RTORRENT: "true" - # -- Allowed path for file operations - FLOOD_OPTION_ALLOWEDPATH: "/downloads" - -# -- Configures service settings for the chart. -# @default -- See values.yaml -service: - main: - ports: - http: - port: 3000 - bittorrent: - enabled: true - type: ClusterIP - ports: - bittorrent: - enabled: true - port: 6881 - protocol: TCP - targetPort: 6881 - -# -- Minimal configuration provided from https://github.com/jesec/rtorrent/blob/master/doc/rtorrent.rc -# @default -- string -config: | - session.use_lock.set = no - method.insert = cfg.basedir, private|const|string, (cat,(fs.homedir),"/.local/share/rtorrent/") - method.insert = cfg.download, private|const|string, (cat,"/downloads/","download/") - method.insert = cfg.logs, private|const|string, (cat,(cfg.download),"log/") - method.insert = cfg.logfile, private|const|string, (cat,(cfg.logs),"rtorrent-",(system.time),".log") - method.insert = cfg.session, private|const|string, (cat,(cfg.basedir),".session/") - method.insert = cfg.watch, private|const|string, (cat,(cfg.download),"watch/") - fs.mkdir.recursive = (cat,(cfg.basedir)) - fs.mkdir = (cat,(cfg.download)) - fs.mkdir = (cat,(cfg.logs)) - fs.mkdir = (cat,(cfg.session)) - fs.mkdir = (cat,(cfg.watch)) - fs.mkdir = (cat,(cfg.watch),"/load") - fs.mkdir = (cat,(cfg.watch),"/start") - schedule2 = watch_load, 11, 10, ((load.verbose, (cat, (cfg.watch), "load/*.torrent"))) - schedule2 = watch_start, 10, 10, ((load.start_verbose, (cat, (cfg.watch), "start/*.torrent"))) - dht.add_bootstrap = dht.transmissionbt.com:6881 - dht.add_bootstrap = dht.libtorrent.org:25401 - throttle.max_uploads.set = 20 - throttle.max_uploads.global.set = 50 - throttle.min_peers.normal.set = 20 - throttle.max_peers.normal.set = 60 - throttle.min_peers.seed.set = 30 - throttle.max_peers.seed.set = 80 - trackers.numwant.set = 80 - network.port_range.set = 61086-61086 - network.max_open_files.set = 600 - network.max_open_sockets.set = 300 - pieces.memory.max.set = 1800M - session.path.set = (cat, (cfg.session)) - directory.default.set = (cat, (cfg.download)) - log.execute = (cat, (cfg.logs), "execute.log") - encoding.add = utf8 - system.daemon.set = true - system.umask.set = 0002 - system.cwd.set = (directory.default) - network.http.max_open.set = 500 - network.http.dns_cache_timeout.set = 25 - network.scgi.open_local = (cat,(cfg.basedir),rtorrent.sock) - print = (cat, "Logging to ", (cfg.logfile)) - log.open_file = "log", (cfg.logfile) - log.add_output = "info", "log" - -ingress: - main: - enabled: true - annotations: - cert-manager.io/cluster-issuer: "vault-issuer" - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/proxy-body-size: 50m - hosts: - - host: flood.dc - paths: - - path: / - pathType: Prefix - tls: - - secretName: flood.dc-tls - hosts: - - flood.dc - -persistence: - config: - enabled: true - mountPath: /config - size: 10M - - # use hostpath instead - downloads: - enabled: true - type: hostPath - hostPath: /data/torrent - mountPath: /downloads - -## VPN -addons: - vpn: - enabled: true - openvpn: - authSecret: openvpn - configFileSecret: openvpn - securityContext: - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - livenessProbe: - exec: - command: - - sh - - -c - - if [ $(curl -s https://ipinfo.io/country) == 'NL' ]; then exit 0; else exit $?; fi - initialDelaySeconds: 30 - periodSeconds: 60 - failureThreshold: 3 diff --git a/projects/downloader/values/youtubedl.yaml b/projects/downloader/values/youtubedl.yaml index 6d08ab60..83448d4e 100644 --- a/projects/downloader/values/youtubedl.yaml +++ b/projects/downloader/values/youtubedl.yaml @@ -3,15 +3,7 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: "vault-issuer" - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/auth-url: | - https://youtubedl.dc/akprox/auth/nginx - nginx.ingress.kubernetes.io/auth-signin: | - https://youtubedl.dc/akprox/start?rd=$escaped_request_uri - nginx.ingress.kubernetes.io/auth-response-headers: | - Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid - nginx.ingress.kubernetes.io/auth-snippet: | - proxy_set_header X-Forwarded-Host $http_host; + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: youtubedl.dc paths: diff --git a/projects/grafana/values/loki-stack.yaml b/projects/grafana/values/loki-stack.yaml index 6a53a6bb..badc4fea 100755 --- a/projects/grafana/values/loki-stack.yaml +++ b/projects/grafana/values/loki-stack.yaml @@ -17,7 +17,7 @@ grafana: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer - kubernetes.io/ingress.class: nginx + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - grafana.dc tls: diff --git a/projects/homeassistant/values/homeassistant.yaml b/projects/homeassistant/values/homeassistant.yaml index 28e7587e..19b6329c 100644 --- a/projects/homeassistant/values/homeassistant.yaml +++ b/projects/homeassistant/values/homeassistant.yaml @@ -43,6 +43,7 @@ ingress: main: annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' enabled: true hosts: - host: hass.dc diff --git a/projects/navidrome/values/navidrome.yaml b/projects/navidrome/values/navidrome.yaml index 55afa82f..cda8833c 100644 --- a/projects/navidrome/values/navidrome.yaml +++ b/projects/navidrome/values/navidrome.yaml @@ -49,6 +49,7 @@ ingress: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' hosts: - host: music.dc paths: diff --git a/projects/services/values/minio.yaml b/projects/services/values/minio.yaml index 132ec422..0bb9fb74 100644 --- a/projects/services/values/minio.yaml +++ b/projects/services/values/minio.yaml @@ -8,6 +8,7 @@ ingress: tls: true annotations: cert-manager.io/cluster-issuer: vault-issuer + traefik.ingress.kubernetes.io/router.tls: 'true' networkPolicy: enabled: true diff --git a/projects/vault/values/vault.yaml b/projects/vault/values/vault.yaml index 589e4c44..ecf1cd6c 100644 --- a/projects/vault/values/vault.yaml +++ b/projects/vault/values/vault.yaml @@ -30,7 +30,7 @@ server: ingress: annotations: cert-manager.io/cluster-issuer: vault-issuer - kubernetes.io/ingress.class: nginx + traefik.ingress.kubernetes.io/router.tls: 'true' enabled: true extraPaths: [] hosts: