feat(external): add matrix-synapse, fix authentik

Signed-off-by: JJGadgets <git@jjgadgets.tech>
2026-02-05 00:15:52 +00:00 · 2023-03-02 04:45:38 +08:00
parent 184881944d
commit 8350f4e33e
5 changed files with 107 additions and 3 deletions
--- a/kube/1-clusters/Biohazard/2-config/4-vars.yaml
+++ b/kube/1-clusters/Biohazard/2-config/4-vars.yaml
@@ -19,6 +19,7 @@ data:
    DNS_SHORT: ENC[AES256_GCM,data:16FRvQx8,iv:5xVBGMf/Bp3XqHDwl9ZBb14nSVkTg3eWq5FU2cYoRyY=,tag:uzCrxTBEv/Iy+Ht0gK0kjQ==,type:str]
    DNS_MAIN: ENC[AES256_GCM,data:V5QOelS0L9R9drkh/Pk=,iv:GTTFkC73534oXM3QR8J3kHrZb163Gel7eu3e2P1X2Yo=,tag:DUD006mJM/uEjkiRcn/HlA==,type:str]
    DNS_VPN: ENC[AES256_GCM,data:8JxuF//vCDNq,iv:2WxWpAIdIxL+yvCirawdTtZO+BSZbturp7c3JAwItsw=,tag:jItEw4Mg4a+OY/hmxDt1/Q==,type:str]
+    DNS_OLD_DOCKER: ENC[AES256_GCM,data:uDLk+qfZlM9FkJ7uWP1ZYWD0wdIG,iv:iHJojVMWN6cq2XdvQLMsODrVeLhhn/Cqt5ZGr/ONy2A=,tag:3WuGLTQirXUjfiY1rIYcgA==,type:str]
    APP_DNS_INGRESS_WILDCARD: ENC[AES256_GCM,data:7OG0ww6rUzU=,iv:5ig0dQIfSVxbQS7nuqQygRcBKk8UmBFxX0unVT9bdzE=,tag:mCOMUNFEZs5IFvVrRNpFiQ==,type:str]
    APP_IP_NGINX: ENC[AES256_GCM,data:9Kg5zjk+1XfUHg==,iv:dbO0hMMho8J3t0mz6Eb5uMDB3QUCjG5pXPdeuQUFbNE=,tag:ICGE5EVo27W0rUB+Jekf2Q==,type:str]
    APP_IP_K8S_GATEWAY: ENC[AES256_GCM,data:oakciyUzwLlGJsc=,iv:leuHfW59gWSDaEpaOEMGbSpGFtbzAnoRp4spLxlTEq0=,tag:vltbWvNKa4QvEgXXo58d/A==,type:str]
@@ -33,6 +34,8 @@ data:
    APP_IP_SANDSTORM: ENC[AES256_GCM,data:2V+Dy1c3hOepKEo=,iv:l1nv+BrnEjsrvdONhBY9EgA8lSO2Nmtdr7Ktl9twfT4=,tag:ls8DbeJnvdwZhUA+deP02Q==,type:str]
    APP_DNS_SANDSTORM: ENC[AES256_GCM,data:dc/OufmvPkYMRg==,iv:8GUBWGGdEJ5A+wYFaLJljYYn3hUlpH9/cGy6641GDEw=,tag:gE3j/iytsqPKUm+R1g3suQ==,type:str]
    APP_DNS_AUTH: ENC[AES256_GCM,data:A67gznl/VxXxPiMh9zH1fa8VQA==,iv:oCCxFDb7Uo+AfXtuOf8L8Cukm4VAWzL92w8VgJp40dM=,tag:xFCS9csJIFvJ9XufVrq4Rg==,type:str]
+    APP_DNS_MATRIX_1: ENC[AES256_GCM,data:hxDtUQukIQ2yLWgRD5Jm80/wrA==,iv:REX9VFBnhZgBoUb17EEEGvoZFE+hDcXo2M8q2ZbBNcQ=,tag:K6Wuk+cymQBgvTOk1sZbAg==,type:str]
+    APP_DNS_MATRIX_2: ENC[AES256_GCM,data:upvsU4YSEPSfYg9AuQm+Lzu6NJM=,iv:tlTLdWwxKqXZWCiy0jB2STn2Z901T8F+w66FEbqikok=,tag:VTe4WnOLDR2uFs3qkQGorw==,type:str]
    CONFIG_MINECRAFT_OPS: ENC[AES256_GCM,data:BKfjfUQQXd025nNZCHQki/SeqiMQVCUP9tCkmNwUgfvj7XK6,iv:7+tp1IJ06UfZt53HLnFOByrTWFY31AHiQwjrrUS4OqI=,tag:TSvw3notEqgPIORTWHwUBw==,type:str]
    CONFIG_MINECRAFT_ICON: ENC[AES256_GCM,data:AINTGnjPbWZCVJKdL4Mx8bBhOUnQU2BEhqr0730/OJATkKBzcvxf7R9HlX37uFI=,iv:HsvxmHYUb350vSulAVdBHonB6cA+0pu03t5BaU8EuUs=,tag:gGr7OY++7+yuZ36TwXcbaA==,type:str]
    CONFIG_MINECRAFT_NAME: ENC[AES256_GCM,data:zhsyGymdQKgeX58X2Q==,iv:dGbrb4ZytcRpj4ie9dzM2TUVnzC4YQvCey+/G9uFcGs=,tag:IpFutt4G5JMP4hUIOgbqqw==,type:str]
@@ -60,8 +63,8 @@ sops:
            SnpvS3RUUlFMM1dUNGZQNkVqQ2VqNDAKywch6CgtS1AFLYxfML5dB7/5V6qZ0ob1
            63vBpqjOza3EqvfNKo+UMtK/fRK0Q5jlpuI+0/z9VrxzKEWsgUCBVQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-03-01T20:05:37Z"
-    mac: ENC[AES256_GCM,data:BfduGNuJ7uegCh1nADMKdeUfQ5g/FZEiclp+3ef/u6VeTD9ofaNFrAyBALcqzU43mPgpAkVQF0cviRhzqevsKZhEX/hQ6+CRUEkxzoPGamNeObY0a+bzz/8MHEO/qsiw2lwNQY0D54fmDmioAQ4AUgln4tlQBtCsJ509POrEBwo=,iv:R4MOFeQ00l3jJWE1t5WwoOqKLXA+uqg4ARvS1VF6I5g=,tag:KCi3xE7GO98PEZJ0GDnTOg==,type:str]
+    lastmodified: "2023-03-01T20:42:59Z"
+    mac: ENC[AES256_GCM,data:rhk8OU18Z8/0u12XXvdbpQZEv0f7l0iOS3C29XABo1SN9L8O77q2xWCGKF5Xhn+iCzh61UjE4WIMGK1L0hB6UBx8hy6ZcRO1948nB7EoFBimbM5+V8xsyCUFyDHKSAQJmISDfvi2XhLQC66VTVlGcuJMwlHwYzz7GKDUvK/RAio=,iv:ItKu9Hz5WEUIzv1ZENxMHuujtQn16rxL4BqjzVVP6jw=,tag:j/qrT9bUfO+GFE0hCDbqlA==,type:str]
    pgp:
        - created_at: "2023-02-22T08:12:31Z"
          enc: |
--- a/kube/1-clusters/Biohazard/2-config/5-deploy.yaml
+++ b/kube/1-clusters/Biohazard/2-config/5-deploy.yaml
@@ -212,6 +212,16 @@ spec:
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
+metadata:
+  name: biohazard-2-apps-external-matrix-synapse
+  namespace: flux-system
+spec:
+  path: ./kube/3-deploy/2-apps/external/matrix-synapse
+  dependsOn:
+    - name: biohazard-1-core-05-ingress-nginx
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
 metadata:
  name: biohazard-2-apps-whoogle
  namespace: flux-system
--- a/kube/3-deploy/1-core/05-ingress/nginx/install.yaml
+++ b/kube/3-deploy/1-core/05-ingress/nginx/install.yaml
@@ -20,6 +20,7 @@ spec:
      extraEnvs:
        - name: TZ
          value: Asia/Singapore
+      dnsPolicy: ClusterFirstWithHostNet
      service:
        enabled: false
      containerPort:
--- a/kube/3-deploy/2-apps/external/authentik/install.yaml
+++ b/kube/3-deploy/2-apps/external/authentik/install.yaml
@@ -9,7 +9,7 @@ metadata:
    app.kubernetes.io/instance: *app
 spec:
  type: ExternalName
-  externalName: ${IP_OLD_DOCKER}
+  externalName: ${DNS_OLD_DOCKER}
  ports:
    - name: http
      port: &port 7443
--- a/kube/3-deploy/2-apps/external/matrix-synapse/install.yaml
+++ b/kube/3-deploy/2-apps/external/matrix-synapse/install.yaml
@@ -0,0 +1,90 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: &app matrix-synapse-1
+  namespace: ingress
+  labels:
+    app.kubernetes.io/name: *app
+    app.kubernetes.io/instance: *app
+spec:
+  type: ExternalName
+  externalName: ${DNS_OLD_DOCKER}
+  ports:
+    - name: http
+      port: &port 443
+      protocol: TCP
+      targetPort: *port
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: &app matrix-synapse-1
+  namespace: ingress
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+  labels:
+    app.kubernetes.io/name: *app
+    app.kubernetes.io/instance: *app
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: &host ${APP_DNS_MATRIX_1}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: *app
+                port:
+                  number: 443
+  tls:
+    - hosts:
+        - *host
+      secretName: long-domain-tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: &app matrix-synapse-2
+  namespace: ingress
+  labels:
+    app.kubernetes.io/name: *app
+    app.kubernetes.io/instance: *app
+spec:
+  type: ExternalName
+  externalName: ${DNS_OLD_DOCKER}
+  ports:
+    - name: http
+      port: &port 443
+      protocol: TCP
+      targetPort: *port
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: &app matrix-synapse-2
+  namespace: ingress
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+  labels:
+    app.kubernetes.io/name: *app
+    app.kubernetes.io/instance: *app
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: &host ${APP_DNS_MATRIX_2}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: *app
+                port:
+                  number: 443
+  tls:
+    - hosts:
+        - *host
+      secretName: long-domain-tls