diff --git a/k8s/apps/external/haos/http-route.yaml b/k8s/apps/external/haos/http-route.yaml index 30ba833..1d59ec1 100644 --- a/k8s/apps/external/haos/http-route.yaml +++ b/k8s/apps/external/haos/http-route.yaml @@ -5,7 +5,9 @@ metadata: namespace: haos spec: parentRefs: - - name: stonegarden + - name: external + namespace: gateway + - name: internal namespace: gateway hostnames: - "haos.stonegarden.dev" diff --git a/k8s/apps/homepage/blog/hugo/http-route.yaml b/k8s/apps/homepage/blog/hugo/http-route.yaml index 0506c4f..41eca3e 100644 --- a/k8s/apps/homepage/blog/hugo/http-route.yaml +++ b/k8s/apps/homepage/blog/hugo/http-route.yaml @@ -5,7 +5,9 @@ metadata: namespace: blog spec: parentRefs: - - name: stonegarden + - name: external + namespace: gateway + - name: internal namespace: gateway hostnames: - "blog.stonegarden.dev" diff --git a/k8s/apps/homepage/blog/remark42/http-route.yaml b/k8s/apps/homepage/blog/remark42/http-route.yaml index d30a4b9..f3cec59 100644 --- a/k8s/apps/homepage/blog/remark42/http-route.yaml +++ b/k8s/apps/homepage/blog/remark42/http-route.yaml @@ -5,7 +5,9 @@ metadata: namespace: blog spec: parentRefs: - - name: stonegarden + - name: external + namespace: gateway + - name: internal namespace: gateway hostnames: - "remark42.stonegarden.dev" diff --git a/k8s/apps/homepage/stonegarden/http-route.yaml b/k8s/apps/homepage/stonegarden/http-route.yaml index e3b4295..ce591ae 100644 --- a/k8s/apps/homepage/stonegarden/http-route.yaml +++ b/k8s/apps/homepage/stonegarden/http-route.yaml @@ -5,7 +5,9 @@ metadata: namespace: stonegarden spec: parentRefs: - - name: stonegarden + - name: external + namespace: gateway + - name: internal namespace: gateway hostnames: - "stonegarden.dev" diff --git a/k8s/apps/media/arr/lidarr/http-route.yaml b/k8s/apps/media/arr/lidarr/http-route.yaml index befe390..2947f41 100644 --- a/k8s/apps/media/arr/lidarr/http-route.yaml +++ b/k8s/apps/media/arr/lidarr/http-route.yaml @@ -5,7 +5,7 @@ metadata: namespace: arr spec: parentRefs: - - name: stonegarden + - name: internal namespace: gateway hostnames: - "lidarr.stonegarden.dev" diff --git a/k8s/apps/media/arr/prowlarr/http-route.yaml b/k8s/apps/media/arr/prowlarr/http-route.yaml index 95dd068..7f96fa8 100644 --- a/k8s/apps/media/arr/prowlarr/http-route.yaml +++ b/k8s/apps/media/arr/prowlarr/http-route.yaml @@ -5,7 +5,7 @@ metadata: namespace: arr spec: parentRefs: - - name: stonegarden + - name: internal namespace: gateway hostnames: - "prowlarr.stonegarden.dev" diff --git a/k8s/apps/media/arr/radarr/http-route.yaml b/k8s/apps/media/arr/radarr/http-route.yaml index 01904f2..3cdce86 100644 --- a/k8s/apps/media/arr/radarr/http-route.yaml +++ b/k8s/apps/media/arr/radarr/http-route.yaml @@ -5,7 +5,7 @@ metadata: namespace: arr spec: parentRefs: - - name: stonegarden + - name: internal namespace: gateway hostnames: - "radarr.stonegarden.dev" diff --git a/k8s/apps/media/arr/sonarr/http-route.yaml b/k8s/apps/media/arr/sonarr/http-route.yaml index 963b289..731fb24 100644 --- a/k8s/apps/media/arr/sonarr/http-route.yaml +++ b/k8s/apps/media/arr/sonarr/http-route.yaml @@ -5,7 +5,7 @@ metadata: namespace: arr spec: parentRefs: - - name: stonegarden + - name: internal namespace: gateway hostnames: - "sonarr.stonegarden.dev" diff --git a/k8s/apps/media/arr/torrent/http-route.yaml b/k8s/apps/media/arr/torrent/http-route.yaml index 2a0273c..f42539e 100644 --- a/k8s/apps/media/arr/torrent/http-route.yaml +++ b/k8s/apps/media/arr/torrent/http-route.yaml @@ -5,7 +5,7 @@ metadata: namespace: arr spec: parentRefs: - - name: stonegarden + - name: internal namespace: gateway hostnames: - "torrent.stonegarden.dev" diff --git a/k8s/apps/media/jellyfin/http-route.yaml b/k8s/apps/media/jellyfin/http-route.yaml index de60884..f1d1171 100644 --- a/k8s/apps/media/jellyfin/http-route.yaml +++ b/k8s/apps/media/jellyfin/http-route.yaml @@ -5,7 +5,9 @@ metadata: namespace: jellyfin spec: parentRefs: - - name: stonegarden + - name: external + namespace: gateway + - name: internal namespace: gateway hostnames: - "jellyfin.stonegarden.dev" diff --git a/k8s/apps/media/plex/http-route.yaml b/k8s/apps/media/plex/http-route.yaml index 342bd63..a74d45e 100644 --- a/k8s/apps/media/plex/http-route.yaml +++ b/k8s/apps/media/plex/http-route.yaml @@ -5,7 +5,9 @@ metadata: namespace: plex spec: parentRefs: - - name: stonegarden + - name: external + namespace: gateway + - name: internal namespace: gateway hostnames: - "plex.stonegarden.dev" diff --git a/k8s/infra/auth/keycloak/http-route.yaml b/k8s/infra/auth/keycloak/http-route.yaml index e564e31..65a68e5 100644 --- a/k8s/infra/auth/keycloak/http-route.yaml +++ b/k8s/infra/auth/keycloak/http-route.yaml @@ -1,11 +1,34 @@ apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: - name: keycloak + name: external namespace: keycloak spec: parentRefs: - - name: stonegarden + - name: external + namespace: gateway + hostnames: + - "keycloak.stonegarden.dev" + rules: + - matches: + - path: + type: PathPrefix + value: /realms/homelab + - path: + type: PathPrefix + value: /resources + backendRefs: + - name: keycloak + port: 80 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: internal + namespace: keycloak +spec: + parentRefs: + - name: internal namespace: gateway hostnames: - "keycloak.stonegarden.dev" diff --git a/k8s/infra/controllers/argocd/http-route.yaml b/k8s/infra/controllers/argocd/http-route.yaml index a396f64..2ca528c 100644 --- a/k8s/infra/controllers/argocd/http-route.yaml +++ b/k8s/infra/controllers/argocd/http-route.yaml @@ -5,7 +5,7 @@ metadata: namespace: argocd spec: parentRefs: - - name: stonegarden + - name: internal namespace: gateway hostnames: - "argocd.stonegarden.dev" diff --git a/k8s/infra/monitoring/hubble/http-route.yaml b/k8s/infra/monitoring/hubble/http-route.yaml index 192ddad..d33fe78 100644 --- a/k8s/infra/monitoring/hubble/http-route.yaml +++ b/k8s/infra/monitoring/hubble/http-route.yaml @@ -5,7 +5,7 @@ metadata: namespace: kube-system spec: parentRefs: - - name: stonegarden + - name: internal namespace: gateway hostnames: - "hubble.stonegarden.dev" diff --git a/k8s/infra/monitoring/prometheus-stack/http-route.yaml b/k8s/infra/monitoring/prometheus-stack/http-route.yaml index 3508c15..617a279 100644 --- a/k8s/infra/monitoring/prometheus-stack/http-route.yaml +++ b/k8s/infra/monitoring/prometheus-stack/http-route.yaml @@ -5,7 +5,7 @@ metadata: namespace: monitoring spec: parentRefs: - - name: stonegarden + - name: internal namespace: gateway hostnames: - "grafana.stonegarden.dev" diff --git a/k8s/infra/network/cloudflared/config.yaml b/k8s/infra/network/cloudflared/config.yaml index 7c79088..6560f2c 100644 --- a/k8s/infra/network/cloudflared/config.yaml +++ b/k8s/infra/network/cloudflared/config.yaml @@ -9,20 +9,20 @@ warp-routing: ingress: - hostname: hello.stonegarden.dev service: hello_world - - hostname: proxmox.stonegarden.dev - service: https://proxmox.proxmox.svc.cluster.local:443 - originRequest: - originServerName: proxmox.stonegarden.dev - - hostname: truenas.stonegarden.dev - service: https://truenas.truenas.svc.cluster.local:443 - originRequest: - originServerName: truenas.stonegarden.dev +# - hostname: proxmox.stonegarden.dev +# service: https://proxmox.proxmox.svc.cluster.local:443 +# originRequest: +# originServerName: proxmox.stonegarden.dev +# - hostname: truenas.stonegarden.dev +# service: https://truenas.truenas.svc.cluster.local:443 +# originRequest: +# originServerName: truenas.stonegarden.dev - hostname: "*.stonegarden.dev" - service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 + service: https://cilium-gateway-external.gateway.svc.cluster.local:443 originRequest: originServerName: "*.stonegarden.dev" - hostname: stonegarden.dev - service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 + service: https://cilium-gateway-external.gateway.svc.cluster.local:443 originRequest: originServerName: stonegarden.dev - service: http_status:404 diff --git a/k8s/infra/network/dns/adguard/config/AdGuardHome.yaml b/k8s/infra/network/dns/adguard/config/AdGuardHome.yaml index 5c3cc3b..87ebf13 100644 --- a/k8s/infra/network/dns/adguard/config/AdGuardHome.yaml +++ b/k8s/infra/network/dns/adguard/config/AdGuardHome.yaml @@ -141,16 +141,18 @@ filtering: parental_block_host: family-block.dns.adguard.com safebrowsing_block_host: standard-block.dns.adguard.com rewrites: - - domain: '*.stonegarden.dev' - answer: 192.168.1.222 - - domain: stonegarden.dev - answer: 192.168.1.222 - domain: plex.stonegarden.dev answer: 192.168.1.228 - domain: jellyfin.stonegarden.dev answer: 192.168.1.229 - - domain: whoami.stonegarden.dev - answer: 192.168.1.223 + - domain: proxmox.stonegarden.dev + answer: 192.168.1.221 + - domain: truenas.stonegarden.dev + answer: 192.168.1.221 + - domain: '*.stonegarden.dev' + answer: 192.168.1.220 + - domain: stonegarden.dev + answer: 192.168.1.220 safebrowsing_cache_size: 1048576 safesearch_cache_size: 1048576 parental_cache_size: 1048576 diff --git a/k8s/infra/network/dns/adguard/http-route.yaml b/k8s/infra/network/dns/adguard/http-route.yaml index 7836b32..8ec2a70 100644 --- a/k8s/infra/network/dns/adguard/http-route.yaml +++ b/k8s/infra/network/dns/adguard/http-route.yaml @@ -5,7 +5,7 @@ metadata: namespace: dns spec: parentRefs: - - name: stonegarden + - name: internal namespace: gateway hostnames: - "adguard.stonegarden.dev" diff --git a/k8s/infra/network/dns/unbound/deployment.yaml b/k8s/infra/network/dns/unbound/deployment.yaml index 0561daf..1c4649e 100644 --- a/k8s/infra/network/dns/unbound/deployment.yaml +++ b/k8s/infra/network/dns/unbound/deployment.yaml @@ -1,15 +1,15 @@ apiVersion: apps/v1 -kind: Deployment +kind: DaemonSet metadata: name: unbound namespace: dns spec: - replicas: 2 +# replicas: 2 selector: matchLabels: app: unbound - strategy: - type: Recreate +# strategy: +# type: Recreate template: metadata: labels: @@ -37,7 +37,7 @@ spec: protocol: UDP resources: requests: - cpu: 50m + cpu: 10m memory: 64Mi limits: cpu: 500m diff --git a/k8s/infra/network/gateway/gw-stonegarden.yaml b/k8s/infra/network/gateway/gw-external.yaml similarity index 97% rename from k8s/infra/network/gateway/gw-stonegarden.yaml rename to k8s/infra/network/gateway/gw-external.yaml index b51910d..ccfa580 100644 --- a/k8s/infra/network/gateway/gw-stonegarden.yaml +++ b/k8s/infra/network/gateway/gw-external.yaml @@ -1,7 +1,7 @@ apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: - name: stonegarden + name: external namespace: gateway spec: gatewayClassName: cilium diff --git a/k8s/infra/network/gateway/gw-internal.yaml b/k8s/infra/network/gateway/gw-internal.yaml new file mode 100644 index 0000000..036d504 --- /dev/null +++ b/k8s/infra/network/gateway/gw-internal.yaml @@ -0,0 +1,33 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: internal + namespace: gateway +spec: + gatewayClassName: cilium + infrastructure: + annotations: + io.cilium/lb-ipam-ips: 192.168.1.220 + listeners: + - protocol: HTTPS + port: 443 + name: https-gateway + hostname: "*.stonegarden.dev" + tls: + certificateRefs: + - kind: Secret + name: cert-stonegarden + allowedRoutes: + namespaces: + from: All + - protocol: HTTPS + port: 443 + name: https-domain-gateway + hostname: stonegarden.dev + tls: + certificateRefs: + - kind: Secret + name: cert-stonegarden + allowedRoutes: + namespaces: + from: All diff --git a/k8s/infra/network/gateway/kustomization.yaml b/k8s/infra/network/gateway/kustomization.yaml index 0cd0c1e..7a6a0a4 100644 --- a/k8s/infra/network/gateway/kustomization.yaml +++ b/k8s/infra/network/gateway/kustomization.yaml @@ -5,5 +5,6 @@ resources: - cert-stonegarden.yaml - gateway-class.yaml - ns.yaml - - gw-stonegarden.yaml + - gw-external.yaml + - gw-internal.yaml - gw-tls-passthrough.yaml diff --git a/k8s/infra/vpn/netbird/http-route.yaml b/k8s/infra/vpn/netbird/http-route.yaml index 894e5e0..4447d88 100644 --- a/k8s/infra/vpn/netbird/http-route.yaml +++ b/k8s/infra/vpn/netbird/http-route.yaml @@ -1,22 +1,17 @@ apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: - name: netbird + name: api namespace: netbird spec: parentRefs: - - name: stonegarden + - name: external + namespace: gateway + - name: internal namespace: gateway hostnames: - "netbird.stonegarden.dev" rules: - - backendRefs: - - name: netbird-dashboard - port: 80 - matches: - - path: - type: PathPrefix - value: / - backendRefs: - name: netbird-backend-management port: 80 @@ -34,3 +29,23 @@ spec: - path: type: PathPrefix value: /signalexchange.SignalExchange/ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: dashboard + namespace: netbird +spec: + parentRefs: + - name: internal + namespace: gateway + hostnames: + - "netbird.stonegarden.dev" + rules: + - backendRefs: + - name: netbird-dashboard + port: 80 + matches: + - path: + type: PathPrefix + value: /