scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-11-03 03:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(vpn): split gateway into external and internal services

Browse Source
This commit is contained in:
Vegard Hagen
2024-08-19 21:23:00 +02:00
parent 174cce0845
commit 9a7894a7ab
23 changed files with 135 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
k8s/apps/external/haos/http-route.yaml vendored
View File

@@ -5,7 +5,9 @@ metadata:
namespace: haos namespace: haos
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: external
namespace: gateway
- name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "haos.stonegarden.dev" - "haos.stonegarden.dev"

4
k8s/apps/homepage/blog/hugo/http-route.yaml
View File

@@ -5,7 +5,9 @@ metadata:
namespace: blog namespace: blog
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: external
namespace: gateway
- name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "blog.stonegarden.dev" - "blog.stonegarden.dev"

4
k8s/apps/homepage/blog/remark42/http-route.yaml
View File

@@ -5,7 +5,9 @@ metadata:
namespace: blog namespace: blog
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: external
namespace: gateway
- name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "remark42.stonegarden.dev" - "remark42.stonegarden.dev"

4
k8s/apps/homepage/stonegarden/http-route.yaml
View File

@@ -5,7 +5,9 @@ metadata:
namespace: stonegarden namespace: stonegarden
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: external
namespace: gateway
- name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "stonegarden.dev" - "stonegarden.dev"

2
k8s/apps/media/arr/lidarr/http-route.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: arr namespace: arr
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "lidarr.stonegarden.dev" - "lidarr.stonegarden.dev"

2
k8s/apps/media/arr/prowlarr/http-route.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: arr namespace: arr
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "prowlarr.stonegarden.dev" - "prowlarr.stonegarden.dev"

2
k8s/apps/media/arr/radarr/http-route.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: arr namespace: arr
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "radarr.stonegarden.dev" - "radarr.stonegarden.dev"

2
k8s/apps/media/arr/sonarr/http-route.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: arr namespace: arr
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "sonarr.stonegarden.dev" - "sonarr.stonegarden.dev"

2
k8s/apps/media/arr/torrent/http-route.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: arr namespace: arr
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "torrent.stonegarden.dev" - "torrent.stonegarden.dev"

4
k8s/apps/media/jellyfin/http-route.yaml
View File

@@ -5,7 +5,9 @@ metadata:
namespace: jellyfin namespace: jellyfin
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: external
namespace: gateway
- name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "jellyfin.stonegarden.dev" - "jellyfin.stonegarden.dev"

4
k8s/apps/media/plex/http-route.yaml
View File

@@ -5,7 +5,9 @@ metadata:
namespace: plex namespace: plex
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: external
namespace: gateway
- name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "plex.stonegarden.dev" - "plex.stonegarden.dev"

27
k8s/infra/auth/keycloak/http-route.yaml
View File

@@ -1,11 +1,34 @@
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
metadata: metadata:
name: keycloak name: external
namespace: keycloak namespace: keycloak
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: external
namespace: gateway
hostnames:
- "keycloak.stonegarden.dev"
rules:
- matches:
- path:
type: PathPrefix
value: /realms/homelab
- path:
type: PathPrefix
value: /resources
backendRefs:
- name: keycloak
port: 80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: internal
namespace: keycloak
spec:
parentRefs:
- name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "keycloak.stonegarden.dev" - "keycloak.stonegarden.dev"

2
k8s/infra/controllers/argocd/http-route.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: argocd namespace: argocd
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "argocd.stonegarden.dev" - "argocd.stonegarden.dev"

2
k8s/infra/monitoring/hubble/http-route.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: kube-system namespace: kube-system
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "hubble.stonegarden.dev" - "hubble.stonegarden.dev"

2
k8s/infra/monitoring/prometheus-stack/http-route.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: monitoring namespace: monitoring
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "grafana.stonegarden.dev" - "grafana.stonegarden.dev"

20
k8s/infra/network/cloudflared/config.yaml
View File

@@ -9,20 +9,20 @@ warp-routing:
ingress: ingress:
- hostname: hello.stonegarden.dev - hostname: hello.stonegarden.dev
service: hello_world service: hello_world
- hostname: proxmox.stonegarden.dev # - hostname: proxmox.stonegarden.dev
service: https://proxmox.proxmox.svc.cluster.local:443 # service: https://proxmox.proxmox.svc.cluster.local:443
originRequest: # originRequest:
originServerName: proxmox.stonegarden.dev # originServerName: proxmox.stonegarden.dev
- hostname: truenas.stonegarden.dev # - hostname: truenas.stonegarden.dev
service: https://truenas.truenas.svc.cluster.local:443 # service: https://truenas.truenas.svc.cluster.local:443
originRequest: # originRequest:
originServerName: truenas.stonegarden.dev # originServerName: truenas.stonegarden.dev
- hostname: "*.stonegarden.dev" - hostname: "*.stonegarden.dev"
service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 service: https://cilium-gateway-external.gateway.svc.cluster.local:443
originRequest: originRequest:
originServerName: "*.stonegarden.dev" originServerName: "*.stonegarden.dev"
- hostname: stonegarden.dev - hostname: stonegarden.dev
service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 service: https://cilium-gateway-external.gateway.svc.cluster.local:443
originRequest: originRequest:
originServerName: stonegarden.dev originServerName: stonegarden.dev
- service: http_status:404 - service: http_status:404

14
k8s/infra/network/dns/adguard/config/AdGuardHome.yaml
View File

@@ -141,16 +141,18 @@ filtering:
parental_block_host: family-block.dns.adguard.com parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com safebrowsing_block_host: standard-block.dns.adguard.com
rewrites: rewrites:
- domain: '*.stonegarden.dev'
answer: 192.168.1.222
- domain: stonegarden.dev
answer: 192.168.1.222
- domain: plex.stonegarden.dev - domain: plex.stonegarden.dev
answer: 192.168.1.228 answer: 192.168.1.228
- domain: jellyfin.stonegarden.dev - domain: jellyfin.stonegarden.dev
answer: 192.168.1.229 answer: 192.168.1.229
- domain: whoami.stonegarden.dev - domain: proxmox.stonegarden.dev
answer: 192.168.1.223 answer: 192.168.1.221
- domain: truenas.stonegarden.dev
answer: 192.168.1.221
- domain: '*.stonegarden.dev'
answer: 192.168.1.220
- domain: stonegarden.dev
answer: 192.168.1.220
safebrowsing_cache_size: 1048576 safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576 safesearch_cache_size: 1048576
parental_cache_size: 1048576 parental_cache_size: 1048576

2
k8s/infra/network/dns/adguard/http-route.yaml
View File

@@ -5,7 +5,7 @@ metadata:
namespace: dns namespace: dns
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "adguard.stonegarden.dev" - "adguard.stonegarden.dev"

10
k8s/infra/network/dns/unbound/deployment.yaml
View File

@@ -1,15 +1,15 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: DaemonSet
metadata: metadata:
name: unbound name: unbound
namespace: dns namespace: dns
spec: spec:
replicas: 2 # replicas: 2
selector: selector:
matchLabels: matchLabels:
app: unbound app: unbound
strategy: # strategy:
type: Recreate # type: Recreate
template: template:
metadata: metadata:
labels: labels:
@@ -37,7 +37,7 @@ spec:
protocol: UDP protocol: UDP
resources: resources:
requests: requests:
cpu: 50m cpu: 10m
memory: 64Mi memory: 64Mi
limits: limits:
cpu: 500m cpu: 500m

2
k8s/infra/network/gateway/gw-stonegarden.yaml → k8s/infra/network/gateway/gw-external.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: Gateway kind: Gateway
metadata: metadata:
name: stonegarden name: external
namespace: gateway namespace: gateway
spec: spec:
gatewayClassName: cilium gatewayClassName: cilium

33
k8s/infra/network/gateway/gw-internal.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: internal
namespace: gateway
spec:
gatewayClassName: cilium
infrastructure:
annotations:
io.cilium/lb-ipam-ips: 192.168.1.220
listeners:
- protocol: HTTPS
port: 443
name: https-gateway
hostname: "*.stonegarden.dev"
tls:
certificateRefs:
- kind: Secret
name: cert-stonegarden
allowedRoutes:
namespaces:
from: All
- protocol: HTTPS
port: 443
name: https-domain-gateway
hostname: stonegarden.dev
tls:
certificateRefs:
- kind: Secret
name: cert-stonegarden
allowedRoutes:
namespaces:
from: All

3
k8s/infra/network/gateway/kustomization.yaml
View File

@@ -5,5 +5,6 @@ resources:
- cert-stonegarden.yaml - cert-stonegarden.yaml
- gateway-class.yaml - gateway-class.yaml
- ns.yaml - ns.yaml
- gw-stonegarden.yaml - gw-external.yaml
- gw-internal.yaml
- gw-tls-passthrough.yaml - gw-tls-passthrough.yaml

33
k8s/infra/vpn/netbird/http-route.yaml
View File

@@ -1,22 +1,17 @@
apiVersion: gateway.networking.k8s.io/v1 apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute kind: HTTPRoute
metadata: metadata:
name: netbird name: api
namespace: netbird namespace: netbird
spec: spec:
parentRefs: parentRefs:
- name: stonegarden - name: external
namespace: gateway
- name: internal
namespace: gateway namespace: gateway
hostnames: hostnames:
- "netbird.stonegarden.dev" - "netbird.stonegarden.dev"
rules: rules:
- backendRefs:
- name: netbird-dashboard
port: 80
matches:
- path:
type: PathPrefix
value: /
- backendRefs: - backendRefs:
- name: netbird-backend-management - name: netbird-backend-management
port: 80 port: 80
@@ -34,3 +29,23 @@ spec:
- path: - path:
type: PathPrefix type: PathPrefix
value: /signalexchange.SignalExchange/ value: /signalexchange.SignalExchange/
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: dashboard
namespace: netbird
spec:
parentRefs:
- name: internal
namespace: gateway
hostnames:
- "netbird.stonegarden.dev"
rules:
- backendRefs:
- name: netbird-dashboard
port: 80
matches:
- path:
type: PathPrefix
value: /