diff --git a/apps/media/jellyfin/kustomization.yaml b/apps/media/jellyfin/kustomization.yaml index e64b634..f4199f6 100644 --- a/apps/media/jellyfin/kustomization.yaml +++ b/apps/media/jellyfin/kustomization.yaml @@ -20,4 +20,4 @@ resources: - service.yaml - deployment.yaml - http-route.yaml - - ingress-route.yaml +# - ingress-route.yaml diff --git a/apps/public/stonegarden/kustomization.yaml b/apps/public/stonegarden/kustomization.yaml index 203d7e4..3c10f15 100644 --- a/apps/public/stonegarden/kustomization.yaml +++ b/apps/public/stonegarden/kustomization.yaml @@ -9,4 +9,4 @@ resources: - service.yaml - deployment.yaml - http-route.yaml - - ingress-route.yaml +# - ingress-route.yaml diff --git a/apps/test/whoami/http-route.yaml b/apps/test/whoami/http-route.yaml index c77279e..9acf3ec 100644 --- a/apps/test/whoami/http-route.yaml +++ b/apps/test/whoami/http-route.yaml @@ -8,7 +8,6 @@ spec: namespace: gateway hostnames: - "gateway.stonegarden.dev" - - "gateway-direct.stonegarden.dev" rules: - matches: - path: diff --git a/apps/utility/haos/kustomization.yaml b/apps/utility/haos/kustomization.yaml index ab49144..f903da8 100644 --- a/apps/utility/haos/kustomization.yaml +++ b/apps/utility/haos/kustomization.yaml @@ -6,4 +6,4 @@ resources: - svc.yaml - endpoint-slice.yaml - http-route.yaml - - ingress-route.yaml \ No newline at end of file +# - ingress-route.yaml \ No newline at end of file diff --git a/infra/cilium/kustomization.yaml b/infra/cilium/kustomization.yaml index 15993bb..2c1f8ed 100644 --- a/infra/cilium/kustomization.yaml +++ b/infra/cilium/kustomization.yaml @@ -9,7 +9,7 @@ resources: helmCharts: - name: cilium repo: https://helm.cilium.io - version: 1.15.0 + version: 1.15.1 releaseName: "cilium" includeCRDs: true namespace: kube-system diff --git a/infra/cilium/values.yaml b/infra/cilium/values.yaml index 30e51cc..015b804 100644 --- a/infra/cilium/values.yaml +++ b/infra/cilium/values.yaml @@ -15,8 +15,8 @@ operator: # Roll out cilium agent pods automatically when ConfigMap is updated. rollOutCiliumPods: true -debug: - enabled: false +#debug: +# enabled: true # Increase rate limit when doing L2 announcements k8sClientRateLimit: diff --git a/infra/gateway/gateway-class.yaml b/infra/gateway/gw-class.yaml similarity index 100% rename from infra/gateway/gateway-class.yaml rename to infra/gateway/gw-class.yaml diff --git a/infra/gateway/gw-stonegarden.yaml b/infra/gateway/gw-stonegarden.yaml index 1c9c9ce..9f82543 100644 --- a/infra/gateway/gw-stonegarden.yaml +++ b/infra/gateway/gw-stonegarden.yaml @@ -11,10 +11,65 @@ spec: annotations: io.cilium/lb-ipam-ips: 192.168.1.172 listeners: + - protocol: HTTPS + port: 443 + name: https-blog + hostname: blog.stonegarden.dev + tls: + certificateRefs: + - kind: Secret + name: cloudflare-cert + allowedRoutes: + namespaces: + from: All + - protocol: HTTPS + port: 443 + name: https-remark42 + hostname: remark42.stonegarden.dev + tls: + certificateRefs: + - kind: Secret + name: cloudflare-cert + allowedRoutes: + namespaces: + from: All + - protocol: HTTPS + port: 443 + name: https-haos + hostname: haos.stonegarden.dev + tls: + certificateRefs: + - kind: Secret + name: cloudflare-cert + allowedRoutes: + namespaces: + from: All + - protocol: HTTPS + port: 443 + name: https-jellyfin + hostname: jellyfin.stonegarden.dev + tls: + certificateRefs: + - kind: Secret + name: cloudflare-cert + allowedRoutes: + namespaces: + from: All + - protocol: HTTPS + port: 443 + name: https-postgres + hostname: postgres.stonegarden.dev + tls: + certificateRefs: + - kind: Secret + name: cloudflare-cert + allowedRoutes: + namespaces: + from: All - protocol: HTTPS port: 443 name: https-gateway - hostname: "*.stonegarden.dev" + hostname: gateway.stonegarden.dev tls: certificateRefs: - kind: Secret @@ -32,4 +87,15 @@ spec: name: cloudflare-cert allowedRoutes: namespaces: - from: All \ No newline at end of file + from: All +# - protocol: HTTPS +# port: 443 +# name: https-wildcard +# hostname: "*.stonegarden.dev" +# tls: +# certificateRefs: +# - kind: Secret +# name: cloudflare-cert +# allowedRoutes: +# namespaces: +# from: All diff --git a/infra/gateway/kustomization.yaml b/infra/gateway/kustomization.yaml index acaf526..f2dd53c 100644 --- a/infra/gateway/kustomization.yaml +++ b/infra/gateway/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization resources: - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml - - gateway-class.yaml + - gw-class.yaml - ns.yaml - cloudflare-api-token.yaml - cloudflare-issuer.yaml diff --git a/infra/net-aux/config/cloudflared/config.yaml b/infra/net-aux/config/cloudflared/config.yaml index 3260be2..ac45c0f 100644 --- a/infra/net-aux/config/cloudflared/config.yaml +++ b/infra/net-aux/config/cloudflared/config.yaml @@ -15,18 +15,18 @@ ingress: service: https://cilium-gateway-proxmox-euclid.gateway.svc.cluster.local:443 originRequest: originServerName: proxmox.euclid.stonegarden.dev -# - hostname: haos.stonegarden.dev -# service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 -# originRequest: -# originServerName: haos.stonegarden.dev -# - hostname: blog.stonegarden.dev -# service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 -# originRequest: -# originServerName: blog.stonegarden.dev -# - hostname: remark42.stonegarden.dev -# service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 -# originRequest: -# originServerName: remark42.stonegarden.dev + - hostname: haos.stonegarden.dev + service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 + originRequest: + originServerName: haos.stonegarden.dev + - hostname: blog.stonegarden.dev + service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 + originRequest: + originServerName: blog.stonegarden.dev + - hostname: remark42.stonegarden.dev + service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 + originRequest: + originServerName: remark42.stonegarden.dev - hostname: gateway.stonegarden.dev service: https://cilium-gateway-stonegarden.gateway.svc.cluster.local:443 originRequest: diff --git a/infra/net-aux/config/pi-hole/02-custom.conf b/infra/net-aux/config/pi-hole/02-custom.conf index 75dd2fb..8ad07ea 100644 --- a/infra/net-aux/config/pi-hole/02-custom.conf +++ b/infra/net-aux/config/pi-hole/02-custom.conf @@ -1,9 +1,9 @@ -#address=/stonegarden.dev/192.168.1.142 -#address=/blog.stonegarden.dev/192.168.1.172 -#address=/gateway.stonegarden.dev/192.168.1.172 -#address=/hass.stonegarden.dev/192.168.1.172 -address=/jellyfin.stonegarden.dev/192.168.1.142 +address=/stonegarden.dev/192.168.1.142 +address=/blog.stonegarden.dev/192.168.1.172 +address=/gateway.stonegarden.dev/192.168.1.172 +address=/haos.stonegarden.dev/192.168.1.172 +address=/jellyfin.stonegarden.dev/192.168.1.172 address=/plex.stonegarden.dev/192.168.1.142 -#address=/postgres.stonegarden.dev/192.168.1.172 -#address=/remark42.stonegarden.dev/192.168.1.172 +address=/postgres.stonegarden.dev/192.168.1.172 +address=/remark42.stonegarden.dev/192.168.1.172 edns-packet-max=1232 diff --git a/infra/pi-hole/config/02-custom.conf b/infra/pi-hole/config/02-custom.conf index 75dd2fb..8ad07ea 100644 --- a/infra/pi-hole/config/02-custom.conf +++ b/infra/pi-hole/config/02-custom.conf @@ -1,9 +1,9 @@ -#address=/stonegarden.dev/192.168.1.142 -#address=/blog.stonegarden.dev/192.168.1.172 -#address=/gateway.stonegarden.dev/192.168.1.172 -#address=/hass.stonegarden.dev/192.168.1.172 -address=/jellyfin.stonegarden.dev/192.168.1.142 +address=/stonegarden.dev/192.168.1.142 +address=/blog.stonegarden.dev/192.168.1.172 +address=/gateway.stonegarden.dev/192.168.1.172 +address=/haos.stonegarden.dev/192.168.1.172 +address=/jellyfin.stonegarden.dev/192.168.1.172 address=/plex.stonegarden.dev/192.168.1.142 -#address=/postgres.stonegarden.dev/192.168.1.172 -#address=/remark42.stonegarden.dev/192.168.1.172 +address=/postgres.stonegarden.dev/192.168.1.172 +address=/remark42.stonegarden.dev/192.168.1.172 edns-packet-max=1232