fix: most services had invalid certificates

2023-08-25 00:11:57 -04:00 · 2023-08-25 00:11:57 -04:00 · 11ade14ac9
parent 90e417ac1f
commit 11ade14ac9
3 changed files with 23 additions and 62 deletions
--- a/cluster/apps/monitoring/zfs-exporter/alerts.yaml
+++ b/cluster/apps/monitoring/zfs-exporter/alerts.yaml
@ -2,6 +2,7 @@ apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
  name: zfs-exporter-rules
+  namespace: monitoring
  labels:
    release: kube-prometheus-stack
 spec:
--- a/cluster/core/cert-manager/helm-release.yaml
+++ b/cluster/core/cert-manager/helm-release.yaml
@ -15,14 +15,14 @@ spec:
        namespace: flux-system
  values:
    installCRDs: false
-#    webhook:
-#      enabled: true
-#    extraArgs:
-#      - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
-#      - --dns01-recursive-nameservers-only
-#    replicaCount: 1
-#    podDnsPolicy: "None"
-#    podDnsConfig:
-#      nameservers:
-#        - "1.1.1.1"
-#        - "9.9.9.9"
+    webhook:
+      enabled: true
+    extraArgs:
+      - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
+      - --dns01-recursive-nameservers-only
+    replicaCount: 1
+    podDnsPolicy: "None"
+    podDnsConfig:
+      nameservers:
+        - "1.1.1.1"
+        - "9.9.9.9"
--- a/cluster/core/networking/traefik/helm-release.yaml
+++ b/cluster/core/networking/traefik/helm-release.yaml
@ -29,83 +29,38 @@ spec:
        allowCrossNamespace: false
        allowExternalNameServices: false
        allowEmptyServices: false
-        # ingressClass: traefik-internal
-        # labelSelector: environment=production,method=traefik
        namespaces: []
-          # - "default"

      kubernetesIngress:
        enabled: true
        allowExternalNameServices: false
        allowEmptyServices: false
-        # ingressClass: traefik-internal
-        # labelSelector: environment=production,method=traefik
        namespaces: []
-          # - "default"
-        # IP used for Kubernetes Ingress endpoints
        publishedService:
          enabled: false
-          # Published Kubernetes Service to copy status from. Format: namespace/servicename
-          # By default this Traefik service
-          # pathOverride: ""
-
-    service:
-      annotations:
-        metallb.universe.tf/allow-shared-ip: "main-ip-192.168.87.10"
-      spec:
-        loadBalancerIP: "192.168.87.10"
-
-#    ports:
-#      traefik:
-#        port: 9000
-#        expose: true
-#        exposedPort: 9000
-#        # The port protocol (TCP/UDP)
-#        protocol: TCP
-#      web:
-#        port: 8000
-#        expose: true
-#        exposedPort: 80
-#        redirectTo: websecure
-#        protocol: TCP
-#      websecure:
-#        port: 8443
-#        expose: true
-#        exposedPort: 443
-#        protocol: TCP
-#        tls:
-#          enabled: true
-#          #certResolver: cloudflare
-#      metrics:
-#        port: 9100
-#        expose: true
-#        exposedPort: 9100
-#        protocol: TCP

    ports:
      traefik:
        port: 9000
-        expose: true
+        expose: false
        exposedPort: 9000
-        hostIP: 192.168.87.10
-        # The port protocol (TCP/UDP)
        protocol: TCP
+
      web:
        port: 8000
+        nodePort: 30080
        expose: true
-        exposedPort: 80
        redirectTo: websecure
-        hostIP: 192.168.87.10
        protocol: TCP
+
      websecure:
        port: 8443
+        nodePort: 30443
        expose: true
-        exposedPort: 443
-        hostIP: 192.168.87.10
        protocol: TCP
        tls:
          enabled: true
-          #certResolver: cloudflare
+
      metrics:
        port: 9100
        expose: false
@ -121,6 +76,11 @@ spec:
      enabled: true
      isDefaultClass: true

+    tlsStore:
+      default:
+        defaultCertificate:
+          secretName: wildcard-main-tls
+
    metrics:
      prometheus:
        entryPoint: metrics