SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 33 Packages Projects Releases Wiki Activity

fix: most services had invalid certificates

This commit is contained in:
SeanOMik 2023-08-25 00:11:57 -04:00
parent 90e417ac1f
commit 11ade14ac9
Signed by: SeanOMik
GPG Key ID: 568F326C7EB33ACB
3 changed files with 23 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cluster/apps/monitoring/zfs-exporter/alerts.yaml
View File

@ -2,6 +2,7 @@ apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule kind: PrometheusRule
metadata: metadata:
name: zfs-exporter-rules name: zfs-exporter-rules
namespace: monitoring
labels: labels:
release: kube-prometheus-stack release: kube-prometheus-stack
spec: spec:

22
cluster/core/cert-manager/helm-release.yaml
View File

@ -15,14 +15,14 @@ spec:
namespace: flux-system namespace: flux-system
values: values:
installCRDs: false installCRDs: false
# webhook: webhook:
# enabled: true enabled: true
# extraArgs: extraArgs:
# - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53 - --dns01-recursive-nameservers=1.1.1.1:53,9.9.9.9:53
# - --dns01-recursive-nameservers-only - --dns01-recursive-nameservers-only
# replicaCount: 1 replicaCount: 1
# podDnsPolicy: "None" podDnsPolicy: "None"
# podDnsConfig: podDnsConfig:
# nameservers: nameservers:
# - "1.1.1.1" - "1.1.1.1"
# - "9.9.9.9" - "9.9.9.9"

62
cluster/core/networking/traefik/helm-release.yaml
View File

@ -29,83 +29,38 @@ spec:
allowCrossNamespace: false allowCrossNamespace: false
allowExternalNameServices: false allowExternalNameServices: false
allowEmptyServices: false allowEmptyServices: false
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces: [] namespaces: []
# - "default"
kubernetesIngress: kubernetesIngress:
enabled: true enabled: true
allowExternalNameServices: false allowExternalNameServices: false
allowEmptyServices: false allowEmptyServices: false
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces: [] namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService: publishedService:
enabled: false enabled: false
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
service:
annotations:
metallb.universe.tf/allow-shared-ip: "main-ip-192.168.87.10"
spec:
loadBalancerIP: "192.168.87.10"
# ports:
# traefik:
# port: 9000
# expose: true
# exposedPort: 9000
# # The port protocol (TCP/UDP)
# protocol: TCP
# web:
# port: 8000
# expose: true
# exposedPort: 80
# redirectTo: websecure
# protocol: TCP
# websecure:
# port: 8443
# expose: true
# exposedPort: 443
# protocol: TCP
# tls:
# enabled: true
# #certResolver: cloudflare
# metrics:
# port: 9100
# expose: true
# exposedPort: 9100
# protocol: TCP
ports: ports:
traefik: traefik:
port: 9000 port: 9000
expose: true expose: false
exposedPort: 9000 exposedPort: 9000
hostIP: 192.168.87.10
# The port protocol (TCP/UDP)
protocol: TCP protocol: TCP
web: web:
port: 8000 port: 8000
nodePort: 30080
expose: true expose: true
exposedPort: 80
redirectTo: websecure redirectTo: websecure
hostIP: 192.168.87.10
protocol: TCP protocol: TCP
websecure: websecure:
port: 8443 port: 8443
nodePort: 30443
expose: true expose: true
exposedPort: 443
hostIP: 192.168.87.10
protocol: TCP protocol: TCP
tls: tls:
enabled: true enabled: true
#certResolver: cloudflare
metrics: metrics:
port: 9100 port: 9100
expose: false expose: false
@ -121,6 +76,11 @@ spec:
enabled: true enabled: true
isDefaultClass: true isDefaultClass: true
tlsStore:
default:
defaultCertificate:
secretName: wildcard-main-tls
metrics: metrics:
prometheus: prometheus:
entryPoint: metrics entryPoint: metrics