From 4b281683d9dbbec397f7da655b3bd654f56a8da9 Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Tue, 23 Jan 2024 09:21:15 -0500 Subject: [PATCH] feat: set traefik's tls secret to what is generated by cert-manager --- cluster/apps/authentik/helm-release.yaml | 1 - cluster/apps/database/minio/helm-release.yaml | 2 -- .../apps/database/postgresql/pgadmin4/helm-release.yaml | 1 - cluster/apps/default/cdn/helm-release.yaml | 1 - cluster/apps/default/dendron/helm-release.yaml | 1 - cluster/apps/default/fireflyiii/helm-release.yaml | 1 - cluster/apps/default/trilium/helm-release.yaml | 1 - cluster/apps/dev/code/helm-release.yaml | 1 - cluster/apps/download/bazarr/helm-release.yaml | 1 - cluster/apps/download/mylar3/helm-release.yaml | 1 - cluster/apps/download/prowlarr/helm-release.yaml | 1 - cluster/apps/download/qbittorrent/helm-release.yaml | 1 - cluster/apps/download/radarr/helm-release.yaml | 1 - cluster/apps/download/readarr/audiobook-helm.yaml | 1 - cluster/apps/download/readarr/ebook-helm.yaml | 1 - cluster/apps/download/sonarr/helm-release.yaml | 1 - cluster/apps/irc/thelounge/helm-release.yaml | 1 - cluster/apps/irc/znc/helm-release.yaml | 1 - cluster/apps/management/guacamole/helm-release.yaml | 1 - cluster/apps/media/audiobookshelf/helm-release.yaml | 1 - cluster/apps/media/freshrss/helm-release.yaml | 1 - cluster/apps/media/jellyfin/helm-release.yaml | 1 - cluster/apps/media/jellyseerr/helm-release.yaml | 1 - cluster/apps/media/kavita/helm-release.yaml | 1 - cluster/apps/media/komga/helm-release.yaml | 1 - cluster/apps/media/ombi/helm-release.yaml | 1 - cluster/apps/media/plex/helm-release.yaml | 1 - cluster/apps/media/tautulli/helm-release.yaml | 1 - cluster/apps/monitoring/grafana/helm-release.yaml | 1 - .../monitoring/kube-prometheus-stack/helm-release.yaml | 2 -- cluster/apps/tools/gotify/helm-release.yaml | 1 - cluster/apps/tools/hastebin/helm-release.yaml | 1 - cluster/apps/tools/transfersh/helm-release.yaml | 1 - cluster/apps/tools/vaultwarden/helm-release.yaml | 1 - cluster/core/cert-manager/wildcard-cert.yaml | 2 +- cluster/core/networking/traefik/default-tls-store.yaml | 9 +++++++++ cluster/core/networking/traefik/helm-release.yaml | 1 - cluster/core/networking/traefik/kustomization.yaml | 1 + 38 files changed, 11 insertions(+), 38 deletions(-) create mode 100644 cluster/core/networking/traefik/default-tls-store.yaml diff --git a/cluster/apps/authentik/helm-release.yaml b/cluster/apps/authentik/helm-release.yaml index e39775c..b25de20 100644 --- a/cluster/apps/authentik/helm-release.yaml +++ b/cluster/apps/authentik/helm-release.yaml @@ -87,7 +87,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls monitoring: enabled: false # temporarily disable monitoring \ No newline at end of file diff --git a/cluster/apps/database/minio/helm-release.yaml b/cluster/apps/database/minio/helm-release.yaml index 25fd4f5..7c92844 100644 --- a/cluster/apps/database/minio/helm-release.yaml +++ b/cluster/apps/database/minio/helm-release.yaml @@ -85,7 +85,6 @@ spec: tls: - hosts: - *console-host - secretName: wildcard-main-tls s3: enabled: true @@ -109,7 +108,6 @@ spec: - hosts: - *api-host - *api-host-wildcard - secretName: wildcard-main-tls podSecurityContext: runAsUser: 10000 diff --git a/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml b/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml index f1d7ab7..04fea9e 100644 --- a/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml +++ b/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml @@ -27,7 +27,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls # securityContext: # runAsUser: 10000 diff --git a/cluster/apps/default/cdn/helm-release.yaml b/cluster/apps/default/cdn/helm-release.yaml index 96a13de..52b9deb 100644 --- a/cluster/apps/default/cdn/helm-release.yaml +++ b/cluster/apps/default/cdn/helm-release.yaml @@ -47,7 +47,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: data: diff --git a/cluster/apps/default/dendron/helm-release.yaml b/cluster/apps/default/dendron/helm-release.yaml index 33a1276..def3ef8 100644 --- a/cluster/apps/default/dendron/helm-release.yaml +++ b/cluster/apps/default/dendron/helm-release.yaml @@ -47,7 +47,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls podSecurityContext: runAsNonRoot: true diff --git a/cluster/apps/default/fireflyiii/helm-release.yaml b/cluster/apps/default/fireflyiii/helm-release.yaml index 5f26b60..eb607a2 100644 --- a/cluster/apps/default/fireflyiii/helm-release.yaml +++ b/cluster/apps/default/fireflyiii/helm-release.yaml @@ -44,7 +44,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: firefly-uploads: diff --git a/cluster/apps/default/trilium/helm-release.yaml b/cluster/apps/default/trilium/helm-release.yaml index e66f938..ba93d53 100644 --- a/cluster/apps/default/trilium/helm-release.yaml +++ b/cluster/apps/default/trilium/helm-release.yaml @@ -43,7 +43,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: storage: diff --git a/cluster/apps/dev/code/helm-release.yaml b/cluster/apps/dev/code/helm-release.yaml index 72b00c8..e03b8c2 100644 --- a/cluster/apps/dev/code/helm-release.yaml +++ b/cluster/apps/dev/code/helm-release.yaml @@ -56,7 +56,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls # persistence: # config: diff --git a/cluster/apps/download/bazarr/helm-release.yaml b/cluster/apps/download/bazarr/helm-release.yaml index b4d2452..89d2745 100644 --- a/cluster/apps/download/bazarr/helm-release.yaml +++ b/cluster/apps/download/bazarr/helm-release.yaml @@ -47,7 +47,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/download/mylar3/helm-release.yaml b/cluster/apps/download/mylar3/helm-release.yaml index df005ec..ad8fd4a 100644 --- a/cluster/apps/download/mylar3/helm-release.yaml +++ b/cluster/apps/download/mylar3/helm-release.yaml @@ -51,7 +51,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/download/prowlarr/helm-release.yaml b/cluster/apps/download/prowlarr/helm-release.yaml index 4094820..55d42f2 100644 --- a/cluster/apps/download/prowlarr/helm-release.yaml +++ b/cluster/apps/download/prowlarr/helm-release.yaml @@ -91,7 +91,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/download/qbittorrent/helm-release.yaml b/cluster/apps/download/qbittorrent/helm-release.yaml index 381e52e..c1c38b7 100644 --- a/cluster/apps/download/qbittorrent/helm-release.yaml +++ b/cluster/apps/download/qbittorrent/helm-release.yaml @@ -96,7 +96,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: storage: diff --git a/cluster/apps/download/radarr/helm-release.yaml b/cluster/apps/download/radarr/helm-release.yaml index 693ad23..cef7784 100644 --- a/cluster/apps/download/radarr/helm-release.yaml +++ b/cluster/apps/download/radarr/helm-release.yaml @@ -91,7 +91,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/download/readarr/audiobook-helm.yaml b/cluster/apps/download/readarr/audiobook-helm.yaml index 1abe2ed..98344bf 100644 --- a/cluster/apps/download/readarr/audiobook-helm.yaml +++ b/cluster/apps/download/readarr/audiobook-helm.yaml @@ -92,7 +92,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/download/readarr/ebook-helm.yaml b/cluster/apps/download/readarr/ebook-helm.yaml index b4c89a1..9329a23 100644 --- a/cluster/apps/download/readarr/ebook-helm.yaml +++ b/cluster/apps/download/readarr/ebook-helm.yaml @@ -92,7 +92,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/download/sonarr/helm-release.yaml b/cluster/apps/download/sonarr/helm-release.yaml index e9a4719..efbee07 100644 --- a/cluster/apps/download/sonarr/helm-release.yaml +++ b/cluster/apps/download/sonarr/helm-release.yaml @@ -92,7 +92,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/irc/thelounge/helm-release.yaml b/cluster/apps/irc/thelounge/helm-release.yaml index 6759eb7..a50818c 100644 --- a/cluster/apps/irc/thelounge/helm-release.yaml +++ b/cluster/apps/irc/thelounge/helm-release.yaml @@ -47,7 +47,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: enabled: true diff --git a/cluster/apps/irc/znc/helm-release.yaml b/cluster/apps/irc/znc/helm-release.yaml index bd05986..df6f161 100644 --- a/cluster/apps/irc/znc/helm-release.yaml +++ b/cluster/apps/irc/znc/helm-release.yaml @@ -67,7 +67,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/management/guacamole/helm-release.yaml b/cluster/apps/management/guacamole/helm-release.yaml index fbc011b..1273da7 100644 --- a/cluster/apps/management/guacamole/helm-release.yaml +++ b/cluster/apps/management/guacamole/helm-release.yaml @@ -54,7 +54,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/media/audiobookshelf/helm-release.yaml b/cluster/apps/media/audiobookshelf/helm-release.yaml index 6e0969b..a73d604 100644 --- a/cluster/apps/media/audiobookshelf/helm-release.yaml +++ b/cluster/apps/media/audiobookshelf/helm-release.yaml @@ -43,7 +43,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/media/freshrss/helm-release.yaml b/cluster/apps/media/freshrss/helm-release.yaml index ac89f61..294b4d3 100644 --- a/cluster/apps/media/freshrss/helm-release.yaml +++ b/cluster/apps/media/freshrss/helm-release.yaml @@ -45,7 +45,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/media/jellyfin/helm-release.yaml b/cluster/apps/media/jellyfin/helm-release.yaml index 051f89e..4813457 100644 --- a/cluster/apps/media/jellyfin/helm-release.yaml +++ b/cluster/apps/media/jellyfin/helm-release.yaml @@ -47,7 +47,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/media/jellyseerr/helm-release.yaml b/cluster/apps/media/jellyseerr/helm-release.yaml index bb64f03..52a37bf 100644 --- a/cluster/apps/media/jellyseerr/helm-release.yaml +++ b/cluster/apps/media/jellyseerr/helm-release.yaml @@ -49,7 +49,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/media/kavita/helm-release.yaml b/cluster/apps/media/kavita/helm-release.yaml index df0e208..3300852 100644 --- a/cluster/apps/media/kavita/helm-release.yaml +++ b/cluster/apps/media/kavita/helm-release.yaml @@ -40,7 +40,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: enabled: true diff --git a/cluster/apps/media/komga/helm-release.yaml b/cluster/apps/media/komga/helm-release.yaml index ca3175c..5e425e6 100644 --- a/cluster/apps/media/komga/helm-release.yaml +++ b/cluster/apps/media/komga/helm-release.yaml @@ -46,7 +46,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/media/ombi/helm-release.yaml b/cluster/apps/media/ombi/helm-release.yaml index 6ab9e18..b96b8c5 100644 --- a/cluster/apps/media/ombi/helm-release.yaml +++ b/cluster/apps/media/ombi/helm-release.yaml @@ -45,7 +45,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/media/plex/helm-release.yaml b/cluster/apps/media/plex/helm-release.yaml index bbef35b..27d08aa 100644 --- a/cluster/apps/media/plex/helm-release.yaml +++ b/cluster/apps/media/plex/helm-release.yaml @@ -57,7 +57,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/media/tautulli/helm-release.yaml b/cluster/apps/media/tautulli/helm-release.yaml index db165b4..1d59360 100644 --- a/cluster/apps/media/tautulli/helm-release.yaml +++ b/cluster/apps/media/tautulli/helm-release.yaml @@ -47,7 +47,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/monitoring/grafana/helm-release.yaml b/cluster/apps/monitoring/grafana/helm-release.yaml index 33bb1bf..ea03333 100644 --- a/cluster/apps/monitoring/grafana/helm-release.yaml +++ b/cluster/apps/monitoring/grafana/helm-release.yaml @@ -26,7 +26,6 @@ spec: tls: - hosts: - *grafana-host - secretName: wildcard-main-tls grafana.ini: server: diff --git a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml b/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml index 386e432..c2f230f 100644 --- a/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml +++ b/cluster/apps/monitoring/kube-prometheus-stack/helm-release.yaml @@ -31,7 +31,6 @@ spec: tls: - hosts: - *alertmanager-host - secretName: wildcard-main-tls alertmanagerSpec: alertmanagerConfiguration: @@ -57,7 +56,6 @@ spec: tls: - hosts: - *prometheus-host - secretName: wildcard-main-tls prometheusSpec: enableAdminAPI: false diff --git a/cluster/apps/tools/gotify/helm-release.yaml b/cluster/apps/tools/gotify/helm-release.yaml index 9be9368..ccf78d5 100644 --- a/cluster/apps/tools/gotify/helm-release.yaml +++ b/cluster/apps/tools/gotify/helm-release.yaml @@ -46,7 +46,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: config: diff --git a/cluster/apps/tools/hastebin/helm-release.yaml b/cluster/apps/tools/hastebin/helm-release.yaml index a4d8fe4..0fadf55 100644 --- a/cluster/apps/tools/hastebin/helm-release.yaml +++ b/cluster/apps/tools/hastebin/helm-release.yaml @@ -60,7 +60,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls resources: requests: diff --git a/cluster/apps/tools/transfersh/helm-release.yaml b/cluster/apps/tools/transfersh/helm-release.yaml index 6dd98ec..e1fe955 100644 --- a/cluster/apps/tools/transfersh/helm-release.yaml +++ b/cluster/apps/tools/transfersh/helm-release.yaml @@ -57,7 +57,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls resources: requests: diff --git a/cluster/apps/tools/vaultwarden/helm-release.yaml b/cluster/apps/tools/vaultwarden/helm-release.yaml index 48d062e..e9e0234 100644 --- a/cluster/apps/tools/vaultwarden/helm-release.yaml +++ b/cluster/apps/tools/vaultwarden/helm-release.yaml @@ -43,7 +43,6 @@ spec: tls: - hosts: - *host - secretName: wildcard-main-tls persistence: data: diff --git a/cluster/core/cert-manager/wildcard-cert.yaml b/cluster/core/cert-manager/wildcard-cert.yaml index be8ced6..65447b5 100644 --- a/cluster/core/cert-manager/wildcard-cert.yaml +++ b/cluster/core/cert-manager/wildcard-cert.yaml @@ -8,7 +8,7 @@ spec: secretTemplate: annotations: - replicator.v1.mittwald.de/replicate-to: "traefik,download,media,tools,management,authentik,database,monitoring" + replicator.v1.mittwald.de/replicate-to: "traefik" duration: 2160h # 90d renewBefore: 360h # 15d diff --git a/cluster/core/networking/traefik/default-tls-store.yaml b/cluster/core/networking/traefik/default-tls-store.yaml new file mode 100644 index 0000000..9a38626 --- /dev/null +++ b/cluster/core/networking/traefik/default-tls-store.yaml @@ -0,0 +1,9 @@ +apiVersion: traefik.io/v1alpha1 +kind: TLSStore +metadata: + name: default + namespace: traefik + +spec: + defaultCertificate: + secretName: wildcard-main-tls \ No newline at end of file diff --git a/cluster/core/networking/traefik/helm-release.yaml b/cluster/core/networking/traefik/helm-release.yaml index 07fdd51..0c8d45b 100644 --- a/cluster/core/networking/traefik/helm-release.yaml +++ b/cluster/core/networking/traefik/helm-release.yaml @@ -79,7 +79,6 @@ spec: tlsStore: default: defaultCertificate: - secretName: wildcard-main-tls metrics: prometheus: diff --git a/cluster/core/networking/traefik/kustomization.yaml b/cluster/core/networking/traefik/kustomization.yaml index 191a565..835cd22 100644 --- a/cluster/core/networking/traefik/kustomization.yaml +++ b/cluster/core/networking/traefik/kustomization.yaml @@ -4,4 +4,5 @@ resources: - ./namespace.yaml - ./helm-repository.yaml - ./helm-release.yaml +- ./default-tls-store.yaml - ./dashboard-ingress.yaml \ No newline at end of file