From 9c2807f3ad12d997519e67a0cf324f9811ba46cc Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Sat, 15 Apr 2023 01:17:55 -0400 Subject: [PATCH] Set cert-manager issuer for all ingresses --- cluster/apps/authentik/helm-release.yaml | 1 + cluster/apps/database/postgresql/pgadmin4/helm-release.yaml | 1 + cluster/apps/download/bazarr/helm-release.yaml | 1 + cluster/apps/download/mylar3/helm-release.yaml | 1 + cluster/apps/download/prowlarr/helm-release.yaml | 1 + cluster/apps/download/qbittorrent/ingress.yaml | 1 + cluster/apps/download/radarr/helm-release.yaml | 1 + cluster/apps/download/readarr/audiobook-helm.yaml | 1 + cluster/apps/download/readarr/ebook-helm.yaml | 1 + cluster/apps/download/sonarr/helm-release.yaml | 1 + cluster/apps/irc/thelounge/helm-release.yaml | 1 + cluster/apps/irc/znc/helm-release.yaml | 2 +- cluster/apps/management/guacamole/helm-release.yaml | 1 + cluster/apps/media/audiobookshelf/helm-release.yaml | 1 + cluster/apps/media/jellyfin/helm-release.yaml | 1 + cluster/apps/media/jellyseerr/helm-release.yaml | 1 + cluster/apps/media/kavita/helm-release.yaml | 1 + cluster/apps/media/komga/helm-release.yaml | 1 + cluster/apps/media/plex/helm-release.yaml | 1 + cluster/apps/tools/gotify/helm-release.yaml | 1 + cluster/apps/tools/hastebin/helm-release.yaml | 1 + cluster/apps/tools/transfersh/helm-release.yaml | 1 + cluster/apps/tools/vaultwarden/helm-release.yaml | 1 + cluster/core/cert-manager/wildcard-cert.yaml | 2 +- cluster/core/networking/traefik/dashboard-ingress.yaml | 1 + cluster/core/storage/longhorn/ingress.yaml | 1 + 26 files changed, 26 insertions(+), 2 deletions(-) diff --git a/cluster/apps/authentik/helm-release.yaml b/cluster/apps/authentik/helm-release.yaml index f860d69..c6b46fa 100644 --- a/cluster/apps/authentik/helm-release.yaml +++ b/cluster/apps/authentik/helm-release.yaml @@ -55,6 +55,7 @@ spec: ingress: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "auth.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml b/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml index c283054..3956a6c 100644 --- a/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml +++ b/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml @@ -19,6 +19,7 @@ spec: ingress: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host pgsql.database.${SECRET_DOMAIN} diff --git a/cluster/apps/download/bazarr/helm-release.yaml b/cluster/apps/download/bazarr/helm-release.yaml index a9a4180..bd9ff94 100644 --- a/cluster/apps/download/bazarr/helm-release.yaml +++ b/cluster/apps/download/bazarr/helm-release.yaml @@ -32,6 +32,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: diff --git a/cluster/apps/download/mylar3/helm-release.yaml b/cluster/apps/download/mylar3/helm-release.yaml index af93d31..262d289 100644 --- a/cluster/apps/download/mylar3/helm-release.yaml +++ b/cluster/apps/download/mylar3/helm-release.yaml @@ -36,6 +36,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: diff --git a/cluster/apps/download/prowlarr/helm-release.yaml b/cluster/apps/download/prowlarr/helm-release.yaml index 77155e5..c18bd4e 100644 --- a/cluster/apps/download/prowlarr/helm-release.yaml +++ b/cluster/apps/download/prowlarr/helm-release.yaml @@ -43,6 +43,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: diff --git a/cluster/apps/download/qbittorrent/ingress.yaml b/cluster/apps/download/qbittorrent/ingress.yaml index 6f760db..b7124ff 100644 --- a/cluster/apps/download/qbittorrent/ingress.yaml +++ b/cluster/apps/download/qbittorrent/ingress.yaml @@ -4,6 +4,7 @@ metadata: name: qbittorrent-ingress namespace: download annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd spec: diff --git a/cluster/apps/download/radarr/helm-release.yaml b/cluster/apps/download/radarr/helm-release.yaml index 4e16f17..93d6e4b 100644 --- a/cluster/apps/download/radarr/helm-release.yaml +++ b/cluster/apps/download/radarr/helm-release.yaml @@ -45,6 +45,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: diff --git a/cluster/apps/download/readarr/audiobook-helm.yaml b/cluster/apps/download/readarr/audiobook-helm.yaml index 2cf1879..fbebdba 100644 --- a/cluster/apps/download/readarr/audiobook-helm.yaml +++ b/cluster/apps/download/readarr/audiobook-helm.yaml @@ -43,6 +43,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: diff --git a/cluster/apps/download/readarr/ebook-helm.yaml b/cluster/apps/download/readarr/ebook-helm.yaml index 42ed101..03822b3 100644 --- a/cluster/apps/download/readarr/ebook-helm.yaml +++ b/cluster/apps/download/readarr/ebook-helm.yaml @@ -43,6 +43,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: diff --git a/cluster/apps/download/sonarr/helm-release.yaml b/cluster/apps/download/sonarr/helm-release.yaml index dec1f2d..55fe011 100644 --- a/cluster/apps/download/sonarr/helm-release.yaml +++ b/cluster/apps/download/sonarr/helm-release.yaml @@ -45,6 +45,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: diff --git a/cluster/apps/irc/thelounge/helm-release.yaml b/cluster/apps/irc/thelounge/helm-release.yaml index 9636ded..32908ee 100644 --- a/cluster/apps/irc/thelounge/helm-release.yaml +++ b/cluster/apps/irc/thelounge/helm-release.yaml @@ -37,6 +37,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "lounge.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/irc/znc/helm-release.yaml b/cluster/apps/irc/znc/helm-release.yaml index ba99bdf..a6a8dec 100644 --- a/cluster/apps/irc/znc/helm-release.yaml +++ b/cluster/apps/irc/znc/helm-release.yaml @@ -48,8 +48,8 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure -# traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - host: &host "znc.${SECRET_NEW_DOMAIN}" paths: diff --git a/cluster/apps/management/guacamole/helm-release.yaml b/cluster/apps/management/guacamole/helm-release.yaml index 4061d9c..10d29c9 100644 --- a/cluster/apps/management/guacamole/helm-release.yaml +++ b/cluster/apps/management/guacamole/helm-release.yaml @@ -44,6 +44,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "remote.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/media/audiobookshelf/helm-release.yaml b/cluster/apps/media/audiobookshelf/helm-release.yaml index ac31bf5..442ad05 100644 --- a/cluster/apps/media/audiobookshelf/helm-release.yaml +++ b/cluster/apps/media/audiobookshelf/helm-release.yaml @@ -33,6 +33,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "audiobooks.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/media/jellyfin/helm-release.yaml b/cluster/apps/media/jellyfin/helm-release.yaml index c271689..9f7a2a5 100644 --- a/cluster/apps/media/jellyfin/helm-release.yaml +++ b/cluster/apps/media/jellyfin/helm-release.yaml @@ -36,6 +36,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "watch.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/media/jellyseerr/helm-release.yaml b/cluster/apps/media/jellyseerr/helm-release.yaml index cc43e8b..626cbba 100644 --- a/cluster/apps/media/jellyseerr/helm-release.yaml +++ b/cluster/apps/media/jellyseerr/helm-release.yaml @@ -39,6 +39,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "request.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/media/kavita/helm-release.yaml b/cluster/apps/media/kavita/helm-release.yaml index d11b573..e7ca191 100644 --- a/cluster/apps/media/kavita/helm-release.yaml +++ b/cluster/apps/media/kavita/helm-release.yaml @@ -30,6 +30,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "books.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/media/komga/helm-release.yaml b/cluster/apps/media/komga/helm-release.yaml index f25f958..3b1ba47 100644 --- a/cluster/apps/media/komga/helm-release.yaml +++ b/cluster/apps/media/komga/helm-release.yaml @@ -32,6 +32,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "comics.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/media/plex/helm-release.yaml b/cluster/apps/media/plex/helm-release.yaml index f7848e1..bd72f29 100644 --- a/cluster/apps/media/plex/helm-release.yaml +++ b/cluster/apps/media/plex/helm-release.yaml @@ -47,6 +47,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "plex.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/tools/gotify/helm-release.yaml b/cluster/apps/tools/gotify/helm-release.yaml index d8e83df..8db65f8 100644 --- a/cluster/apps/tools/gotify/helm-release.yaml +++ b/cluster/apps/tools/gotify/helm-release.yaml @@ -36,6 +36,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "notif.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/tools/hastebin/helm-release.yaml b/cluster/apps/tools/hastebin/helm-release.yaml index cb7edae..47c2dc2 100644 --- a/cluster/apps/tools/hastebin/helm-release.yaml +++ b/cluster/apps/tools/hastebin/helm-release.yaml @@ -50,6 +50,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "paste.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/tools/transfersh/helm-release.yaml b/cluster/apps/tools/transfersh/helm-release.yaml index 7f2599a..0ee8799 100644 --- a/cluster/apps/tools/transfersh/helm-release.yaml +++ b/cluster/apps/tools/transfersh/helm-release.yaml @@ -50,6 +50,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "upload.${SECRET_NEW_DOMAIN}" diff --git a/cluster/apps/tools/vaultwarden/helm-release.yaml b/cluster/apps/tools/vaultwarden/helm-release.yaml index 074cf80..35533fe 100644 --- a/cluster/apps/tools/vaultwarden/helm-release.yaml +++ b/cluster/apps/tools/vaultwarden/helm-release.yaml @@ -33,6 +33,7 @@ spec: main: enabled: true annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - host: &host "bitwarden.${SECRET_NEW_DOMAIN}" diff --git a/cluster/core/cert-manager/wildcard-cert.yaml b/cluster/core/cert-manager/wildcard-cert.yaml index fc81144..cff439c 100644 --- a/cluster/core/cert-manager/wildcard-cert.yaml +++ b/cluster/core/cert-manager/wildcard-cert.yaml @@ -8,7 +8,7 @@ spec: secretTemplate: annotations: - replicator.v1.mittwald.de/replicate-to: "traefik,download,media,tools,management,authentik,database" + replicator.v1.mittwald.de/replicate-to: "traefik,download,media,tools,management,authentik,database,monitoring" duration: 2160h # 90d renewBefore: 360h # 15d diff --git a/cluster/core/networking/traefik/dashboard-ingress.yaml b/cluster/core/networking/traefik/dashboard-ingress.yaml index c6b4a16..45ee06f 100644 --- a/cluster/core/networking/traefik/dashboard-ingress.yaml +++ b/cluster/core/networking/traefik/dashboard-ingress.yaml @@ -4,6 +4,7 @@ metadata: name: traefik-dash-ingress namespace: traefik annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd spec: diff --git a/cluster/core/storage/longhorn/ingress.yaml b/cluster/core/storage/longhorn/ingress.yaml index 7e5429c..c4b7075 100644 --- a/cluster/core/storage/longhorn/ingress.yaml +++ b/cluster/core/storage/longhorn/ingress.yaml @@ -4,6 +4,7 @@ metadata: name: longhorn-ingress namespace: longhorn-system annotations: + cert-manager.io/cluster-issuer: letsencrypt-production traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: rules: