From dcb8f394ff808e4953345fe259837f152b3775d5 Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Mon, 10 Apr 2023 00:52:50 -0400 Subject: [PATCH] Change domain secret name --- cluster/apps/authentik/helm-release.yaml | 6 +++--- cluster/apps/authentik/ldap-outpost/helm-release.yaml | 2 +- .../apps/database/postgresql/pgadmin4/helm-release.yaml | 2 +- cluster/apps/download/bazarr/helm-release.yaml | 2 +- cluster/apps/download/mylar3/helm-release.yaml | 2 +- cluster/apps/download/prowlarr/helm-release.yaml | 2 +- cluster/apps/download/qbittorrent/ingress.yaml | 2 +- cluster/apps/download/radarr/helm-release.yaml | 2 +- cluster/apps/download/readarr/audiobook-helm.yaml | 2 +- cluster/apps/download/readarr/ebook-helm.yaml | 2 +- cluster/apps/download/sonarr/helm-release.yaml | 2 +- cluster/apps/media/audiobookshelf/helm-release.yaml | 2 +- cluster/apps/media/jellyfin/helm-release.yaml | 2 +- cluster/apps/media/jellyseerr/helm-release.yaml | 2 +- cluster/apps/media/kavita/helm-release.yaml | 2 +- cluster/apps/media/komga/helm-release.yaml | 2 +- cluster/core/networking/traefik/helm-release.yaml | 2 +- cluster/core/storage/longhorn/ingress.yaml | 2 +- cluster/secrets/cluster-secrets.sops.yaml | 7 ++++--- 19 files changed, 24 insertions(+), 23 deletions(-) diff --git a/cluster/apps/authentik/helm-release.yaml b/cluster/apps/authentik/helm-release.yaml index ccca9ce..9018a70 100644 --- a/cluster/apps/authentik/helm-release.yaml +++ b/cluster/apps/authentik/helm-release.yaml @@ -35,8 +35,8 @@ spec: # password: "${SECRET_DATABASE_REDIS_PASS}" env: - AUTHENTIK_HOST: https://auth.${SECRET_DOMAIN_BASE} - AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_DOMAIN_BASE} + AUTHENTIK_HOST: https://auth.${SECRET_DOMAIN} + AUTHENTIK_HOST_BROWSER: https://auth.${SECRET_DOMAIN} envValueFrom: AUTHENTIK_SECRET_KEY: @@ -58,7 +58,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: auth.${SECRET_DOMAIN_BASE} + - host: auth.${SECRET_DOMAIN} paths: - path: "/" pathType: Prefix diff --git a/cluster/apps/authentik/ldap-outpost/helm-release.yaml b/cluster/apps/authentik/ldap-outpost/helm-release.yaml index 30e2e3e..65798f8 100644 --- a/cluster/apps/authentik/ldap-outpost/helm-release.yaml +++ b/cluster/apps/authentik/ldap-outpost/helm-release.yaml @@ -22,7 +22,7 @@ spec: env: AUTHENTIK_HOST: "http://authentik.authentik:80" AUTHENTIK_INSECURE: "true" - AUTHENTIK_HOST_BROWSER: "https://auth.${SECRET_DOMAIN_BASE}" + AUTHENTIK_HOST_BROWSER: "https://auth.${SECRET_DOMAIN}" envFrom: # Sets AUTHENTIK_TOKEN diff --git a/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml b/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml index a3a6ba5..c94ea0c 100644 --- a/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml +++ b/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml @@ -22,7 +22,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: pgsql.database.${SECRET_DOMAIN_BASE} + - host: pgsql.database.${SECRET_DOMAIN} paths: - path: "/" pathType: Prefix \ No newline at end of file diff --git a/cluster/apps/download/bazarr/helm-release.yaml b/cluster/apps/download/bazarr/helm-release.yaml index 1c4e97c..568b00a 100644 --- a/cluster/apps/download/bazarr/helm-release.yaml +++ b/cluster/apps/download/bazarr/helm-release.yaml @@ -36,7 +36,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "subs.${SECRET_DOMAIN_BASE}" + - host: "subs.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/mylar3/helm-release.yaml b/cluster/apps/download/mylar3/helm-release.yaml index 901c720..4aed04c 100644 --- a/cluster/apps/download/mylar3/helm-release.yaml +++ b/cluster/apps/download/mylar3/helm-release.yaml @@ -40,7 +40,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "mylar.${SECRET_DOMAIN_BASE}" + - host: "mylar.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/prowlarr/helm-release.yaml b/cluster/apps/download/prowlarr/helm-release.yaml index bb2f60f..d20975e 100644 --- a/cluster/apps/download/prowlarr/helm-release.yaml +++ b/cluster/apps/download/prowlarr/helm-release.yaml @@ -47,7 +47,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "prowlar.${SECRET_DOMAIN_BASE}" + - host: "prowlar.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/qbittorrent/ingress.yaml b/cluster/apps/download/qbittorrent/ingress.yaml index dd2cc73..ee06b1f 100644 --- a/cluster/apps/download/qbittorrent/ingress.yaml +++ b/cluster/apps/download/qbittorrent/ingress.yaml @@ -9,7 +9,7 @@ metadata: traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd spec: rules: - - host: "qbit.${SECRET_DOMAIN_BASE}" + - host: "qbit.${SECRET_DOMAIN}" http: paths: - path: / diff --git a/cluster/apps/download/radarr/helm-release.yaml b/cluster/apps/download/radarr/helm-release.yaml index 0b0f360..a324ab8 100644 --- a/cluster/apps/download/radarr/helm-release.yaml +++ b/cluster/apps/download/radarr/helm-release.yaml @@ -49,7 +49,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "radarr.${SECRET_DOMAIN_BASE}" + - host: "radarr.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/readarr/audiobook-helm.yaml b/cluster/apps/download/readarr/audiobook-helm.yaml index 245a675..9173a16 100644 --- a/cluster/apps/download/readarr/audiobook-helm.yaml +++ b/cluster/apps/download/readarr/audiobook-helm.yaml @@ -47,7 +47,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "abook.${SECRET_DOMAIN_BASE}" + - host: "abook.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/readarr/ebook-helm.yaml b/cluster/apps/download/readarr/ebook-helm.yaml index 2fae466..22d828a 100644 --- a/cluster/apps/download/readarr/ebook-helm.yaml +++ b/cluster/apps/download/readarr/ebook-helm.yaml @@ -47,7 +47,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "ebook.${SECRET_DOMAIN_BASE}" + - host: "ebook.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/download/sonarr/helm-release.yaml b/cluster/apps/download/sonarr/helm-release.yaml index fc30927..ccf7b45 100644 --- a/cluster/apps/download/sonarr/helm-release.yaml +++ b/cluster/apps/download/sonarr/helm-release.yaml @@ -49,7 +49,7 @@ spec: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd hosts: - - host: "sonarr.${SECRET_DOMAIN_BASE}" + - host: "sonarr.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/audiobookshelf/helm-release.yaml b/cluster/apps/media/audiobookshelf/helm-release.yaml index 73ef5a0..ee9266e 100644 --- a/cluster/apps/media/audiobookshelf/helm-release.yaml +++ b/cluster/apps/media/audiobookshelf/helm-release.yaml @@ -36,7 +36,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "audiobooks.${SECRET_DOMAIN_BASE}" + - host: "audiobooks.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/jellyfin/helm-release.yaml b/cluster/apps/media/jellyfin/helm-release.yaml index a67c623..1671ea1 100644 --- a/cluster/apps/media/jellyfin/helm-release.yaml +++ b/cluster/apps/media/jellyfin/helm-release.yaml @@ -39,7 +39,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "watch.${SECRET_DOMAIN_BASE}" + - host: "watch.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/jellyseerr/helm-release.yaml b/cluster/apps/media/jellyseerr/helm-release.yaml index 0467fce..d42b8f9 100644 --- a/cluster/apps/media/jellyseerr/helm-release.yaml +++ b/cluster/apps/media/jellyseerr/helm-release.yaml @@ -42,7 +42,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "request.${SECRET_DOMAIN_BASE}" + - host: "request.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/kavita/helm-release.yaml b/cluster/apps/media/kavita/helm-release.yaml index b690afd..69f4f57 100644 --- a/cluster/apps/media/kavita/helm-release.yaml +++ b/cluster/apps/media/kavita/helm-release.yaml @@ -33,7 +33,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "books.${SECRET_DOMAIN_BASE}" + - host: "books.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/apps/media/komga/helm-release.yaml b/cluster/apps/media/komga/helm-release.yaml index 56ffb70..10ff8d7 100644 --- a/cluster/apps/media/komga/helm-release.yaml +++ b/cluster/apps/media/komga/helm-release.yaml @@ -35,7 +35,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.entrypoints: websecure hosts: - - host: "comics.${SECRET_DOMAIN_BASE}" + - host: "comics.${SECRET_DOMAIN}" paths: - path: / pathType: Prefix diff --git a/cluster/core/networking/traefik/helm-release.yaml b/cluster/core/networking/traefik/helm-release.yaml index 998a054..dd79b18 100644 --- a/cluster/core/networking/traefik/helm-release.yaml +++ b/cluster/core/networking/traefik/helm-release.yaml @@ -86,7 +86,7 @@ spec: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.middlewares: "traefik-authentik@kubernetescrd" entryPoints: [ "websecure" ] - matchRule: Host(`k3st.${SECRET_DOMAIN_BASE}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) + matchRule: Host(`k3st.${SECRET_DOMAIN}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes. ingressClass: diff --git a/cluster/core/storage/longhorn/ingress.yaml b/cluster/core/storage/longhorn/ingress.yaml index 1ce4428..7e5429c 100644 --- a/cluster/core/storage/longhorn/ingress.yaml +++ b/cluster/core/storage/longhorn/ingress.yaml @@ -7,7 +7,7 @@ metadata: traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: rules: - - host: "longhorn.${SECRET_DOMAIN_BASE}" + - host: "longhorn.${SECRET_DOMAIN}" http: paths: - path: / diff --git a/cluster/secrets/cluster-secrets.sops.yaml b/cluster/secrets/cluster-secrets.sops.yaml index 4f58ab5..96dabe6 100644 --- a/cluster/secrets/cluster-secrets.sops.yaml +++ b/cluster/secrets/cluster-secrets.sops.yaml @@ -3,10 +3,11 @@ kind: Secret metadata: name: cluster-secrets namespace: flux-system +type: Opaque stringData: SECRET_MY_EMAIL: ENC[AES256_GCM,data:o1mpa9VUFdZOepjGKkD76/Px,iv:u+2VUsHGP0O0Qw5ojE4zuSd80iGTDxB95rXB6JO2CJs=,tag:5xvoFP96iOoYSjbZ9NVX0A==,type:str] SECRET_LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:J3Q3okoZ4APVwMXcl00pCPnO,iv:F0L/cRRy5FWMqCF+lpQbZwytSl2OqVOLmVtS0B4jRvU=,tag:cnxZCYcFLDFjKNlbMz+dsg==,type:str] - SECRET_DOMAIN_BASE: ENC[AES256_GCM,data:vtG2sh+T1q7i7KZsoa45PQ==,iv:MVeiGFQgDgegk3d1UlPr1yKs430F8J6VjH1XI4xch/I=,tag:Us+rxCiPSw1ImybGe7Oe9Q==,type:str] + SECRET_DOMAIN: ENC[AES256_GCM,data:9pkOjdhgZWjNAU8bqYYnoQ==,iv:kEfWr2NZesZ+SQLHAysAAUujT44dyDUqBtW1hM7yPEs=,tag:+Poe1kKR2noGYzlju3oSzA==,type:str] SECRET_AUTHENTIK_SECRET_KEY: ENC[AES256_GCM,data:VNkSzACyKPK8Ois5RsddusfeopQ0/2dRZ2nTTFePz4Y=,iv:V3X1U37Aj5ja+iGuLL9DvLtW43TZvClBgNMQ419tnP8=,tag:cu4vS6fNh5H79KvjeKEtXA==,type:str] SECRET_DATABASE_PGSQL_USER_PASS: ENC[AES256_GCM,data:6WJahxUSCBVaQXz2x8lpbfGOubNSjsJ4UkT/IfuPUIk=,iv:cg9FbEn5NfSTug/LKLN9mkFOnOjyRhqtENd+NYnm9Sc=,tag:3XH1AAc/tstYKnzInXzvTw==,type:str] SECRET_DATABASE_PGSQL_ADMIN_PASS: ENC[AES256_GCM,data:746QiSbXgMZUeZ9CyanACXrqteInkEocwuxMTUI6ygo=,iv:2thgTjzT69tZakmJDXnl+5sCGtsiqLo8/NCz7pIVavo=,tag:emLcIk/6Dhw8HlymCRjqPQ==,type:str] @@ -17,8 +18,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-04-10T03:53:42Z" - mac: ENC[AES256_GCM,data:i9EEDR7k6i7A5Wt4i59xTBIhYgOaN3wXIRHAFDLmYfYnWZ4SiCC7POvrtra6Gia5R5L2u31Z82OCkvEBMMKaCYOibIgm592E0dJf5sQPj72AtdhKolk/hXi9Io3r+EjPvuBdT01SBPrhn0b+cLVXketxieYebdCnHNikRXA8UEo=,iv:Ac6TdxCqZpzn0uTPPMwJU2uLoMuDtZsNJ36jVb7NBAM=,tag:qvNTZB/T/yExR22NqG6C1g==,type:str] + lastmodified: "2023-04-10T04:52:25Z" + mac: ENC[AES256_GCM,data:VPcHPSzRC699WltrBi5J3nlnJ9Vr+PsL2YbtLbIYaLq2BqW2yj+FOLl89zrVddAcZHOd9IXUqelymaNr3IfzPASGuGZ1zwrf3d9Pf9sczawhfyiLx7MK4bZwU/r64y/1gzTZkkOLOCQEQoJzUfc4wqtcI/XmQWPZXVS0o0UFH7c=,iv:p6eMS83y81/1fEyClxVxXQ83VcbsSNx/YiHFDkMzNNo=,tag:+gGSHBOLYqlY36JtrdKUNA==,type:str] pgp: - created_at: "2023-04-05T02:28:36Z" enc: |