SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 32 Packages Projects Releases Wiki Activity

Use wildcard cert everywhere!

This commit is contained in:
SeanOMik 2023-04-13 01:21:06 -04:00
parent f2252bd6c8
commit fc5e97e7ae
Signed by: SeanOMik
GPG Key ID: 568F326C7EB33ACB
12 changed files with 59 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cluster/apps/authentik/helm-release.yaml
View File

@ -58,10 +58,14 @@ spec:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: auth.${SECRET_NEW_DOMAIN}
- host: &host "auth.${SECRET_NEW_DOMAIN}"
paths:
- path: "/"
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
monitoring:
enabled: false # temporarily disable monitoring

7
cluster/apps/management/guacamole/helm-release.yaml
View File

@ -44,13 +44,16 @@ spec:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "remote.${SECRET_NEW_DOMAIN}"
- host: &host "remote.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
config:

7
cluster/apps/media/audiobookshelf/helm-release.yaml
View File

@ -33,13 +33,16 @@ spec:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "audiobooks.${SECRET_NEW_DOMAIN}"
- host: &host "audiobooks.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
config:

7
cluster/apps/media/jellyfin/helm-release.yaml
View File

@ -36,13 +36,16 @@ spec:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "watch.${SECRET_NEW_DOMAIN}"
- host: &host "watch.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
config:

7
cluster/apps/media/jellyseerr/helm-release.yaml
View File

@ -39,13 +39,16 @@ spec:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "request.${SECRET_NEW_DOMAIN}"
- host: &host "request.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
config:

7
cluster/apps/media/kavita/helm-release.yaml
View File

@ -30,13 +30,16 @@ spec:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "books.${SECRET_NEW_DOMAIN}"
- host: &host "books.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
config:
enabled: true

7
cluster/apps/media/komga/helm-release.yaml
View File

@ -32,13 +32,16 @@ spec:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "comics.${SECRET_NEW_DOMAIN}"
- host: &host "comics.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
config:
enabled: true

9
cluster/apps/media/plex/helm-release.yaml
View File

@ -47,13 +47,16 @@ spec:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure #,plex
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "plex.${SECRET_NEW_DOMAIN}"
- host: &host "plex.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
config:

6
cluster/apps/tools/hastebin/helm-release.yaml
View File

@ -53,10 +53,14 @@ spec:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "paste.${SECRET_NEW_DOMAIN}"
- host: &host "paste.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
resources:
requests:

6
cluster/apps/tools/transfersh/helm-release.yaml
View File

@ -49,10 +49,14 @@ spec:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "upload.${SECRET_NEW_DOMAIN}"
- host: &host "upload.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
storage:

6
cluster/apps/tools/vaultwarden/helm-release.yaml
View File

@ -36,10 +36,14 @@ spec:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "bitwarden.${SECRET_NEW_DOMAIN}"
- host: &host "bitwarden.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
data:

4
cluster/core/cert-manager/wildcard-cert.yaml
View File

@ -8,13 +8,13 @@ spec:
secretTemplate:
annotations:
replicator.v1.mittwald.de/replicate-to: "traefik,download"
replicator.v1.mittwald.de/replicate-to: "traefik,download,media,tools,management,authentik"
duration: 2160h # 90d
renewBefore: 360h # 15d
issuerRef:
name: letsencrypt-staging
name: letsencrypt-prod
kind: ClusterIssuer
dnsNames: