From 7f9b2d2c6d062f58152681f28a86af551d312f0b Mon Sep 17 00:00:00 2001 From: Tanguy Herbron Date: Fri, 24 Jun 2022 20:43:24 +0200 Subject: [PATCH] Holyday tmp --- adguard/test/config.yaml | 146 +++++ adguard/test/default-env | 36 ++ helm/adguard/values.yaml | 0 helm/traefik/dashboard.yaml | 27 + helm/traefik/values.yaml | 54 ++ longhorn/ingress.yaml | 24 + nginx/deployment.yaml | 1 + nginx/ingress.yaml | 43 +- nginx/service.yaml | 1 + ocis/config-map.yaml | 60 ++ ocis/deployment.yaml | 38 ++ ocis/ingress.yaml | 14 + ocis/service.yaml | 13 + traefik-lb/deployment.yaml | 40 -- traefik-lb/kubernetes-crd-rbac.yml | 63 -- traefik-lb/service-account.yaml | 4 - traefik-lb/service.yaml | 25 - .../traefik.containo.us_ingressroutes.yaml | 198 ------ .../traefik.containo.us_ingressroutetcps.yaml | 162 ----- .../traefik.containo.us_ingressrouteudps.yaml | 84 --- .../traefik.containo.us_middlewares.yaml | 596 ------------------ ...traefik.containo.us_serverstransports.yaml | 122 ---- .../traefik.containo.us_tlsoptions.yaml | 92 --- traefik-lb/traefik.containo.us_tlsstores.yaml | 64 -- .../traefik.containo.us_traefikservices.yaml | 270 -------- vaultwarden/deployment.yaml | 33 + vaultwarden/ingress.yaml | 23 + vaultwarden/service.yaml | 13 + 28 files changed, 503 insertions(+), 1743 deletions(-) create mode 100644 adguard/test/config.yaml create mode 100644 adguard/test/default-env create mode 100644 helm/adguard/values.yaml create mode 100644 helm/traefik/dashboard.yaml create mode 100644 helm/traefik/values.yaml create mode 100644 longhorn/ingress.yaml create mode 100644 ocis/config-map.yaml create mode 100644 ocis/deployment.yaml create mode 100644 ocis/ingress.yaml create mode 100644 ocis/service.yaml delete mode 100644 traefik-lb/deployment.yaml delete mode 100644 traefik-lb/kubernetes-crd-rbac.yml delete mode 100644 traefik-lb/service-account.yaml delete mode 100644 traefik-lb/service.yaml delete mode 100644 traefik-lb/traefik.containo.us_ingressroutes.yaml delete mode 100644 traefik-lb/traefik.containo.us_ingressroutetcps.yaml delete mode 100644 traefik-lb/traefik.containo.us_ingressrouteudps.yaml delete mode 100644 traefik-lb/traefik.containo.us_middlewares.yaml delete mode 100644 traefik-lb/traefik.containo.us_serverstransports.yaml delete mode 100644 traefik-lb/traefik.containo.us_tlsoptions.yaml delete mode 100644 traefik-lb/traefik.containo.us_tlsstores.yaml delete mode 100644 traefik-lb/traefik.containo.us_traefikservices.yaml create mode 100644 vaultwarden/deployment.yaml create mode 100644 vaultwarden/ingress.yaml create mode 100644 vaultwarden/service.yaml diff --git a/adguard/test/config.yaml b/adguard/test/config.yaml new file mode 100644 index 0000000..7d6897a --- /dev/null +++ b/adguard/test/config.yaml @@ -0,0 +1,146 @@ +apiVersion: v1 +data: + AdGuardHome.yaml: | + bind_host: 0.0.0.0 + bind_port: 3000 + users: + - name: $USER_NAME + password: $2a$10$$USER_PASSWORD + auth_attempts: 5 + block_auth_min: 15 + http_proxy: "" + web_session_ttl: 720 + dns: + bind_hosts: + - 0.0.0.0 + port: 53 + statistics_interval: 1 + querylog_enabled: true + querylog_file_enabled: true + querylog_interval: 24h + querylog_size_memory: 1000 + anonymize_client_ip: false + protection_enabled: true + blocking_mode: default + blocking_ipv4: "" + blocking_ipv6: "" + blocked_response_ttl: 10 + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com + ratelimit: 20 + ratelimit_whitelist: [] + refuse_any: true + upstream_dns: + - https://dns10.quad9.net/dns-query + - 8.8.8.8 + - 8.8.4.4 + - 1.1.1.1 + upstream_dns_file: "" + bootstrap_dns: + - 9.9.9.10 + - 149.112.112.10 + - 2620:fe::10 + - 2620:fe::fe:10 + all_servers: true + fastest_addr: false + fastest_timeout: 1s + allowed_clients: [] + disallowed_clients: [] + blocked_hosts: + - version.bind + - id.server + - hostname.bind + trusted_proxies: + - 127.0.0.0/8 + - ::1/128 + cache_size: 4194304 + cache_ttl_min: 0 + cache_ttl_max: 0 + cache_optimistic: false + bogus_nxdomain: [] + aaaa_disabled: false + enable_dnssec: false + edns_client_subnet: false + max_goroutines: 300 + ipset: [] + filtering_enabled: true + filters_update_interval: 24 + parental_enabled: false + safesearch_enabled: false + safebrowsing_enabled: false + safebrowsing_cache_size: 1048576 + safesearch_cache_size: 1048576 + parental_cache_size: 1048576 + cache_time: 30 + rewrites: $DNS_REWRITES + blocked_services: + - tiktok + upstream_timeout: 10s + local_domain_name: lan + resolve_clients: true + use_private_ptr_resolvers: true + local_ptr_upstreams: [] + tls: + enabled: false + server_name: "" + force_https: false + port_https: 443 + port_dns_over_tls: 853 + port_dns_over_quic: 784 + port_dnscrypt: 0 + dnscrypt_config_file: "" + allow_unencrypted_doh: false + strict_sni_check: false + certificate_chain: "" + private_key: "" + certificate_path: "" + private_key_path: "" + filters: + - enabled: true + url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt + name: AdGuard DNS filter + id: 1 + - enabled: true + url: https://adaway.org/hosts.txt + name: AdAway Default Blocklist + id: 2 + - enabled: false + url: https://www.malwaredomainlist.com/hostslist/hosts.txt + name: MalwareDomainList.com Hosts List + id: 4 + whitelist_filters: [] + user_rules: + - '@@||v.oui.sncf^$important' + dhcp: + enabled: false + interface_name: "" + dhcpv4: + gateway_ip: "" + subnet_mask: "" + range_start: "" + range_end: "" + lease_duration: 86400 + icmp_timeout_msec: 1000 + options: [] + dhcpv6: + range_start: "" + lease_duration: 86400 + ra_slaac_only: false + ra_allow_slaac: false + clients: [] + log_compress: false + log_localtime: false + log_max_backups: 0 + log_max_size: 100 + log_max_age: 3 + log_file: "" + verbose: false + os: + group: "" + user: "" + rlimit_nofile: 0 + schema_version: 12 +kind: ConfigMap +metadata: + name: adguard-config + namespace: default diff --git a/adguard/test/default-env b/adguard/test/default-env new file mode 100644 index 0000000..0247086 --- /dev/null +++ b/adguard/test/default-env @@ -0,0 +1,36 @@ +export USER_NAME=admin +export USER_PASSWORD=password +export DNS_REWRITES="\t- domain: socrates.halia +\t answer: 10.11.0.1 +\t- domain: plotinus.halia +\t answer: 10.11.0.3 +\t- domain: epicurus.halia +\t answer: 10.11.0.4 +\t- domain: pythagoras-a.halia +\t answer: 10.11.0.5 +\t- domain: pythagoras-b.halia +\t answer: 10.11.0.6 +\t- domain: pythagoras-z.halia +\t answer: 10.11.0.7 +\t- domain: archimedes.halia +\t answer: 10.11.0.8 +\t- domain: plato.halia +\t answer: 10.11.0.9 +\t- domain: platorrent.halia +\t answer: 10.11.0.10 +\t- domain: heraclitus.halia +\t answer: 10.11.0.11 +\t- domain: '*.entos' +\t answer: 10.11.0.1 +\t- domain: diogenes.halia +\t answer: 10.11.0.12 +\t- domain: '*.aristotle.halia' +\t answer: 10.11.0.2 +\t- domain: aristotle.halia +\t answer: 10.11.0.2 +\t- domain: '*.diogenes.halia' +\t answer: 10.11.0.12 +\t- domain: k3s.beta +\t answer: 10.10.0.52 +\t- domain: '*.k3s.beta' +\t answer: 10.10.0.52" diff --git a/helm/adguard/values.yaml b/helm/adguard/values.yaml new file mode 100644 index 0000000..e69de29 diff --git a/helm/traefik/dashboard.yaml b/helm/traefik/dashboard.yaml new file mode 100644 index 0000000..34d8abb --- /dev/null +++ b/helm/traefik/dashboard.yaml @@ -0,0 +1,27 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: internal-ipwhitelist +spec: + ipWhiteList: + sourceRange: + - 10.10.0.1/24 + - 10.20.0.1/24 + - 10.42.1.1/24 + ipStrategy: + depth: 0 + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: traefik-dashboard +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`traefik.k3s.beta`) + services: + - name: api@internal + kind: TraefikService diff --git a/helm/traefik/values.yaml b/helm/traefik/values.yaml new file mode 100644 index 0000000..5b9cbda --- /dev/null +++ b/helm/traefik/values.yaml @@ -0,0 +1,54 @@ +ports: + admin: + port: 8080 + expose: true + exposePort: 8080 + protocol: TCP + minecrafttcp: + port: 25565 + expose: true + exposePort: 25565 + protocol: TCP + web: + redirectTo: websecure + +additionalArguments: + - --log.level=DEBUG + - --entrypoints.websecure.http.tls=true + - --entrypoints.websecure.http.tls.certresolver=letsencrypt + - --entrypoints.websecure.http.tls.domains[0].main=beta.halia.dev + - --entrypoints.websecure.http.tls.domains[0].sans=*.beta.halia.dev + - --certificatesresolvers.letsencrypt.acme.tlschallenge=true + - --certificatesresolvers.letsencrypt.acme.dnschallenge=true + - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=ovh + - --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1 + - --certificatesresolvers.letsencrypt.acme.email=tanguy.herbron@outlook.com + - --certificatesresolvers.letsencrypt.acme.storage=/certs/acme.json + +env: + - name: OVH_APPLICATION_KEY + valueFrom: + secretKeyRef: + key: appKey + name: ovh-api-credentials + - name: OVH_APPLICATION_SECRET + valueFrom: + secretKeyRef: + key: appSecret + name: ovh-api-credentials + - name: OVH_CONSUMER_KEY + valueFrom: + secretKeyRef: + key: consumerKey + name: ovh-api-credentials + - name: OVH_ENDPOINT + valueFrom: + secretKeyRef: + key: endpoint + name: ovh-api-credentials + +persistence: + enabled: true + path: /certs + size: 128Mi + storageClass: "local-path" diff --git a/longhorn/ingress.yaml b/longhorn/ingress.yaml new file mode 100644 index 0000000..7891471 --- /dev/null +++ b/longhorn/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: longhorn-frontend + namespace: longhorn-system + annotations: + kubernetes.io/ingress.class: "traefik" + +spec: + tls: + - secretName: longhorn-beta-tls + hosts: + - longhorn.beta.halia.dev + rules: + - host: longhorn.beta.halia.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: longhorn-frontend + port: + number: 80 diff --git a/nginx/deployment.yaml b/nginx/deployment.yaml index 697b02d..8f4aac4 100644 --- a/nginx/deployment.yaml +++ b/nginx/deployment.yaml @@ -17,3 +17,4 @@ spec: image: nginx ports: - containerPort: 80 + diff --git a/nginx/ingress.yaml b/nginx/ingress.yaml index e41cc09..89696e2 100644 --- a/nginx/ingress.yaml +++ b/nginx/ingress.yaml @@ -1,26 +1,23 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware +apiVersion: networking.k8s.io/v1 +kind: Ingress metadata: - name: stripprefix -spec: - stripPrefix: - prefixes: - - /nginx - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: nginx-ingress - annotations: - "traefik.ingress.kubernetes.io/router.middlewares": default-stripprefix@kubernetescrd + name: nginx-ingress + annotations: + kubernetes.io/ingress.class: "traefik" spec: - entryPoints: - - web - routes: - - match: Host(`nginx.diogenes.halia`) - kind: Rule - services: - - name: nginx-svc - port: 80 + tls: + - secretName: nginx-beta-tls + hosts: + - nginx.beta.halia.dev + rules: + - host: nginx.beta.halia.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginx-svc + port: + number: 80 diff --git a/nginx/service.yaml b/nginx/service.yaml index 1274b5a..3ddeb2a 100644 --- a/nginx/service.yaml +++ b/nginx/service.yaml @@ -11,3 +11,4 @@ spec: port: 80 selector: app: nginx + diff --git a/ocis/config-map.yaml b/ocis/config-map.yaml new file mode 100644 index 0000000..0958131 --- /dev/null +++ b/ocis/config-map.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ocis-cfmap +data: + file-from-cfgmap: | + token_manager: + jwt_secret: FhiGf^OHYAZ7dG71ahYCKqijFwR!=0Ow + machine_auth_api_key: ej1Z+nyhbBtnqxarIY4Tsy-2+HZtn77- + system_user_api_key: O%n*G#ppGY7XkQZu4G9Ond11R$5^r0O0 + transfer_secret: J!V67qd*OzhxETqjemD9NM4.G0TtFUK3 + system_user_id: 22040a20-6a6e-4852-890f-4b75fc83fe16 + admin_user_id: 9daeabac-8bd1-4832-b901-2d8b9cbc0c9b + graph: + spaces: + insecure: true + identity: + ldap: + bind_password: '!m-jDVnCELY=aY%*b@DXPrm9axqZyaZ$' + idp: + ldap: + bind_password: 8nH+VikJ$05P8+M!ZB#fW7R-.G3hE+xP + idm: + service_user_passwords: + admin_password: qXY0%X8%DIIG5w3e8JbgVgaD*ac!bJkr + idm_password: '!m-jDVnCELY=aY%*b@DXPrm9axqZyaZ$' + reva_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p + idp_password: 8nH+VikJ$05P8+M!ZB#fW7R-.G3hE+xP + proxy: + insecure_backends: true + frontend: + archiver: + insecure: true + auth_basic: + auth_providers: + ldap: + bind_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p + auth_bearer: + auth_providers: + oidc: + insecure: true + users: + drivers: + ldap: + bind_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p + groups: + drivers: + ldap: + bind_password: .0OrTAuRdnJ*Kt&=t3$Q1Ks!nQ+WAx*p + storage_system: + data_provider_insecure: true + storage_users: + data_provider_insecure: true + ocdav: + insecure: true + thumbnails: + thumbnail: + transfer_secret: gOm2#L4V9DGJ=fdPrHwZ%CmBje#r9j@E + webdav_allow_insecure: true + cs3_allow_insecure: true diff --git a/ocis/deployment.yaml b/ocis/deployment.yaml new file mode 100644 index 0000000..ac30156 --- /dev/null +++ b/ocis/deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ocis +spec: + replicas: 1 + selector: + matchLabels: + app: ocis + template: + metadata: + labels: + app: ocis + spec: + containers: + - name: ocis + image: owncloud/ocis + ports: + - containerPort: 9200 + env: + - name: IDM_CREATE_DEMO_USERS + value: "true" + - name: INSECURE + value: "true" + - name: OCIS_JWT_SECRET + value: "Something_random_not_normal" + - name: STORAGE_TRANSFER_SECRET + value: "Something_very_secure" + - name: OCIS_MACHINE_AUTH_API_KEY + value: "A_very_random_api_key" + volumeMounts: + - name: mnt + mountPath: /etc/ocis/ocis.yaml + subPath: ocis-config + volumes: + - name: mnt + configMap: + name: ocis-cfmap diff --git a/ocis/ingress.yaml b/ocis/ingress.yaml new file mode 100644 index 0000000..85888c5 --- /dev/null +++ b/ocis/ingress.yaml @@ -0,0 +1,14 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: ocis-ingress + +spec: + entryPoints: + - web + routes: + - match: Host(`drive.diogenes.halia`) + kind: Rule + services: + - name: ocis-svc + port: 9200 diff --git a/ocis/service.yaml b/ocis/service.yaml new file mode 100644 index 0000000..76ee79c --- /dev/null +++ b/ocis/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: ocis-svc + labels: + app: ocis +spec: + type: ClusterIP + ports: + - name: http + port: 9200 + selector: + app: ocis diff --git a/traefik-lb/deployment.yaml b/traefik-lb/deployment.yaml deleted file mode 100644 index 52c9722..0000000 --- a/traefik-lb/deployment.yaml +++ /dev/null @@ -1,40 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: traefik - labels: - app: traefik - -spec: - replicas: 1 - selector: - matchLabels: - app: traefik - template: - metadata: - labels: - app: traefik - spec: - serviceAccountName: traefik-ingress-controller - containers: - - name: traefik - image: traefik:v2.7 - args: - - --log.level=DEBUG - - --api - - --api.insecure - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --entrypoints.minecrafttcp.address=:25565/tcp - - --providers.kubernetescrd - ports: - - name: web - containerPort: 80 - - name: websecure - containerPort: 443 - - name: admin - containerPort: 8080 - - name: minecrafttcp - containerPort: 25565 - - diff --git a/traefik-lb/kubernetes-crd-rbac.yml b/traefik-lb/kubernetes-crd-rbac.yml deleted file mode 100644 index 4a5b80e..0000000 --- a/traefik-lb/kubernetes-crd-rbac.yml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: traefik-ingress-controller - -rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - traefik.containo.us - resources: - - middlewares - - middlewaretcps - - ingressroutes - - traefikservices - - ingressroutetcps - - ingressrouteudps - - tlsoptions - - tlsstores - - serverstransports - verbs: - - get - - list - - watch - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: traefik-ingress-controller - -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik-ingress-controller -subjects: - - kind: ServiceAccount - name: traefik-ingress-controller - namespace: default diff --git a/traefik-lb/service-account.yaml b/traefik-lb/service-account.yaml deleted file mode 100644 index 8a31290..0000000 --- a/traefik-lb/service-account.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: traefik-ingress-controller diff --git a/traefik-lb/service.yaml b/traefik-lb/service.yaml deleted file mode 100644 index 731a12b..0000000 --- a/traefik-lb/service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: traefik -spec: - type: LoadBalancer - selector: - app: traefik - ports: - - protocol: TCP - port: 80 - name: web - targetPort: 80 - - protocol: TCP - port: 443 - name: websecure - targetPort: 443 - - protocol: TCP - port: 8080 - name: admin - targetPort: 8080 - - protocol: TCP - port: 25565 - name: minecrafttcp - targetPort: 25565 diff --git a/traefik-lb/traefik.containo.us_ingressroutes.yaml b/traefik-lb/traefik.containo.us_ingressroutes.yaml deleted file mode 100644 index 1f55459..0000000 --- a/traefik-lb/traefik.containo.us_ingressroutes.yaml +++ /dev/null @@ -1,198 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: ingressroutes.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: IngressRoute - listKind: IngressRouteList - plural: ingressroutes - singular: ingressroute - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRoute is an Ingress CRD specification. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressRouteSpec is a specification for a IngressRouteSpec - resource. - properties: - entryPoints: - items: - type: string - type: array - routes: - items: - description: Route contains the set of routes. - properties: - kind: - enum: - - Rule - type: string - match: - type: string - middlewares: - items: - description: MiddlewareRef is a ref to the Middleware resources. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: array - priority: - type: integer - services: - items: - description: Service defines an upstream to proxy traffic. - properties: - kind: - enum: - - Service - - TraefikService - type: string - name: - description: Name is a reference to a Kubernetes Service - object (for a load-balancer of servers), or to a TraefikService - object (service load-balancer, mirroring, etc). The - differentiation between the two is specified in the - Kind field. - type: string - namespace: - type: string - passHostHeader: - type: boolean - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding holds configuration for - the forward of the response. - properties: - flushInterval: - type: string - type: object - scheme: - type: string - serversTransport: - type: string - sticky: - description: Sticky holds the sticky configuration. - properties: - cookie: - description: Cookie holds the sticky configuration - based on cookie. - properties: - httpOnly: - type: boolean - name: - type: string - sameSite: - type: string - secure: - type: boolean - type: object - type: object - strategy: - type: string - weight: - description: Weight should only be specified when Name - references a TraefikService object (and to be precise, - one that embeds a Weighted Round Robin). - type: integer - required: - - name - type: object - type: array - required: - - kind - - match - type: object - type: array - tls: - description: "TLS contains the TLS certificates configuration of the - routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in - YAML: \n \t tls: {} # inline format \n \t tls: \t secretName: - # block format" - properties: - certResolver: - type: string - domains: - items: - description: Domain holds a domain name with SANs. - properties: - main: - type: string - sans: - items: - type: string - type: array - type: object - type: array - options: - description: Options is a reference to a TLSOption, that specifies - the parameters of the TLS connection. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - store: - description: Store is a reference to a TLSStore, that specifies - the parameters of the TLS store. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik-lb/traefik.containo.us_ingressroutetcps.yaml b/traefik-lb/traefik.containo.us_ingressroutetcps.yaml deleted file mode 100644 index e20d612..0000000 --- a/traefik-lb/traefik.containo.us_ingressroutetcps.yaml +++ /dev/null @@ -1,162 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: ingressroutetcps.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: IngressRouteTCP - listKind: IngressRouteTCPList - plural: ingressroutetcps - singular: ingressroutetcp - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRouteTCP is an Ingress CRD specification. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec - resource. - properties: - entryPoints: - items: - type: string - type: array - routes: - items: - description: RouteTCP contains the set of routes. - properties: - match: - type: string - middlewares: - description: Middlewares contains references to MiddlewareTCP - resources. - items: - description: ObjectReference is a generic reference to a Traefik - resource. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: array - priority: - type: integer - services: - items: - description: ServiceTCP defines an upstream to proxy traffic. - properties: - name: - type: string - namespace: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - proxyProtocol: - description: ProxyProtocol holds the ProxyProtocol configuration. - properties: - version: - type: integer - type: object - terminationDelay: - type: integer - weight: - type: integer - required: - - name - - port - type: object - type: array - required: - - match - type: object - type: array - tls: - description: "TLSTCP contains the TLS certificates configuration of - the routes. To enable Let's Encrypt, use an empty TLS struct, e.g. - in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName: - # block format" - properties: - certResolver: - type: string - domains: - items: - description: Domain holds a domain name with SANs. - properties: - main: - type: string - sans: - items: - type: string - type: array - type: object - type: array - options: - description: Options is a reference to a TLSOption, that specifies - the parameters of the TLS connection. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - passthrough: - type: boolean - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - store: - description: Store is a reference to a TLSStore, that specifies - the parameters of the TLS store. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik-lb/traefik.containo.us_ingressrouteudps.yaml b/traefik-lb/traefik.containo.us_ingressrouteudps.yaml deleted file mode 100644 index 57fbaa7..0000000 --- a/traefik-lb/traefik.containo.us_ingressrouteudps.yaml +++ /dev/null @@ -1,84 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: ingressrouteudps.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: IngressRouteUDP - listKind: IngressRouteUDPList - plural: ingressrouteudps - singular: ingressrouteudp - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: IngressRouteUDP is an Ingress CRD specification. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec - resource. - properties: - entryPoints: - items: - type: string - type: array - routes: - items: - description: RouteUDP contains the set of routes. - properties: - services: - items: - description: ServiceUDP defines an upstream to proxy traffic. - properties: - name: - type: string - namespace: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - weight: - type: integer - required: - - name - - port - type: object - type: array - type: object - type: array - required: - - routes - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik-lb/traefik.containo.us_middlewares.yaml b/traefik-lb/traefik.containo.us_middlewares.yaml deleted file mode 100644 index d9a4cfd..0000000 --- a/traefik-lb/traefik.containo.us_middlewares.yaml +++ /dev/null @@ -1,596 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: middlewares.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: Middleware - listKind: MiddlewareList - plural: middlewares - singular: middleware - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Middleware is a specification for a Middleware resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MiddlewareSpec holds the Middleware configuration. - properties: - addPrefix: - description: AddPrefix holds the AddPrefix configuration. - properties: - prefix: - type: string - type: object - basicAuth: - description: BasicAuth holds the HTTP basic authentication configuration. - properties: - headerField: - type: string - realm: - type: string - removeHeader: - type: boolean - secret: - type: string - type: object - buffering: - description: Buffering holds the request/response buffering configuration. - properties: - maxRequestBodyBytes: - format: int64 - type: integer - maxResponseBodyBytes: - format: int64 - type: integer - memRequestBodyBytes: - format: int64 - type: integer - memResponseBodyBytes: - format: int64 - type: integer - retryExpression: - type: string - type: object - chain: - description: Chain holds a chain of middlewares. - properties: - middlewares: - items: - description: MiddlewareRef is a ref to the Middleware resources. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: array - type: object - circuitBreaker: - description: CircuitBreaker holds the circuit breaker configuration. - properties: - checkPeriod: - anyOf: - - type: integer - - type: string - description: CheckPeriod is the interval between successive checks - of the circuit breaker condition (when in standby state). - x-kubernetes-int-or-string: true - expression: - description: Expression is the condition that triggers the tripped - state. - type: string - fallbackDuration: - anyOf: - - type: integer - - type: string - description: FallbackDuration is the duration for which the circuit - breaker will wait before trying to recover (from a tripped state). - x-kubernetes-int-or-string: true - recoveryDuration: - anyOf: - - type: integer - - type: string - description: RecoveryDuration is the duration for which the circuit - breaker will try to recover (as soon as it is in recovering - state). - x-kubernetes-int-or-string: true - type: object - compress: - description: Compress holds the compress configuration. - properties: - excludedContentTypes: - items: - type: string - type: array - minResponseBodyBytes: - type: integer - type: object - contentType: - description: ContentType middleware - or rather its unique `autoDetect` - option - specifies whether to let the `Content-Type` header, if - it has not been set by the backend, be automatically set to a value - derived from the contents of the response. As a proxy, the default - behavior should be to leave the header alone, regardless of what - the backend did with it. However, the historic default was to always - auto-detect and set the header if it was nil, and it is going to - be kept that way in order to support users currently relying on - it. This middleware exists to enable the correct behavior until - at least the default one can be changed in a future version. - properties: - autoDetect: - type: boolean - type: object - digestAuth: - description: DigestAuth holds the Digest HTTP authentication configuration. - properties: - headerField: - type: string - realm: - type: string - removeHeader: - type: boolean - secret: - type: string - type: object - errors: - description: ErrorPage holds the custom error page configuration. - properties: - query: - type: string - service: - description: Service defines an upstream to proxy traffic. - properties: - kind: - enum: - - Service - - TraefikService - type: string - name: - description: Name is a reference to a Kubernetes Service object - (for a load-balancer of servers), or to a TraefikService - object (service load-balancer, mirroring, etc). The differentiation - between the two is specified in the Kind field. - type: string - namespace: - type: string - passHostHeader: - type: boolean - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding holds configuration for the - forward of the response. - properties: - flushInterval: - type: string - type: object - scheme: - type: string - serversTransport: - type: string - sticky: - description: Sticky holds the sticky configuration. - properties: - cookie: - description: Cookie holds the sticky configuration based - on cookie. - properties: - httpOnly: - type: boolean - name: - type: string - sameSite: - type: string - secure: - type: boolean - type: object - type: object - strategy: - type: string - weight: - description: Weight should only be specified when Name references - a TraefikService object (and to be precise, one that embeds - a Weighted Round Robin). - type: integer - required: - - name - type: object - status: - items: - type: string - type: array - type: object - forwardAuth: - description: ForwardAuth holds the http forward authentication configuration. - properties: - address: - type: string - authRequestHeaders: - items: - type: string - type: array - authResponseHeaders: - items: - type: string - type: array - authResponseHeadersRegex: - type: string - tls: - description: ClientTLS holds TLS specific configurations as client. - properties: - caOptional: - type: boolean - caSecret: - type: string - certSecret: - type: string - insecureSkipVerify: - type: boolean - type: object - trustForwardHeader: - type: boolean - type: object - headers: - description: Headers holds the custom header configuration. - properties: - accessControlAllowCredentials: - description: AccessControlAllowCredentials is only valid if true. - false is ignored. - type: boolean - accessControlAllowHeaders: - description: AccessControlAllowHeaders must be used in response - to a preflight request with Access-Control-Request-Headers set. - items: - type: string - type: array - accessControlAllowMethods: - description: AccessControlAllowMethods must be used in response - to a preflight request with Access-Control-Request-Method set. - items: - type: string - type: array - accessControlAllowOriginList: - description: AccessControlAllowOriginList is a list of allowable - origins. Can also be a wildcard origin "*". - items: - type: string - type: array - accessControlAllowOriginListRegex: - description: AccessControlAllowOriginListRegex is a list of allowable - origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). - items: - type: string - type: array - accessControlExposeHeaders: - description: AccessControlExposeHeaders sets valid headers for - the response. - items: - type: string - type: array - accessControlMaxAge: - description: AccessControlMaxAge sets the time that a preflight - request may be cached. - format: int64 - type: integer - addVaryHeader: - description: AddVaryHeader controls if the Vary header is automatically - added/updated when the AccessControlAllowOriginList is set. - type: boolean - allowedHosts: - items: - type: string - type: array - browserXssFilter: - type: boolean - contentSecurityPolicy: - type: string - contentTypeNosniff: - type: boolean - customBrowserXSSValue: - type: string - customFrameOptionsValue: - type: string - customRequestHeaders: - additionalProperties: - type: string - type: object - customResponseHeaders: - additionalProperties: - type: string - type: object - featurePolicy: - description: 'Deprecated: use PermissionsPolicy instead.' - type: string - forceSTSHeader: - type: boolean - frameDeny: - type: boolean - hostsProxyHeaders: - items: - type: string - type: array - isDevelopment: - type: boolean - permissionsPolicy: - type: string - publicKey: - type: string - referrerPolicy: - type: string - sslForceHost: - description: 'Deprecated: use RedirectRegex instead.' - type: boolean - sslHost: - description: 'Deprecated: use RedirectRegex instead.' - type: string - sslProxyHeaders: - additionalProperties: - type: string - type: object - sslRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean - sslTemporaryRedirect: - description: 'Deprecated: use EntryPoint redirection or RedirectScheme - instead.' - type: boolean - stsIncludeSubdomains: - type: boolean - stsPreload: - type: boolean - stsSeconds: - format: int64 - type: integer - type: object - inFlightReq: - description: InFlightReq limits the number of requests being processed - and served concurrently. - properties: - amount: - format: int64 - type: integer - sourceCriterion: - description: SourceCriterion defines what criterion is used to - group requests as originating from a common source. If none - are set, the default is to use the request's remote address - field. All fields are mutually exclusive. - properties: - ipStrategy: - description: IPStrategy holds the ip strategy configuration. - properties: - depth: - type: integer - excludedIPs: - items: - type: string - type: array - type: object - requestHeaderName: - type: string - requestHost: - type: boolean - type: object - type: object - ipWhiteList: - description: IPWhiteList holds the ip white list configuration. - properties: - ipStrategy: - description: IPStrategy holds the ip strategy configuration. - properties: - depth: - type: integer - excludedIPs: - items: - type: string - type: array - type: object - sourceRange: - items: - type: string - type: array - type: object - passTLSClientCert: - description: PassTLSClientCert holds the TLS client cert headers configuration. - properties: - info: - description: TLSClientCertificateInfo holds the client TLS certificate - info configuration. - properties: - issuer: - description: TLSClientCertificateIssuerDNInfo holds the client - TLS certificate distinguished name info configuration. cf - https://tools.ietf.org/html/rfc3739 - properties: - commonName: - type: boolean - country: - type: boolean - domainComponent: - type: boolean - locality: - type: boolean - organization: - type: boolean - province: - type: boolean - serialNumber: - type: boolean - type: object - notAfter: - type: boolean - notBefore: - type: boolean - sans: - type: boolean - serialNumber: - type: boolean - subject: - description: TLSClientCertificateSubjectDNInfo holds the client - TLS certificate distinguished name info configuration. cf - https://tools.ietf.org/html/rfc3739 - properties: - commonName: - type: boolean - country: - type: boolean - domainComponent: - type: boolean - locality: - type: boolean - organization: - type: boolean - organizationalUnit: - type: boolean - province: - type: boolean - serialNumber: - type: boolean - type: object - type: object - pem: - type: boolean - type: object - plugin: - additionalProperties: - x-kubernetes-preserve-unknown-fields: true - type: object - rateLimit: - description: RateLimit holds the rate limiting configuration for a - given router. - properties: - average: - format: int64 - type: integer - burst: - format: int64 - type: integer - period: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - sourceCriterion: - description: SourceCriterion defines what criterion is used to - group requests as originating from a common source. If none - are set, the default is to use the request's remote address - field. All fields are mutually exclusive. - properties: - ipStrategy: - description: IPStrategy holds the ip strategy configuration. - properties: - depth: - type: integer - excludedIPs: - items: - type: string - type: array - type: object - requestHeaderName: - type: string - requestHost: - type: boolean - type: object - type: object - redirectRegex: - description: RedirectRegex holds the redirection configuration. - properties: - permanent: - type: boolean - regex: - type: string - replacement: - type: string - type: object - redirectScheme: - description: RedirectScheme holds the scheme redirection configuration. - properties: - permanent: - type: boolean - port: - type: string - scheme: - type: string - type: object - replacePath: - description: ReplacePath holds the ReplacePath configuration. - properties: - path: - type: string - type: object - replacePathRegex: - description: ReplacePathRegex holds the ReplacePathRegex configuration. - properties: - regex: - type: string - replacement: - type: string - type: object - retry: - description: Retry holds the retry configuration. - properties: - attempts: - type: integer - initialInterval: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - stripPrefix: - description: StripPrefix holds the StripPrefix configuration. - properties: - forceSlash: - type: boolean - prefixes: - items: - type: string - type: array - type: object - stripPrefixRegex: - description: StripPrefixRegex holds the StripPrefixRegex configuration. - properties: - regex: - items: - type: string - type: array - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik-lb/traefik.containo.us_serverstransports.yaml b/traefik-lb/traefik.containo.us_serverstransports.yaml deleted file mode 100644 index aac4679..0000000 --- a/traefik-lb/traefik.containo.us_serverstransports.yaml +++ /dev/null @@ -1,122 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: serverstransports.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: ServersTransport - listKind: ServersTransportList - plural: serverstransports - singular: serverstransport - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ServersTransport is a specification for a ServersTransport resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServersTransportSpec options to configure communication between - Traefik and the servers. - properties: - certificatesSecrets: - description: Certificates for mTLS. - items: - type: string - type: array - disableHTTP2: - description: Disable HTTP/2 for connections with backend servers. - type: boolean - forwardingTimeouts: - description: Timeouts for requests forwarded to the backend servers. - properties: - dialTimeout: - anyOf: - - type: integer - - type: string - description: DialTimeout is the amount of time to wait until a - connection to a backend server can be established. If zero, - no timeout exists. - x-kubernetes-int-or-string: true - idleConnTimeout: - anyOf: - - type: integer - - type: string - description: IdleConnTimeout is the maximum period for which an - idle HTTP keep-alive connection will remain open before closing - itself. - x-kubernetes-int-or-string: true - pingTimeout: - anyOf: - - type: integer - - type: string - description: PingTimeout is the timeout after which the HTTP/2 - connection will be closed if a response to ping is not received. - x-kubernetes-int-or-string: true - readIdleTimeout: - anyOf: - - type: integer - - type: string - description: ReadIdleTimeout is the timeout after which a health - check using ping frame will be carried out if no frame is received - on the HTTP/2 connection. If zero, no health check is performed. - x-kubernetes-int-or-string: true - responseHeaderTimeout: - anyOf: - - type: integer - - type: string - description: ResponseHeaderTimeout is the amount of time to wait - for a server's response headers after fully writing the request - (including its body, if any). If zero, no timeout exists. - x-kubernetes-int-or-string: true - type: object - insecureSkipVerify: - description: Disable SSL certificate verification. - type: boolean - maxIdleConnsPerHost: - description: If non-zero, controls the maximum idle (keep-alive) to - keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. - type: integer - peerCertURI: - description: URI used to match against SAN URI during the peer certificate - verification. - type: string - rootCAsSecrets: - description: Add cert file for self-signed certificate. - items: - type: string - type: array - serverName: - description: ServerName used to contact the server. - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik-lb/traefik.containo.us_tlsoptions.yaml b/traefik-lb/traefik.containo.us_tlsoptions.yaml deleted file mode 100644 index 40e813d..0000000 --- a/traefik-lb/traefik.containo.us_tlsoptions.yaml +++ /dev/null @@ -1,92 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tlsoptions.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: TLSOption - listKind: TLSOptionList - plural: tlsoptions - singular: tlsoption - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: TLSOption is a specification for a TLSOption resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSOptionSpec configures TLS for an entry point. - properties: - alpnProtocols: - items: - type: string - type: array - cipherSuites: - items: - type: string - type: array - clientAuth: - description: ClientAuth defines the parameters of the client authentication - part of the TLS connection, if any. - properties: - clientAuthType: - description: ClientAuthType defines the client authentication - type to apply. - enum: - - NoClientCert - - RequestClientCert - - RequireAnyClientCert - - VerifyClientCertIfGiven - - RequireAndVerifyClientCert - type: string - secretNames: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - items: - type: string - type: array - type: object - curvePreferences: - items: - type: string - type: array - maxVersion: - type: string - minVersion: - type: string - preferServerCipherSuites: - type: boolean - sniStrict: - type: boolean - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik-lb/traefik.containo.us_tlsstores.yaml b/traefik-lb/traefik.containo.us_tlsstores.yaml deleted file mode 100644 index eef5f1f..0000000 --- a/traefik-lb/traefik.containo.us_tlsstores.yaml +++ /dev/null @@ -1,64 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: tlsstores.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: TLSStore - listKind: TLSStoreList - plural: tlsstores - singular: tlsstore - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: TLSStore is a specification for a TLSStore resource. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSStoreSpec configures a TLSStore resource. - properties: - defaultCertificate: - description: DefaultCertificate holds a secret name for the TLSOption - resource. - properties: - secretName: - description: SecretName is the name of the referenced Kubernetes - Secret to specify the certificate details. - type: string - required: - - secretName - type: object - required: - - defaultCertificate - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/traefik-lb/traefik.containo.us_traefikservices.yaml b/traefik-lb/traefik.containo.us_traefikservices.yaml deleted file mode 100644 index 61f2aa9..0000000 --- a/traefik-lb/traefik.containo.us_traefikservices.yaml +++ /dev/null @@ -1,270 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.2 - creationTimestamp: null - name: traefikservices.traefik.containo.us -spec: - group: traefik.containo.us - names: - kind: TraefikService - listKind: TraefikServiceList - plural: traefikservices - singular: traefikservice - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: TraefikService is the specification for a service (that an IngressRoute - refers to) that is usually not a terminal service (i.e. not a pod of servers), - as opposed to a Kubernetes Service. That is to say, it usually refers to - other (children) services, which themselves can be TraefikServices or Services. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServiceSpec defines whether a TraefikService is a load-balancer - of services or a mirroring service. - properties: - mirroring: - description: Mirroring defines a mirroring service, which is composed - of a main load-balancer, and a list of mirrors. - properties: - kind: - enum: - - Service - - TraefikService - type: string - maxBodySize: - format: int64 - type: integer - mirrors: - items: - description: MirrorService defines one of the mirrors of a Mirroring - service. - properties: - kind: - enum: - - Service - - TraefikService - type: string - name: - description: Name is a reference to a Kubernetes Service - object (for a load-balancer of servers), or to a TraefikService - object (service load-balancer, mirroring, etc). The differentiation - between the two is specified in the Kind field. - type: string - namespace: - type: string - passHostHeader: - type: boolean - percent: - type: integer - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding holds configuration for - the forward of the response. - properties: - flushInterval: - type: string - type: object - scheme: - type: string - serversTransport: - type: string - sticky: - description: Sticky holds the sticky configuration. - properties: - cookie: - description: Cookie holds the sticky configuration based - on cookie. - properties: - httpOnly: - type: boolean - name: - type: string - sameSite: - type: string - secure: - type: boolean - type: object - type: object - strategy: - type: string - weight: - description: Weight should only be specified when Name references - a TraefikService object (and to be precise, one that embeds - a Weighted Round Robin). - type: integer - required: - - name - type: object - type: array - name: - description: Name is a reference to a Kubernetes Service object - (for a load-balancer of servers), or to a TraefikService object - (service load-balancer, mirroring, etc). The differentiation - between the two is specified in the Kind field. - type: string - namespace: - type: string - passHostHeader: - type: boolean - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding holds configuration for the forward - of the response. - properties: - flushInterval: - type: string - type: object - scheme: - type: string - serversTransport: - type: string - sticky: - description: Sticky holds the sticky configuration. - properties: - cookie: - description: Cookie holds the sticky configuration based on - cookie. - properties: - httpOnly: - type: boolean - name: - type: string - sameSite: - type: string - secure: - type: boolean - type: object - type: object - strategy: - type: string - weight: - description: Weight should only be specified when Name references - a TraefikService object (and to be precise, one that embeds - a Weighted Round Robin). - type: integer - required: - - name - type: object - weighted: - description: WeightedRoundRobin defines a load-balancer of services. - properties: - services: - items: - description: Service defines an upstream to proxy traffic. - properties: - kind: - enum: - - Service - - TraefikService - type: string - name: - description: Name is a reference to a Kubernetes Service - object (for a load-balancer of servers), or to a TraefikService - object (service load-balancer, mirroring, etc). The differentiation - between the two is specified in the Kind field. - type: string - namespace: - type: string - passHostHeader: - type: boolean - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - responseForwarding: - description: ResponseForwarding holds configuration for - the forward of the response. - properties: - flushInterval: - type: string - type: object - scheme: - type: string - serversTransport: - type: string - sticky: - description: Sticky holds the sticky configuration. - properties: - cookie: - description: Cookie holds the sticky configuration based - on cookie. - properties: - httpOnly: - type: boolean - name: - type: string - sameSite: - type: string - secure: - type: boolean - type: object - type: object - strategy: - type: string - weight: - description: Weight should only be specified when Name references - a TraefikService object (and to be precise, one that embeds - a Weighted Round Robin). - type: integer - required: - - name - type: object - type: array - sticky: - description: Sticky holds the sticky configuration. - properties: - cookie: - description: Cookie holds the sticky configuration based on - cookie. - properties: - httpOnly: - type: boolean - name: - type: string - sameSite: - type: string - secure: - type: boolean - type: object - type: object - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vaultwarden/deployment.yaml b/vaultwarden/deployment.yaml new file mode 100644 index 0000000..816e11e --- /dev/null +++ b/vaultwarden/deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: vaultwarden +spec: + replicas: 1 + selector: + matchLabels: + app: vaultwarden + template: + metadata: + labels: + app: vaultwarden + spec: + containers: + - name: vaultwarden + image: vaultwarden/server + ports: + - containerPort: 80 + env: + - name: SIGNUPS_ALLOWED + value: "true" + - name: DATABASE_URL + value: "mysql://root:example@127.0.0.1:3306/vaultwarden" + - name: mariadb + image: mariadb + env: + - name: MARIADB_ROOT_PASSWORD + value: "example" + - name: MARIADB_DATABASE + value: "vaultwarden" + diff --git a/vaultwarden/ingress.yaml b/vaultwarden/ingress.yaml new file mode 100644 index 0000000..65b24f3 --- /dev/null +++ b/vaultwarden/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden-ingress + namespace: vaultwarden + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + tls: + - secretName: vaultwarden-beta-tls + hosts: + - bitwarden.beta.halia.dev + rules: + - host: bitwarden.beta.halia.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vaultwarden-svc + port: + number: 80 diff --git a/vaultwarden/service.yaml b/vaultwarden/service.yaml new file mode 100644 index 0000000..471c7aa --- /dev/null +++ b/vaultwarden/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden-svc + namespace: vaultwarden +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + app: vaultwarden