Răsfoiți Sursa

add recreate to deployments, add lanonly middleware

Josh Bicking 3 luni în urmă
părinte
comite
57158a706e

+ 2 - 0
backup/minio.yaml

@@ -10,6 +10,8 @@ metadata:
   name: minio
   namespace: minio
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: minio

+ 3 - 1
bazarr.yaml

@@ -74,4 +74,6 @@ spec:
     - kind: Service
       name: bazarr-service
       port: 6767
-
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 3 - 1
diun.yaml

@@ -43,6 +43,8 @@ metadata:
   namespace: diun
   name: diun
 spec:
+  strategy:
+    type: Recreate
   replicas: 1
   selector:
     matchLabels:
@@ -92,4 +94,4 @@ spec:
       volumes:
         - name: data
           persistentVolumeClaim:
-            claimName: diun-pvc
+            claimName: diun-pvc

+ 5 - 1
duplicati.yaml

@@ -5,6 +5,8 @@ metadata:
   name: duplicati
   namespace: plex
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: duplicati
@@ -118,4 +120,6 @@ spec:
     - kind: Service
       name: duplicati-service
       port: 8200
-
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 2 - 0
gogs.yaml

@@ -10,6 +10,8 @@ metadata:
   name: gogs
   namespace: gogs
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: gogs

+ 10 - 0
homeassistant.yaml

@@ -5,6 +5,8 @@ metadata:
   name: homeassistant
   namespace: homeassistant
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: homeassistant
@@ -75,6 +77,8 @@ metadata:
   name: whisper
   namespace: homeassistant
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: whisper
@@ -122,6 +126,8 @@ metadata:
   name: piper
   namespace: homeassistant
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: piper
@@ -167,6 +173,8 @@ metadata:
   name: openwakeword
   namespace: homeassistant
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: openwakeword
@@ -214,6 +222,8 @@ metadata:
   name: mosquitto
   namespace: homeassistant
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: mosquitto

+ 2 - 0
jellyfin.yaml

@@ -10,6 +10,8 @@ metadata:
   name: jellyfin
   namespace: plex
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: jellyfin

+ 3 - 1
lidarr.yaml

@@ -74,4 +74,6 @@ spec:
     - kind: Service
       name: lidarr-service
       port: 8686
-
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 2 - 0
mastodon.yaml

@@ -40,6 +40,8 @@ metadata:
   name: mastodon
   namespace: mastodon
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: mastodon

+ 2 - 0
matrix.yaml

@@ -25,6 +25,8 @@ metadata:
   name: matrix
   namespace: matrix
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: matrix

+ 2 - 0
miniflux.yaml

@@ -10,6 +10,8 @@ metadata:
   name: miniflux
   namespace: miniflux
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: miniflux

+ 3 - 1
monitoring/grafana/grafana-deployment.yaml

@@ -6,6 +6,8 @@ metadata:
   name: grafana
   namespace: monitoring
 spec:
+  strategy:
+    type: Recreate
   replicas: 1
   selector:
     matchLabels:
@@ -45,4 +47,4 @@ spec:
       volumes:
         - name: grafana-storage
           persistentVolumeClaim:
-            claimName: grafana-pvc
+            claimName: grafana-pvc

+ 3 - 1
monitoring/grafana/grafana-ingressroute.yaml

@@ -14,4 +14,6 @@ spec:
     - kind: Service
       name: grafana
       port: 3000
-
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 3 - 2
monitoring/prometheus/prometheus-ingressroute.yaml

@@ -14,5 +14,6 @@ spec:
     - kind: Service
       name: prometheus
       port: 9090
-
-
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 3 - 1
ntfy.yaml

@@ -23,6 +23,8 @@ metadata:
   name: ntfy
   namespace: ntfy
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: ntfy
@@ -71,4 +73,4 @@ spec:
     app: ntfy
   ports:
   - port: 80
-    targetPort: 80
+    targetPort: 80

+ 3 - 1
prowlarr.yaml

@@ -67,4 +67,6 @@ spec:
     - kind: Service
       name: prowlarr-service
       port: 9696
-
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 3 - 1
radarr.yaml

@@ -74,4 +74,6 @@ spec:
     - kind: Service
       name: radarr-service
       port: 7878
-
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 3 - 0
rook/ingress.yaml

@@ -14,3 +14,6 @@ spec:
     - kind: Service
       name: rook-ceph-mgr-dashboard
       port: 8080
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 1 - 2
rook/rook-ceph-cluster-values.yaml

@@ -96,8 +96,7 @@ cephClusterSpec:
     # versions running within the cluster. See tags available at https://hub.docker.com/r/ceph/ceph/tags/.
     # If you want to be more precise, you can always use a timestamp tag such as quay.io/ceph/ceph:v18.2.2-20240311
     # This tag might not contain a new Ceph version, just security fixes from the underlying operating system, which will reduce vulnerabilities
-    # image: quay.io/ceph/ceph:v18.2.2
-    image: quay.io/ceph/ceph:v17.2.7
+    image: quay.io/ceph/ceph:v18.2.4
     # Whether to allow unsupported versions of Ceph. Currently `quincy`, and `reef` are supported.
     # Future versions such as `squid` (v19) would require this to be set to `true`.
     # Do not set to true in production.

+ 2 - 0
selfoss.yaml

@@ -25,6 +25,8 @@ metadata:
   name: selfoss
   namespace: selfoss
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: selfoss

+ 1 - 1
shelly-plug-exporter.yaml

@@ -28,7 +28,7 @@ spec:
           name: metrics
         env:
         - name: SHELLY_HOST_SHELLYPLUSES
-          value: 172.16.69.85,172.16.69.173
+          value: 172.16.69.85,172.16.69.173,172.16.69.14
         - name: SHELLY_AUTH_USERNAME
           value: admin
         - name: SHELLY_AUTH_PASSWORD

+ 3 - 0
sonarr.yaml

@@ -74,3 +74,6 @@ spec:
     - kind: Service
       name: sonarr-service
       port: 8989
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 2 - 0
syncthing.yaml

@@ -5,6 +5,8 @@ metadata:
   namespace: plex
   name: syncthing
 spec:
+  strategy:
+    type: Recreate
   replicas: 1
   selector:
     matchLabels:

+ 6 - 1
tautulli.yaml

@@ -5,6 +5,8 @@ metadata:
   name: tautulli
   namespace: plex
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: tautulli
@@ -16,7 +18,7 @@ spec:
     spec:
       containers:
       - name: tautulli
-        image: linuxserver/tautulli:2.14.3
+        image: linuxserver/tautulli:2.14.4
         ports:
         - containerPort: 8181
           name: http-web-svc
@@ -65,3 +67,6 @@ spec:
     - kind: Service
       name: tautulli-service
       port: 8181
+    middlewares:
+    - name: lanonly
+      namespace: kube-system

+ 13 - 0
traefik-configmap.yaml → traefik/configmap.yaml

@@ -4,12 +4,21 @@ metadata:
   name: traefik-config
   namespace: kube-system
 data:
+  middlewares.yaml: |
+    http:
+      middlewares:
+        lanonly:
+          ipWhiteList:
+            sourceRange:
+              - 172.16.69.0/24
   octoprint.yaml: |
     http:
       routers:
         octoprint:
           rule: Host(`octoprint.lan.jibby.org`)
           service: octoprint
+          middlewares:
+            - "lanonly"
       services:
         octoprint:
           loadBalancer:
@@ -21,6 +30,8 @@ data:
         pikvm:
           rule: Host(`pikvm.lan.jibby.org`)
           service: pikvm
+          middlewares:
+            - "lanonly"
       services:
         pikvm:
           loadBalancer:
@@ -36,6 +47,8 @@ data:
         proxmox:
           rule: Host(`proxmox.lan.jibby.org`)
           service: proxmox
+          middlewares:
+            - "lanonly"
       services:
         proxmox:
           loadBalancer:

+ 1 - 0
traefik-dashboard.yaml → traefik/dashboard.yaml

@@ -1,3 +1,4 @@
+# TODO redo this as a .lan domain
 # k3s doesn't expose the traefik dashboard in a service by default
 apiVersion: v1
 kind: Service

+ 5 - 0
traefik-helmchartconfig.yaml → traefik/helmchartconfig.yaml

@@ -88,6 +88,11 @@ spec:
         # Required to show real IP to proxied services
         externalTrafficPolicy: Local
 
+    providers:
+      kubernetesCRD:
+        # Allows IngressRoutes to use middleware from a different namespace
+        allowCrossNamespace: true
+
     # pin pod to cluster-ingress node, so ServiceLB gives it the right external IP
     affinity:
       nodeAffinity:

+ 10 - 0
traefik/middleware-lanonly.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: lanonly
+  namespace: kube-system
+spec:
+  ipWhiteList:
+    sourceRange:
+      - 172.16.69.0/24

+ 2 - 0
vaultwarden.yaml

@@ -10,6 +10,8 @@ metadata:
   name: vaultwarden
   namespace: vaultwarden
 spec:
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: vaultwarden