Переглянути джерело

add lan entires for internal service access

Josh Bicking 5 місяців тому
батько
коміт
80f3e5e987
8 змінених файлів з 183 додано та 4 видалено
  1. 17 0
      bazarr.yaml
  2. 18 1
      duplicati.yaml
  3. 17 0
      lidarr.yaml
  4. 17 0
      prowlarr.yaml
  5. 17 0
      radarr.yaml
  6. 17 0
      sonarr.yaml
  7. 64 0
      traefik-configmap.yaml
  8. 16 3
      traefik-helmchartconfig.yaml

+ 17 - 0
bazarr.yaml

@@ -56,3 +56,20 @@ spec:
     protocol: TCP
     port: 6767
     targetPort: http-web-svc
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: bazarr
+  namespace: plex
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`bazarr.lan.jibby.org`)
+    services:
+    - kind: Service
+      name: bazarr-service
+      port: 6767
+

+ 18 - 1
duplicati.yaml

@@ -101,4 +101,21 @@ spec:
           - name: media2
             persistentVolumeClaim:
               claimName: media2-pvc
-          restartPolicy: OnFailure
+          restartPolicy: OnFailure
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: duplicati
+  namespace: plex
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`duplicati.lan.jibby.org`)
+    services:
+    - kind: Service
+      name: duplicati-service
+      port: 8200
+

+ 17 - 0
lidarr.yaml

@@ -56,3 +56,20 @@ spec:
     protocol: TCP
     port: 8686
     targetPort: http-web-svc
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: lidarr
+  namespace: plex
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`lidarr.lan.jibby.org`)
+    services:
+    - kind: Service
+      name: lidarr-service
+      port: 8686
+

+ 17 - 0
prowlarr.yaml

@@ -49,3 +49,20 @@ spec:
     protocol: TCP
     port: 9696
     targetPort: http-web-svc
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: prowlarr
+  namespace: plex
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`prowlarr.lan.jibby.org`)
+    services:
+    - kind: Service
+      name: prowlarr-service
+      port: 9696
+

+ 17 - 0
radarr.yaml

@@ -56,3 +56,20 @@ spec:
     protocol: TCP
     port: 7878
     targetPort: http-web-svc
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: radarr
+  namespace: plex
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`radarr.lan.jibby.org`)
+    services:
+    - kind: Service
+      name: radarr-service
+      port: 7878
+

+ 17 - 0
sonarr.yaml

@@ -56,3 +56,20 @@ spec:
     protocol: TCP
     port: 8989
     targetPort: http-web-svc
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: sonarr
+  namespace: plex
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - kind: Rule
+    match: Host(`sonarr.lan.jibby.org`)
+    services:
+    - kind: Service
+      name: sonarr-service
+      port: 8989
+

+ 64 - 0
traefik-configmap.yaml

@@ -0,0 +1,64 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: traefik-config
+  namespace: kube-system
+data:
+  octoprint.yaml: |
+    http:
+      routers:
+        octoprint:
+          rule: Host(`octoprint.lan.jibby.org`)
+          service: octoprint
+      services:
+        octoprint:
+          loadBalancer:
+            servers:
+              - url: http://172.16.69.49
+  pikvm.yaml: |
+    http:
+      routers:
+        pikvm:
+          rule: Host(`pikvm.lan.jibby.org`)
+          service: pikvm
+      services:
+        pikvm:
+          loadBalancer:
+            serversTransport: "pikvm"
+            servers:
+              - url: https://172.16.69.240
+      serversTransports:
+        pikvm:
+          insecureSkipVerify: true
+  proxmox.yaml: |
+    http:
+      routers:
+        proxmox:
+          rule: Host(`proxmox.lan.jibby.org`)
+          service: proxmox
+      services:
+        proxmox:
+          loadBalancer:
+            serversTransport: "proxmox"
+            servers:
+              - url: https://172.16.69.40:8006
+      serversTransports:
+        proxmox:
+          insecureSkipVerify: true
+  ceph.yaml: |
+    http:
+      routers:
+        ceph:
+          rule: Host(`ceph.lan.jibby.org`)
+          service: ceph
+      services:
+        ceph:
+          loadBalancer:
+            serversTransport: "ceph"
+            servers:
+              - url: https://172.16.69.30:8443
+              - url: https://172.16.69.31:8443
+              - url: https://172.16.69.32:8443
+      serversTransports:
+        ceph:
+          insecureSkipVerify: true

+ 16 - 3
traefik-helmchartconfig.yaml

@@ -6,23 +6,36 @@ metadata:
 spec:
   valuesContent: |-
     additionalArguments:
+      - "--entrypoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,172.16.69.0/24"
+      - "--entrypoints.web.http.redirections.entryPoint.to=:443"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+
       # Auto cert renewal via cloudflare
       - "--certificatesresolvers.letsencrypt.acme.email=joshbicking@comcast.net"
       - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
       - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
       - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
       - "--entrypoints.websecure.http.tls.certResolver=letsencrypt"
+
+      # Main
       - "--entrypoints.websecure.http.tls.domains[0].main=jibby.org"
       - "--entrypoints.websecure.http.tls.domains[0].sans=*.jibby.org"
-      - "--entrypoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,172.16.69.0/24"
-      - "--entrypoints.web.http.redirections.entryPoint.to=:443"
-      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      # LAN-only
+      - "--entrypoints.websecure.http.tls.domains[1].main=lan.jibby.org"
+      - "--entrypoints.websecure.http.tls.domains[1].sans=*.lan.jibby.org"
+
+      # Configuration for extra routers
+      - "--providers.file.directory=/config"
 
       - "--log.level=INFO"
       # debug, uncomment for testing
       #- "--log.level=DEBUG"
       #- "--certificatesresolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
 
+    volumes:
+      - name: traefik-config
+        mountPath: "/config"
+        type: configMap
 
     env:
       - name: CLOUDFLARE_EMAIL