From f4f6745c27d6fe1da75a0281c7f96c95639a254e Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Sat, 23 Oct 2021 17:57:14 +0100 Subject: [PATCH] Use tailscale for auth proxy Signed-off-by: Marcus Noble --- manifests/_apps/argocd.yaml | 24 --- manifests/_apps/auth-proxy.yaml | 2 +- manifests/_apps/code-server.yaml | 24 --- manifests/_apps/downloads.yaml | 24 --- manifests/_apps/inlets.yaml | 24 --- manifests/_apps/jackett.yaml | 24 --- manifests/_apps/printer.yaml | 24 --- manifests/_apps/radarr.yaml | 24 --- manifests/_apps/sonarr.yaml | 24 --- manifests/_apps/transmission.yaml | 24 --- manifests/argocd/argocd.yaml | 27 --- manifests/auth-proxy/auth-proxy.yaml | 66 +++++- manifests/auth-proxy/ingress.yaml | 135 +++++++++++++ manifests/code-server/code-server.yaml | 25 --- manifests/downloads/downloads.yaml | 27 --- manifests/inlets/inlets.yaml | 247 ----------------------- manifests/jackett/jackett.yaml | 27 --- manifests/printer/printer.yaml | 27 --- manifests/radarr/radarr.yaml | 27 --- manifests/sonarr/sonarr.yaml | 27 --- manifests/transmission/transmission.yaml | 27 --- 21 files changed, 194 insertions(+), 686 deletions(-) delete mode 100644 manifests/_apps/argocd.yaml delete mode 100644 manifests/_apps/code-server.yaml delete mode 100644 manifests/_apps/downloads.yaml delete mode 100644 manifests/_apps/inlets.yaml delete mode 100644 manifests/_apps/jackett.yaml delete mode 100644 manifests/_apps/printer.yaml delete mode 100644 manifests/_apps/radarr.yaml delete mode 100644 manifests/_apps/sonarr.yaml delete mode 100644 manifests/_apps/transmission.yaml delete mode 100644 manifests/argocd/argocd.yaml create mode 100644 manifests/auth-proxy/ingress.yaml delete mode 100644 manifests/code-server/code-server.yaml delete mode 100644 manifests/downloads/downloads.yaml delete mode 100644 manifests/inlets/inlets.yaml delete mode 100644 manifests/jackett/jackett.yaml delete mode 100644 manifests/printer/printer.yaml delete mode 100644 manifests/radarr/radarr.yaml delete mode 100644 manifests/sonarr/sonarr.yaml delete mode 100644 manifests/transmission/transmission.yaml diff --git a/manifests/_apps/argocd.yaml b/manifests/_apps/argocd.yaml deleted file mode 100644 index 1e8bce1..0000000 --- a/manifests/_apps/argocd.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: argocd - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: inlets - name: cluster-fun (scaleway) - source: - path: manifests/argocd - repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" - targetRevision: HEAD - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - kind: Secret - jsonPointers: - - /data diff --git a/manifests/_apps/auth-proxy.yaml b/manifests/_apps/auth-proxy.yaml index 45b2ad4..3c81525 100644 --- a/manifests/_apps/auth-proxy.yaml +++ b/manifests/_apps/auth-proxy.yaml @@ -8,7 +8,7 @@ metadata: spec: project: cluster.fun destination: - namespace: inlets + namespace: auth-proxy name: cluster-fun (scaleway) source: path: manifests/auth-proxy diff --git a/manifests/_apps/code-server.yaml b/manifests/_apps/code-server.yaml deleted file mode 100644 index 563d7a3..0000000 --- a/manifests/_apps/code-server.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: code-server - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: inlets - name: cluster-fun (scaleway) - source: - path: manifests/code-server - repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" - targetRevision: HEAD - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - kind: Secret - jsonPointers: - - /data diff --git a/manifests/_apps/downloads.yaml b/manifests/_apps/downloads.yaml deleted file mode 100644 index 211e72d..0000000 --- a/manifests/_apps/downloads.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: downloads - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: inlets - name: cluster-fun (scaleway) - source: - path: manifests/downloads - repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" - targetRevision: HEAD - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - kind: Secret - jsonPointers: - - /data diff --git a/manifests/_apps/inlets.yaml b/manifests/_apps/inlets.yaml deleted file mode 100644 index 5eb7c52..0000000 --- a/manifests/_apps/inlets.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: inlets - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: inlets - name: cluster-fun (scaleway) - source: - path: manifests/inlets - repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" - targetRevision: HEAD - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - kind: Secret - jsonPointers: - - /data diff --git a/manifests/_apps/jackett.yaml b/manifests/_apps/jackett.yaml deleted file mode 100644 index ce92a8e..0000000 --- a/manifests/_apps/jackett.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: jackett - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: inlets - name: cluster-fun (scaleway) - source: - path: manifests/jackett - repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" - targetRevision: HEAD - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - kind: Secret - jsonPointers: - - /data diff --git a/manifests/_apps/printer.yaml b/manifests/_apps/printer.yaml deleted file mode 100644 index 8036862..0000000 --- a/manifests/_apps/printer.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: printer - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: inlets - name: cluster-fun (scaleway) - source: - path: manifests/printer - repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" - targetRevision: HEAD - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - kind: Secret - jsonPointers: - - /data diff --git a/manifests/_apps/radarr.yaml b/manifests/_apps/radarr.yaml deleted file mode 100644 index 4872704..0000000 --- a/manifests/_apps/radarr.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: radarr - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: inlets - name: cluster-fun (scaleway) - source: - path: manifests/radarr - repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" - targetRevision: HEAD - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - kind: Secret - jsonPointers: - - /data diff --git a/manifests/_apps/sonarr.yaml b/manifests/_apps/sonarr.yaml deleted file mode 100644 index 427bcdf..0000000 --- a/manifests/_apps/sonarr.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: sonarr - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: inlets - name: cluster-fun (scaleway) - source: - path: manifests/sonarr - repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" - targetRevision: HEAD - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - kind: Secret - jsonPointers: - - /data diff --git a/manifests/_apps/transmission.yaml b/manifests/_apps/transmission.yaml deleted file mode 100644 index 14c9279..0000000 --- a/manifests/_apps/transmission.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: transmission - namespace: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: cluster.fun - destination: - namespace: inlets - name: cluster-fun (scaleway) - source: - path: manifests/transmission - repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" - targetRevision: HEAD - syncPolicy: - automated: {} - syncOptions: - - CreateNamespace=true - ignoreDifferences: - - kind: Secret - jsonPointers: - - /data diff --git a/manifests/argocd/argocd.yaml b/manifests/argocd/argocd.yaml deleted file mode 100644 index 41cd18e..0000000 --- a/manifests/argocd/argocd.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: argo - namespace: inlets - labels: - app: argo - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - ingressClassName: nginx - tls: - - hosts: - - argo.cluster.fun - secretName: argo-ingress - rules: - - host: argo.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: auth-proxy - port: - number: 80 diff --git a/manifests/auth-proxy/auth-proxy.yaml b/manifests/auth-proxy/auth-proxy.yaml index 06d0cc1..8b42f48 100644 --- a/manifests/auth-proxy/auth-proxy.yaml +++ b/manifests/auth-proxy/auth-proxy.yaml @@ -1,18 +1,33 @@ apiVersion: v1 +kind: Namespace +metadata: + name: auth-proxy +--- +apiVersion: v1 kind: Secret metadata: name: auth-proxy - namespace: inlets + namespace: auth-proxy annotations: kube-1password: mr6spkkx7n3memkbute6ojaarm kube-1password/vault: Kubernetes type: Opaque --- +apiVersion: v1 +kind: Secret +metadata: + name: tailscale-auth + namespace: auth-proxy + annotations: + kube-1password: 2cqycmsgv5r7vcyvjpblcl2l4y + kube-1password/vault: Kubernetes +type: Opaque +--- apiVersion: apps/v1 kind: Deployment metadata: name: auth-proxy - namespace: inlets + namespace: auth-proxy labels: app: auth-proxy spec: @@ -25,13 +40,19 @@ spec: labels: app: auth-proxy spec: + dnsPolicy: None + dnsConfig: + nameservers: + - 100.100.100.100 containers: - - args: + - name: oauth-proxy + image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.0 + args: - --cookie-secure=false - --provider=oidc - --provider-display-name=Auth0 - - --upstream=http://inlets.inlets.svc.cluster.local - - --http-address=$(HOST_IP):8080 + - --upstream=http://talos.averagemarcus.github.beta.tailscale.net + - --http-address=0.0.0.0:8080 - --email-domain=* - --pass-basic-auth=false - --pass-access-token=false @@ -54,8 +75,6 @@ spec: secretKeyRef: key: password name: auth-proxy - image: quay.io/oauth2-proxy/oauth2-proxy:v6.1.1 - name: oauth-proxy ports: - containerPort: 8080 protocol: TCP @@ -64,12 +83,43 @@ spec: memory: 50Mi requests: memory: 50Mi + - name: tailscale + image: ghcr.io/tailscale/tailscale:latest + imagePullPolicy: IfNotPresent + env: + - name: AUTH_KEY + valueFrom: + secretKeyRef: + name: tailscale-auth + key: password + securityContext: + capabilities: + add: + - NET_ADMIN + command: + - sh + - -c + - | + export PATH=$PATH:/tailscale/bin + if [[ ! -d /dev/net ]]; then mkdir -p /dev/net; fi + if [[ ! -c /dev/net/tun ]]; then mknod /dev/net/tun c 10 200; fi + echo "Starting tailscaled" + tailscaled --socket=/tmp/tailscaled.sock & + PID=$! + echo "Running tailscale up" + tailscale --socket=/tmp/tailscaled.sock up \ + --accept-dns=true \ + --authkey=${AUTH_KEY} \ + --hostname=auth-proxy + echo "Re-enabling incoming traffic from the cluster" + iptables -D ts-input -s 100.64.0.0/10 ! -i tailscale0 -j DROP + wait ${PID} --- apiVersion: v1 kind: Service metadata: name: auth-proxy - namespace: inlets + namespace: auth-proxy labels: app: auth-proxy spec: diff --git a/manifests/auth-proxy/ingress.yaml b/manifests/auth-proxy/ingress.yaml new file mode 100644 index 0000000..e988624 --- /dev/null +++ b/manifests/auth-proxy/ingress.yaml @@ -0,0 +1,135 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: auth-proxy + namespace: auth-proxy + annotations: + cert-manager.io/cluster-issuer: letsencrypt + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - downloads.cluster.fun + - argo.cluster.fun + - code.cluster.fun + - home.cluster.fun + - adguard.cluster.fun + - podify.cluster.fun + - jackett.cluster.fun + - printer.cluster.fun + - radarr.cluster.fun + - sonarr.cluster.fun + - transmission.cluster.fun + secretName: auth-proxy-ingress + rules: + - host: downloads.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: argo.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: code.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: home.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: adguard.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: podify.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: jackett.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: printer.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: radarr.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: sonarr.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http + - host: transmission.cluster.fun + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: auth-proxy + port: + name: http diff --git a/manifests/code-server/code-server.yaml b/manifests/code-server/code-server.yaml deleted file mode 100644 index 4b98114..0000000 --- a/manifests/code-server/code-server.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: code - namespace: inlets - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - ingressClassName: nginx - tls: - - hosts: - - code.cluster.fun - secretName: code-ingress - rules: - - host: code.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: auth-proxy - port: - number: 80 diff --git a/manifests/downloads/downloads.yaml b/manifests/downloads/downloads.yaml deleted file mode 100644 index c3b88fc..0000000 --- a/manifests/downloads/downloads.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: downloads-auth - namespace: inlets - labels: - app: downloads-auth - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - ingressClassName: nginx - tls: - - hosts: - - downloads.cluster.fun - secretName: downloads-ingress - rules: - - host: downloads.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: auth-proxy - port: - number: 80 diff --git a/manifests/inlets/inlets.yaml b/manifests/inlets/inlets.yaml deleted file mode 100644 index 93551a2..0000000 --- a/manifests/inlets/inlets.yaml +++ /dev/null @@ -1,247 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: inlets - namespace: inlets - annotations: - kube-1password: podju6t2s2osc3vbkimyce25ti - kube-1password/vault: Kubernetes - kube-1password/password-key: token -type: Opaque ---- -apiVersion: v1 -kind: Service -metadata: - name: inlets - namespace: inlets - labels: - app: inlets -spec: - type: ClusterIP - ports: - - port: 80 - protocol: TCP - targetPort: 8000 - selector: - app: inlets ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: inlets - namespace: inlets - labels: - app: inlets -spec: - replicas: 1 - selector: - matchLabels: - app: inlets - template: - metadata: - labels: - app: inlets - spec: - containers: - - name: inlets - image: docker.cluster.fun/averagemarcus/inlets:3.0.3 - imagePullPolicy: IfNotPresent - command: ["inlets"] - args: - - "server" - - "--token-from=/var/inlets/token" - volumeMounts: - - name: inlets-token-volume - mountPath: /var/inlets/ - resources: - limits: - memory: 50Mi - requests: - memory: 50Mi - volumes: - - name: inlets-token-volume - secret: - secretName: inlets ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: inlets - namespace: inlets - annotations: - cert-manager.io/cluster-issuer: letsencrypt -spec: - tls: - - hosts: - - inlets.cluster.fun - secretName: inlets-ingress - rules: - - host: inlets.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: inlets - port: - number: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: home-assistant - namespace: inlets - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - tls: - - hosts: - - home.cluster.fun - secretName: home-assistant-ingress - rules: - - host: home.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: inlets - port: - number: 80 ---- -apiVersion: v1 -kind: Service -metadata: - name: downloads-rpc - namespace: inlets - labels: - app: inlets -spec: - type: ClusterIP - ports: - - port: 80 - protocol: TCP - targetPort: 8000 - selector: - app: inlets ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: vpn-check - namespace: inlets - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - tls: - - hosts: - - vpn-check.cluster.fun - secretName: vpn-check-ingress - rules: - - host: vpn-check.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: inlets - port: - number: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: adguard - namespace: inlets - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - tls: - - hosts: - - adguard.cluster.fun - secretName: adguard-ingress - rules: - - host: adguard.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: inlets - port: - number: 80 - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: podify - namespace: inlets - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - tls: - - hosts: - - podify.cluster.fun - secretName: podify-ingress - rules: - - host: podify.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: inlets - port: - number: 80 - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: photos - namespace: inlets - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - tls: - - hosts: - - photos.cluster.fun - secretName: photos-ingress - rules: - - host: photos.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: inlets - port: - number: 80 - ---- -kind: Service -apiVersion: v1 -metadata: - name: loki - namespace: inlets -spec: - type: ClusterIP - ports: - - port: 80 - protocol: TCP - targetPort: 8000 - selector: - app: inlets ---- diff --git a/manifests/jackett/jackett.yaml b/manifests/jackett/jackett.yaml deleted file mode 100644 index b59d2f5..0000000 --- a/manifests/jackett/jackett.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: jackett-auth - namespace: inlets - labels: - app: jackett-auth - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - ingressClassName: nginx - tls: - - hosts: - - jackett.cluster.fun - secretName: jackett-ingress - rules: - - host: jackett.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: auth-proxy - port: - number: 80 diff --git a/manifests/printer/printer.yaml b/manifests/printer/printer.yaml deleted file mode 100644 index bf22c16..0000000 --- a/manifests/printer/printer.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: printer-auth - namespace: inlets - labels: - app: printer-auth - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - tls: - - hosts: - - printer.cluster.fun - secretName: printer-ingress - rules: - - host: printer.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: auth-proxy - port: - number: 80 - diff --git a/manifests/radarr/radarr.yaml b/manifests/radarr/radarr.yaml deleted file mode 100644 index 1862c47..0000000 --- a/manifests/radarr/radarr.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: radarr - namespace: inlets - labels: - app: radarr - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - ingressClassName: nginx - tls: - - hosts: - - radarr.cluster.fun - secretName: radarr-ingress - rules: - - host: radarr.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: auth-proxy - port: - number: 80 diff --git a/manifests/sonarr/sonarr.yaml b/manifests/sonarr/sonarr.yaml deleted file mode 100644 index 56b1217..0000000 --- a/manifests/sonarr/sonarr.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: sonarr - namespace: inlets - labels: - app: sonarr - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - ingressClassName: nginx - tls: - - hosts: - - sonarr.cluster.fun - secretName: sonarr-ingress - rules: - - host: sonarr.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: auth-proxy - port: - number: 80 diff --git a/manifests/transmission/transmission.yaml b/manifests/transmission/transmission.yaml deleted file mode 100644 index 4a066e5..0000000 --- a/manifests/transmission/transmission.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: transmission - namespace: inlets - labels: - app: transmission - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - ingressClassName: nginx - tls: - - hosts: - - transmission.cluster.fun - secretName: transmission-ingress - rules: - - host: transmission.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: auth-proxy - port: - number: 80