From 12f0ca23882286475118d6c949598c1bcac84fa8 Mon Sep 17 00:00:00 2001 From: DeveloperDurp Date: Sun, 16 Mar 2025 13:24:13 -0500 Subject: [PATCH] update --- dmz/internalproxy/templates/authentik.yaml | 0 dmz/internalproxy/templates/gitea.yaml | 72 ++++++++ dmz/internalproxy/templates/kasm.yaml | 72 ++++++++ dmz/internalproxy/templates/nexus.yaml | 71 +++++++ dmz/internalproxy/templates/ollama.yaml | 203 +++++++++++---------- dmz/internalproxy/templates/plex.yaml | 72 ++++++++ dmz/internalproxy/templates/redlib.yaml | 68 +++++++ dmz/internalproxy/templates/registry.yaml | 71 +++++++ dmz/internalproxy/templates/smokeping.yaml | 82 +++++++++ dmz/internalproxy/templates/speedtest.yaml | 74 ++++++++ 10 files changed, 684 insertions(+), 101 deletions(-) delete mode 100644 dmz/internalproxy/templates/authentik.yaml create mode 100644 dmz/internalproxy/templates/gitea.yaml create mode 100644 dmz/internalproxy/templates/kasm.yaml create mode 100644 dmz/internalproxy/templates/nexus.yaml create mode 100644 dmz/internalproxy/templates/plex.yaml create mode 100644 dmz/internalproxy/templates/redlib.yaml create mode 100644 dmz/internalproxy/templates/registry.yaml create mode 100644 dmz/internalproxy/templates/smokeping.yaml create mode 100644 dmz/internalproxy/templates/speedtest.yaml diff --git a/dmz/internalproxy/templates/authentik.yaml b/dmz/internalproxy/templates/authentik.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/dmz/internalproxy/templates/gitea.yaml b/dmz/internalproxy/templates/gitea.yaml new file mode 100644 index 0000000..0bde4e4 --- /dev/null +++ b/dmz/internalproxy/templates/gitea.yaml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitea +spec: + ports: + - name: app + port: 3000 + protocol: TCP + targetPort: 3000 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: gitea +subsets: + - addresses: + - ip: 192.168.20.200 + ports: + - name: app + port: 3000 + protocol: TCP + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: gitea-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`gitea.durp.info`) && PathPrefix(`/`) + kind: Rule + services: + - name: gitea + port: 3000 + scheme: http + tls: + secretName: gitea-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: gitea-tls +spec: + secretName: gitea-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "gitea.durp.info" + dnsNames: + - "gitea.durp.info" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: gitea-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: gitea.durp.info +spec: + type: ExternalName + externalName: durp.info diff --git a/dmz/internalproxy/templates/kasm.yaml b/dmz/internalproxy/templates/kasm.yaml new file mode 100644 index 0000000..7f756e0 --- /dev/null +++ b/dmz/internalproxy/templates/kasm.yaml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: Service +metadata: + name: kasm +spec: + ports: + - name: app + port: 443 + protocol: TCP + targetPort: 443 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: kasm +subsets: + - addresses: + - ip: 192.168.20.104 + ports: + - name: app + port: 443 + protocol: TCP + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: kasm-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`kasm.durp.info`) && PathPrefix(`/`) + kind: Rule + services: + - name: kasm + port: 443 + scheme: https + tls: + secretName: kasm-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: kasm-tls +spec: + secretName: kasm-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "kasm.durp.info" + dnsNames: + - "kasm.durp.info" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: kasm-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: kasm.durp.info +spec: + type: ExternalName + externalName: durp.info diff --git a/dmz/internalproxy/templates/nexus.yaml b/dmz/internalproxy/templates/nexus.yaml new file mode 100644 index 0000000..5d3632e --- /dev/null +++ b/dmz/internalproxy/templates/nexus.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: Service +metadata: + name: nexus +spec: + ports: + - name: app + port: 8081 + protocol: TCP + targetPort: 8081 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: nexus +subsets: +- addresses: + - ip: 192.168.20.200 + ports: + - name: app + port: 8081 + protocol: TCP + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nexus-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`nexus.durp.info`) && PathPrefix(`/`) + kind: Rule + services: + - name: nexus + port: 8081 + tls: + secretName: nexus-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nexus-tls +spec: + secretName: nexus-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "nexus.durp.info" + dnsNames: + - "nexus.durp.info" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: nexus-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: nexus.durp.info +spec: + type: ExternalName + externalName: durp.info diff --git a/dmz/internalproxy/templates/ollama.yaml b/dmz/internalproxy/templates/ollama.yaml index d5dc745..75e8691 100644 --- a/dmz/internalproxy/templates/ollama.yaml +++ b/dmz/internalproxy/templates/ollama.yaml @@ -1,101 +1,102 @@ -#apiVersion: external-secrets.io/v1beta1 -#kind: ExternalSecret -#metadata: -# name: ollama-secret -#spec: -# secretStoreRef: -# name: vault -# kind: ClusterSecretStore -# target: -# name: ollama-secret -# data: -# - secretKey: users -# remoteRef: -# key: secrets/internalproxy/ollama -# property: users -# -#--- -# -#apiVersion: traefik.containo.us/v1alpha1 -#kind: Middleware -#metadata: -# name: ollama-basic-auth -#spec: -# basicAuth: -# secret: ollama-secret -# -#--- -# -#apiVersion: v1 -#kind: Service -#metadata: -# name: ollama -#spec: -# ports: -# - name: app -# port: 11435 -# protocol: TCP -# targetPort: 11435 -# clusterIP: None -# type: ClusterIP -# -#--- -# -#apiVersion: v1 -#kind: Endpoints -#metadata: -# name: ollama -#subsets: -# - addresses: -# - ip: 192.168.20.104 -# ports: -# - name: app -# port: 11435 -# protocol: TCP -# -#--- -# -#apiVersion: traefik.containo.us/v1alpha1 -#kind: IngressRoute -#metadata: -# name: ollama-ingress -#spec: -# entryPoints: -# - websecure -# routes: -# - match: Host(`ollama.durp.info`) && PathPrefix(`/`) -# middlewares: -# - name: ollama-basic-auth -# kind: Rule -# services: -# - name: ollama -# port: 11435 -# tls: -# secretName: ollama-tls -# -#--- -# -#apiVersion: cert-manager.io/v1 -#kind: Certificate -#metadata: -# name: ollama-tls -#spec: -# secretName: ollama-tls -# issuerRef: -# name: letsencrypt-production -# kind: ClusterIssuer -# commonName: "ollama.durp.info" -# dnsNames: -# - "ollama.durp.info" -# -#--- -# -#kind: Service -#apiVersion: v1 -#metadata: -# name: ollama-external-dns -# annotations: -# external-dns.alpha.kubernetes.io/hostname: ollama.durp.info -#spec: -# type: ExternalName -# externalName: durp.info +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ollama-secret +spec: + secretStoreRef: + name: vault + kind: ClusterSecretStore + target: + name: ollama-secret + data: + - secretKey: users + remoteRef: + key: secrets/internalproxy/ollama + property: users + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: ollama-basic-auth +spec: + basicAuth: + headerField: x-api-key + secret: ollama-secret + +--- + +apiVersion: v1 +kind: Service +metadata: + name: ollama +spec: + ports: + - name: app + port: 11435 + protocol: TCP + targetPort: 11435 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: ollama +subsets: + - addresses: + - ip: 192.168.20.104 + ports: + - name: app + port: 11435 + protocol: TCP + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: ollama-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`ollama.durp.info`) && PathPrefix(`/`) + middlewares: + - name: ollama-basic-auth + kind: Rule + services: + - name: ollama + port: 11435 + tls: + secretName: ollama-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ollama-tls +spec: + secretName: ollama-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "ollama.durp.info" + dnsNames: + - "ollama.durp.info" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: ollama-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: ollama.durp.info +spec: + type: ExternalName + externalName: durp.info diff --git a/dmz/internalproxy/templates/plex.yaml b/dmz/internalproxy/templates/plex.yaml new file mode 100644 index 0000000..45bba44 --- /dev/null +++ b/dmz/internalproxy/templates/plex.yaml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: Service +metadata: + name: plex +spec: + ports: + - name: app + port: 32400 + protocol: TCP + targetPort: 32400 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: plex +subsets: + - addresses: + - ip: 192.168.20.200 + ports: + - name: app + port: 32400 + protocol: TCP + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: plex-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`plex.durp.info`) && PathPrefix(`/`) + kind: Rule + services: + - name: plex + port: 32400 + scheme: https + tls: + secretName: plex-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: plex-tls +spec: + secretName: plex-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "plex.durp.info" + dnsNames: + - "plex.durp.info" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: plex-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: plex.durp.info +spec: + type: ExternalName + externalName: durp.info diff --git a/dmz/internalproxy/templates/redlib.yaml b/dmz/internalproxy/templates/redlib.yaml new file mode 100644 index 0000000..b71e4c3 --- /dev/null +++ b/dmz/internalproxy/templates/redlib.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + name: redlib +spec: + ports: + - name: app + port: 8082 + protocol: TCP + targetPort: 8082 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: redlib +subsets: +- addresses: + - ip: 192.168.20.200 + ports: + - name: app + port: 8082 + protocol: TCP + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: redlib-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`redlib.durp.info`) && PathPrefix(`/`) + middlewares: + - name: authentik-proxy-provider + namespace: traefik + kind: Rule + services: + - name: redlib + port: 8082 + - match: Host(`redlib.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) + kind: Rule + services: + - name: ak-outpost-authentik-embedded-outpost + namespace: authentik + port: 9000 + tls: + secretName: redlib-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: redlib-tls +spec: + secretName: redlib-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "redlib.durp.info" + dnsNames: + - "redlib.durp.info" diff --git a/dmz/internalproxy/templates/registry.yaml b/dmz/internalproxy/templates/registry.yaml new file mode 100644 index 0000000..1906614 --- /dev/null +++ b/dmz/internalproxy/templates/registry.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: Service +metadata: + name: registry +spec: + ports: + - name: app + port: 5000 + protocol: TCP + targetPort: 5000 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: registry +subsets: +- addresses: + - ip: 192.168.20.200 + ports: + - name: app + port: 5000 + protocol: TCP + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: registry-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`registry.durp.info`) && PathPrefix(`/`) + kind: Rule + services: + - name: registry + port: 5000 + tls: + secretName: registry-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: registry-tls +spec: + secretName: registry-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "registry.durp.info" + dnsNames: + - "registry.durp.info" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: registry-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: registry.durp.info +spec: + type: ExternalName + externalName: durp.info diff --git a/dmz/internalproxy/templates/smokeping.yaml b/dmz/internalproxy/templates/smokeping.yaml new file mode 100644 index 0000000..9840993 --- /dev/null +++ b/dmz/internalproxy/templates/smokeping.yaml @@ -0,0 +1,82 @@ +apiVersion: v1 +kind: Service +metadata: + name: smokeping +spec: + ports: + - name: app + port: 81 + protocol: TCP + targetPort: 81 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: smokeping +subsets: +- addresses: + - ip: 192.168.20.200 + ports: + - name: app + port: 81 + protocol: TCP + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: smokeping-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`smokeping.durp.info`) && PathPrefix(`/`) + middlewares: + - name: whitelist + namespace: traefik + - name: authentik-proxy-provider + namespace: traefik + kind: Rule + services: + - name: smokeping + port: 81 + - match: Host(`smokeping.durp.info`) && PathPrefix(`/outpost.goauthentik.io`) + kind: Rule + services: + - name: ak-outpost-authentik-embedded-outpost + namespace: authentik + port: 9000 + tls: + secretName: smokeping-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: smokeping-tls +spec: + secretName: smokeping-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "smokeping.durp.info" + dnsNames: + - "smokeping.durp.info" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: smokeping-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: smokeping.durp.info +spec: + type: ExternalName + externalName: durp.info diff --git a/dmz/internalproxy/templates/speedtest.yaml b/dmz/internalproxy/templates/speedtest.yaml new file mode 100644 index 0000000..275b708 --- /dev/null +++ b/dmz/internalproxy/templates/speedtest.yaml @@ -0,0 +1,74 @@ +apiVersion: v1 +kind: Service +metadata: + name: speedtest +spec: + ports: + - name: app + port: 6580 + protocol: TCP + targetPort: 6580 + clusterIP: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Endpoints +metadata: + name: speedtest +subsets: +- addresses: + - ip: 192.168.20.200 + ports: + - name: app + port: 6580 + protocol: TCP + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: speedtest-ingress +spec: + entryPoints: + - websecure + routes: + - match: Host(`speedtest.durp.info`) && PathPrefix(`/`) + kind: Rule + middlewares: + - name: authentik-proxy-provider + namespace: traefik + services: + - name: speedtest + port: 6580 + tls: + secretName: speedtest-tls + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: speedtest-tls +spec: + secretName: speedtest-tls + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + commonName: "speedtest.durp.info" + dnsNames: + - "speedtest.durp.info" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: speedtest-external-dns + annotations: + external-dns.alpha.kubernetes.io/hostname: speedtest.durp.info +spec: + type: ExternalName + externalName: durp.info