Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upload

Browse Source
This commit is contained in:
Gitea Root Administrator
2026-03-09 18:29:13 +00:00
commit 5ad4f404ad
326 changed files with 178484 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
ingress-external-devices/.DS_Store vendored Normal file
View File

Binary file not shown.

5
ingress-external-devices/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Ingress-Nginx for external devices
## ingress / reverse Proxy
### ingress ressources and service ressources for Devices that are not running in Kubernetes. Like the Firewall, switches, aux1 and aux2 etc.

77
ingress-external-devices/build-node.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: v1
kind: Service
metadata:
name: build-node-cockpit
namespace: ingress-external
spec:
type: ExternalName
externalName: build-node.undercloud.local. # eg example.example.com
ports:
- port: 9090
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: build-node-cockpit
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- build-node-cockpit.apps.undercloud.dev
secretName: build-node-cockpit-tls
rules:
- host: build-node-cockpit.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: build-node-cockpit
port:
number: 9090
---
apiVersion: v1
kind: Service
metadata:
name: build-node-gitea
namespace: ingress-external
spec:
type: ExternalName
externalName: git.undercloud.local. # eg example.example.com
ports:
- port: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: build-node-gitea
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- build-node-gitea.apps.undercloud.dev
secretName: build-node-gitea-tls
rules:
- host: build-node-gitea.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: build-node-gitea
port:
number: 443

48
ingress-external-devices/coreswitch.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: v1
kind: Service
metadata:
name: coreswitch
namespace: ingress-external
spec:
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: v1
kind: Endpoints
metadata:
name: coreswitch
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.1.3
- ip: fd00:0:0:1::3
ports:
- port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: coreswitch
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts: [coreswitch.apps.undercloud.dev]
secretName: coreswitch-cockpit-tls
rules:
- host: coreswitch.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: coreswitch
port:
number: 80

123
ingress-external-devices/firewall.yaml Normal file
View File

@@ -0,0 +1,123 @@
apiVersion: v1
kind: Service
metadata:
name: firewall-admin
namespace: ingress-external
spec:
ports:
- name: https
port: 4444
targetPort: 4444
---
apiVersion: v1
kind: Endpoints
metadata:
name: firewall-admin
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.1.1 # <-- Sophos XG IP
ports:
- port: 4444
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: firewall-admin
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "firewall.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "firewall.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
# rewrite absolute redirects and cookies from Sophos
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://firewall.undercloud.local:4444/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://firewall-admin.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-cookie-domain: "firewall.undercloud.local firewall-admin.apps.undercloud.dev"
# long polls/websockets tolerance
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
# optional: lock down by source IP(s)
# nginx.ingress.kubernetes.io/whitelist-source-range: "<your-IP>/32"
spec:
tls:
- hosts: [firewall-admin.apps.undercloud.dev]
secretName: firewall-admin-tls
rules:
- host: firewall-admin.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: firewall-admin
port:
number: 4444
---
apiVersion: v1
kind: Service
metadata:
name: firewall-userportal
namespace: ingress-external
spec:
ports:
- name: https
port: 4443
targetPort: 4443
---
apiVersion: v1
kind: Endpoints
metadata:
name: firewall-userportal
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.1.1 # Sophos XG IP
ports:
- port: 4443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: firewall-userportal
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "firewall.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "firewall.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://firewall.undercloud.local:4443/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://firewall-userportal.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-cookie-domain: "firewall.undercloud.local firewall-userportal.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
tls:
- hosts: [firewall-userportal.apps.undercloud.dev]
secretName: firewall-userportal-tls
rules:
- host: firewall-userportal.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: firewall-userportal
port:
number: 4443

60
ingress-external-devices/fritzbox.yaml Normal file
View File

@@ -0,0 +1,60 @@
apiVersion: v1
kind: Service
metadata:
name: fritzbox
namespace: ingress-external
spec:
ports:
- name: https
port: 443
targetPort: 443
---
apiVersion: v1
kind: Endpoints
metadata:
name: fritzbox
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.3.251 # add v6 here too if you have one
ports:
- port: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: fritzbox
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: "fritz.box"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "fritz.box"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://fritz.box/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://fritzbox.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-cookie-domain: "fritz.box fritzbox.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
spec:
tls:
- hosts: [fritzbox.apps.undercloud.dev]
secretName: fritzbox-tls
rules:
- host: fritzbox.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: fritzbox
port:
number: 443

38
ingress-external-devices/heitzraumswitch.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: v1
kind: Service
metadata:
name: heitzraumswitch
namespace: ingress-external
spec:
type: ExternalName
externalName: heitzraumswitch.undercloud.local. # eg example.example.com
ports:
- port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: heitzraumswitch
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- heitzraumswitch.apps.undercloud.dev
secretName: heitzraumswitch-cockpit-tls
rules:
- host: heitzraumswitch.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: heitzraumswitch
port:
number: 80

121
ingress-external-devices/hyper1.yaml Normal file
View File

@@ -0,0 +1,121 @@
# === Proxmox (hyper1) on 8006 ===
apiVersion: v1
kind: Service
metadata:
name: hyper1
namespace: ingress-external
spec:
ports:
- name: https
port: 8006
targetPort: 8006
---
apiVersion: v1
kind: Endpoints
metadata:
name: hyper1
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::61
- ip: 10.0.2.61 # <-- replace with HYPER1 IP
ports:
- port: 8006
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hyper1
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: "hyper1.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "hyper1.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://hyper1.undercloud.local:8006"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://hyper1.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
ingressClassName: nginx
tls:
- hosts: [hyper1.apps.undercloud.dev]
secretName: hyper1-tls
rules:
- host: hyper1.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hyper1
port:
number: 8006
---
# === Ceph Dashboard on 8443 ===
apiVersion: v1
kind: Service
metadata:
name: hyper1-ceph
namespace: ingress-external
spec:
ports:
- name: https
port: 8443
targetPort: 8443
---
apiVersion: v1
kind: Endpoints
metadata:
name: hyper1-ceph
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::61
- ip: 10.0.2.61 # <-- replace with HYPER1 IP
ports:
- port: 8443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hyper1-ceph
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "hyper1.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "hyper1.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://hyper1.undercloud.local:8443/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://hyper1-ceph.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
tls:
- hosts: [hyper1-ceph.apps.undercloud.dev]
secretName: hyper1-ceph-tls # <-- dont reuse hyper1-tls
rules:
- host: hyper1-ceph.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hyper1-ceph
port:
number: 8443

121
ingress-external-devices/hyper2.yaml Normal file
View File

@@ -0,0 +1,121 @@
# === Proxmox (hyper2) on 8006 ===
apiVersion: v1
kind: Service
metadata:
name: hyper2
namespace: ingress-external
spec:
ports:
- name: https
port: 8006
targetPort: 8006
---
apiVersion: v1
kind: Endpoints
metadata:
name: hyper2
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::62
- ip: 10.0.2.62 # <-- replace with hyper2 IP
ports:
- port: 8006
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hyper2
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: "hyper2.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "hyper2.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://hyper2.undercloud.local:8006"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://hyper2.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
ingressClassName: nginx
tls:
- hosts: [hyper2.apps.undercloud.dev]
secretName: hyper2-tls
rules:
- host: hyper2.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hyper2
port:
number: 8006
---
# === Ceph Dashboard on 8443 ===
apiVersion: v1
kind: Service
metadata:
name: hyper2-ceph
namespace: ingress-external
spec:
ports:
- name: https
port: 8443
targetPort: 8443
---
apiVersion: v1
kind: Endpoints
metadata:
name: hyper2-ceph
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::62
- ip: 10.0.2.62 # <-- replace with hyper2 IP
ports:
- port: 8443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hyper2-ceph
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "hyper2.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "hyper2.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://hyper2.undercloud.local:8443/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://hyper2-ceph.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
tls:
- hosts: [hyper2-ceph.apps.undercloud.dev]
secretName: hyper2-ceph-tls # <-- dont reuse hyper2-tls
rules:
- host: hyper2-ceph.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hyper2-ceph
port:
number: 8443

121
ingress-external-devices/hyper3.yaml Normal file
View File

@@ -0,0 +1,121 @@
# === Proxmox (hyper3) on 8006 ===
apiVersion: v1
kind: Service
metadata:
name: hyper3
namespace: ingress-external
spec:
ports:
- name: https
port: 8006
targetPort: 8006
---
apiVersion: v1
kind: Endpoints
metadata:
name: hyper3
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::63
- ip: 10.0.2.63 # <-- replace with hyper3 IP
ports:
- port: 8006
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hyper3
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: "hyper3.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "hyper3.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://hyper3.undercloud.local:8006"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://hyper3.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
ingressClassName: nginx
tls:
- hosts: [hyper3.apps.undercloud.dev]
secretName: hyper3-tls
rules:
- host: hyper3.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hyper3
port:
number: 8006
---
# === Ceph Dashboard on 8443 ===
apiVersion: v1
kind: Service
metadata:
name: hyper3-ceph
namespace: ingress-external
spec:
ports:
- name: https
port: 8443
targetPort: 8443
---
apiVersion: v1
kind: Endpoints
metadata:
name: hyper3-ceph
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::63
- ip: 10.0.2.63 # <-- replace with hyper3 IP
ports:
- port: 8443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hyper3-ceph
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "hyper3.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "hyper3.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://hyper3.undercloud.local:8443/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://hyper3-ceph.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
tls:
- hosts: [hyper3-ceph.apps.undercloud.dev]
secretName: hyper3-ceph-tls # <-- dont reuse hyper3-tls
rules:
- host: hyper3-ceph.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hyper3-ceph
port:
number: 8443

38
ingress-external-devices/hypervisor1.yaml Normal file
View File

@@ -0,0 +1,38 @@
apiVersion: v1
kind: Service
metadata:
name: hypervisor1
namespace: ingress-external
spec:
type: ExternalName
externalName: hypervisor1.undercloud.local. # eg example.example.com
ports:
- port: 8006
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hypervisor1
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- hypervisor1.apps.undercloud.dev
secretName: hypervisor1-tls
rules:
- host: hypervisor1.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hypervisor1
port:
number: 8006

4
ingress-external-devices/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: ingress-external

120
ingress-external-devices/pbs.yaml Normal file
View File

@@ -0,0 +1,120 @@
# === Proxmox (pbs) on 8007 ===
apiVersion: v1
kind: Service
metadata:
name: pbs
namespace: ingress-external
spec:
ports:
- name: https
port: 8007
targetPort: 8007
---
apiVersion: v1
kind: Endpoints
metadata:
name: pbs
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::75
- ip: 10.0.2.75 # <-- replace with pbs IP
ports:
- port: 8007
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pbs
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: "pbs.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "pbs.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://pbs.undercloud.local:8007"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://pbs.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
ingressClassName: nginx
tls:
- hosts: [pbs.apps.undercloud.dev]
secretName: pbs-tls
rules:
- host: pbs.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: pbs
port:
number: 8007
---
# === MinIO (adjust if your MinIO uses HTTP or different port) ===
apiVersion: v1
kind: Service
metadata:
name: pbs-minio
namespace: ingress-external
spec:
ports:
- name: https
port: 9001
targetPort: 9001
---
apiVersion: v1
kind: Endpoints
metadata:
name: pbs-minio
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.2.75
- ip: fd00:0:0:2::75
ports:
- port: 9001
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pbs-minio
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # set to "HTTP" if your 9000 is plain HTTP
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: "pbs-minio.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "pbs-minio.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://pbs-minio.undercloud.local:9001/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://pbs-minio.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
tls:
- hosts: [pbs-minio.apps.undercloud.dev]
secretName: pbs-minio-tls
rules:
- host: pbs-minio.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: pbs-minio
port:
number: 9001

49
ingress-external-devices/pihole.yaml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: v1
kind: Service
metadata:
name: pihole
namespace: ingress-external
spec:
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: v1
kind: Endpoints
metadata:
name: pihole
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.2.52
- ip: fd00:0:0:2::52
ports:
- port: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pihole
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- pihole.apps.undercloud.dev
secretName: pihole-tls
rules:
- host: pihole.apps.undercloud.dev
http:
paths:
- path: /admin
pathType: Prefix
backend:
service:
name: pihole
port:
number: 80

59
ingress-external-devices/unifi.yaml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: v1
kind: Service
metadata:
name: unifi
namespace: ingress-external
spec:
ports:
- name: https
port: 8443
targetPort: 8443
---
apiVersion: v1
kind: Endpoints
metadata:
name: unifi
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.2.51
ports:
- port: 8443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: unifi
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "unifi.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "unifi.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://unifi.undercloud.local:8443/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://unifi.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-cookie-domain: "unifi.undercloud.local unifi.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
spec:
tls:
- hosts: [unifi.apps.undercloud.dev]
secretName: unifi-tls
rules:
- host: unifi.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: unifi
port:
number: 8443