Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

assets

Browse Source
This commit is contained in:
Gitea Root Administrator
2025-08-23 16:09:21 +02:00
parent 056e08358d
commit 838bd184a0
7 changed files with 235 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
ingress-external-devices/coreswitch.yaml
View File

@@ -4,8 +4,20 @@ metadata:
name: coreswitch
namespace: ingress-external
spec:
type: ExternalName
externalName: coreswitch.undercloud.local. # eg example.example.com
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: v1
kind: Endpoints
metadata:
name: coreswitch
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.1.3
- ip: fd00:0:0:1::3
ports:
- port: 80
---
@@ -15,15 +27,13 @@ metadata:
name: coreswitch
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- coreswitch.apps.undercloud.dev
- hosts: [coreswitch.apps.undercloud.dev]
secretName: coreswitch-cockpit-tls
rules:
- host: coreswitch.apps.undercloud.dev
@@ -35,4 +45,4 @@ spec:
service:
name: coreswitch
port:
number: 80
number: 80

38
ingress-external-devices/fritzbox.yaml
View File

@@ -4,8 +4,19 @@ metadata:
name: fritzbox
namespace: ingress-external
spec:
type: ExternalName
externalName: 10.0.3.251 # eg example.example.com
ports:
- name: https
port: 443
targetPort: 443
---
apiVersion: v1
kind: Endpoints
metadata:
name: fritzbox
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.3.251 # add v6 here too if you have one
ports:
- port: 443
---
@@ -15,15 +26,26 @@ metadata:
name: fritzbox
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: "fritz.box"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "fritz.box"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://fritz.box/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://fritzbox.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-cookie-domain: "fritz.box fritzbox.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
spec:
tls:
- hosts:
- fritzbox.apps.undercloud.dev
- hosts: [fritzbox.apps.undercloud.dev]
secretName: fritzbox-tls
rules:
- host: fritzbox.apps.undercloud.dev
@@ -35,4 +57,4 @@ spec:
service:
name: fritzbox
port:
number: 443
number: 443

53
ingress-external-devices/hyper2.yaml
View File

@@ -1,11 +1,24 @@
# === Proxmox (hyper2) on 8006 ===
apiVersion: v1
kind: Service
metadata:
name: hyper2
namespace: ingress-external
spec:
type: ExternalName
externalName: hyper2.undercloud.local. # eg example.example.com
ports:
- name: https
port: 8006
targetPort: 8006
---
apiVersion: v1
kind: Endpoints
metadata:
name: hyper2
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::62
- ip: 10.0.2.62 # <-- replace with hyper2 IP
ports:
- port: 8006
---
@@ -15,15 +28,29 @@ metadata:
name: hyper2
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# SNI + Host for upstream TLS
nginx.ingress.kubernetes.io/upstream-vhost: "hyper2.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "hyper2.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
# rewrite absolute redirects from Proxmox
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://hyper2.undercloud.local:8006/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://hyper2.apps.undercloud.dev/"
# uploads and long-lived connections (noVNC, tasks)
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
tls:
- hosts:
- hyper2.apps.undercloud.dev
- hosts: [hyper2.apps.undercloud.dev]
secretName: hyper2-tls
rules:
- host: hyper2.apps.undercloud.dev
@@ -36,6 +63,18 @@ spec:
name: hyper2
port:
number: 8006
# === Ceph Dashboard on 8443 ===
apiVersion: v1
kind: Service
metadata:
name: hyper2-ceph
namespace: ingress-external
spec:
ports:
- name: https
port: 8443
targetPort: 8443
---
apiVersion: v1
kind: Service

53
ingress-external-devices/hyper3.yaml
View File

@@ -1,11 +1,24 @@
# === Proxmox (hyper3) on 8006 ===
apiVersion: v1
kind: Service
metadata:
name: hyper3
namespace: ingress-external
spec:
type: ExternalName
externalName: hyper3.undercloud.local. # eg example.example.com
ports:
- name: https
port: 8006
targetPort: 8006
---
apiVersion: v1
kind: Endpoints
metadata:
name: hyper3
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::63
- ip: 10.0.2.63 # <-- replace with hyper3 IP
ports:
- port: 8006
---
@@ -15,15 +28,29 @@ metadata:
name: hyper3
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# SNI + Host for upstream TLS
nginx.ingress.kubernetes.io/upstream-vhost: "hyper3.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "hyper3.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
# rewrite absolute redirects from Proxmox
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://hyper3.undercloud.local:8006/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://hyper3.apps.undercloud.dev/"
# uploads and long-lived connections (noVNC, tasks)
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
tls:
- hosts:
- hyper3.apps.undercloud.dev
- hosts: [hyper3.apps.undercloud.dev]
secretName: hyper3-tls
rules:
- host: hyper3.apps.undercloud.dev
@@ -36,6 +63,18 @@ spec:
name: hyper3
port:
number: 8006
# === Ceph Dashboard on 8443 ===
apiVersion: v1
kind: Service
metadata:
name: hyper3-ceph
namespace: ingress-external
spec:
ports:
- name: https
port: 8443
targetPort: 8443
---
apiVersion: v1
kind: Service

78
ingress-external-devices/pbs.yaml
View File

@@ -1,11 +1,24 @@
# === Proxmox Backup Server (PBS) 8007 ===
apiVersion: v1
kind: Service
metadata:
name: pbs
namespace: ingress-external
spec:
type: ExternalName
externalName: pbs.undercloud.local. # eg example.example.com
ports:
- name: https
port: 8007
targetPort: 8007
---
apiVersion: v1
kind: Endpoints
metadata:
name: pbs
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.2.75
- ip: fd00:0:0:2::75
ports:
- port: 8007
---
@@ -15,15 +28,24 @@ metadata:
name: pbs
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: "pbs.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "pbs.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://pbs.undercloud.local:8007/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://pbs.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
spec:
tls:
- hosts:
- pbs.apps.undercloud.dev
- hosts: [pbs.apps.undercloud.dev]
secretName: pbs-tls
rules:
- host: pbs.apps.undercloud.dev
@@ -36,15 +58,28 @@ spec:
name: pbs
port:
number: 8007
---
# === MinIO (adjust if your MinIO uses HTTP or different port) ===
apiVersion: v1
kind: Service
metadata:
name: pbs-minio
namespace: ingress-external
spec:
type: ExternalName
externalName: pbs-minio.undercloud.local. # eg example.example.com
ports:
- name: https
port: 9000
targetPort: 9000
---
apiVersion: v1
kind: Endpoints
metadata:
name: pbs-minio
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.2.75
- ip: fd00:0:0:2::75
ports:
- port: 9000
---
@@ -54,16 +89,25 @@ metadata:
name: pbs-minio
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # set to "HTTP" if your 9000 is plain HTTP
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/upstream-vhost: "pbs-minio.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "pbs-minio.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://pbs-minio.undercloud.local:9000/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://pbs-minio.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
spec:
tls:
- hosts:
- pbs-minio.apps.undercloud.dev
secretName: pbs-tls
- hosts: [pbs-minio.apps.undercloud.dev]
secretName: pbs-minio-tls
rules:
- host: pbs-minio.apps.undercloud.dev
http:
@@ -74,4 +118,4 @@ spec:
service:
name: pbs-minio
port:
number: 9000
number: 9000

19
ingress-external-devices/pihole.yaml
View File

@@ -4,8 +4,20 @@ metadata:
name: pihole
namespace: ingress-external
spec:
type: ExternalName
externalName: pihole.undercloud.local. # eg example.example.com
ports:
- name: http
port: 80
targetPort: 80
---
apiVersion: v1
kind: Endpoints
metadata:
name: pihole
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.2.52
- ip: fd00:0:0:2::52
ports:
- port: 80
---
@@ -19,7 +31,6 @@ metadata:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
@@ -35,4 +46,4 @@ spec:
service:
name: pihole
port:
number: 80
number: 80

33
ingress-external-devices/unifi.yaml
View File

@@ -4,8 +4,19 @@ metadata:
name: unifi
namespace: ingress-external
spec:
type: ExternalName
externalName: unifi.undercloud.local. # eg example.example.com
ports:
- name: https
port: 8443
targetPort: 8443
---
apiVersion: v1
kind: Endpoints
metadata:
name: unifi
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.6.51
ports:
- port: 8443
---
@@ -15,29 +26,25 @@ metadata:
name: unifi
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
# HTTPS backend
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "unifi.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "unifi.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
# UniFi needs websockets and long polls
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://unifi.undercloud.local:8443/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://unifi.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-cookie-domain: "unifi.undercloud.local unifi.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
# Rewrite backend redirects to your public host
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://unifi.undercloud.local:8443/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://unifi.apps.undercloud.dev/"
spec:
tls:
- hosts:
- unifi.apps.undercloud.dev
- hosts: [unifi.apps.undercloud.dev]
secretName: unifi-tls
rules:
- host: unifi.apps.undercloud.dev
@@ -49,4 +56,4 @@ spec:
service:
name: unifi
port:
number: 8443
number: 8443