Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
k8s-apps/ingress-external-devices/firewall.yaml
shodan df11d7c1f9 .
2026-03-21 19:48:03 +00:00

183 lines
5.1 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: Service
metadata:
name: firewall-admin
namespace: ingress-external
spec:
ports:
- name: https
port: 4444
targetPort: 4444
---
apiVersion: v1
kind: Endpoints
metadata:
name: firewall-admin
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.1.1 # <-- Sophos XG IP
ports:
- port: 4444
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: firewall-admin
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
#nginx.ingress.kubernetes.io/upstream-vhost: "firewall.undercloud.local"
#nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
#nginx.ingress.kubernetes.io/proxy-ssl-name: "firewall.undercloud.local"
#nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
# rewrite absolute redirects and cookies from Sophos
#nginx.ingress.kubernetes.io/proxy-redirect-from: "https://firewall.undercloud.local:4444/"
#nginx.ingress.kubernetes.io/proxy-redirect-to: "https://firewall-admin.apps.undercloud.dev/"
#nginx.ingress.kubernetes.io/proxy-cookie-domain: "firewall.undercloud.local firewall-admin.apps.undercloud.dev"
# long polls/websockets tolerance
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
# optional: lock down by source IP(s)
# nginx.ingress.kubernetes.io/whitelist-source-range: "<your-IP>/32"
spec:
tls:
- hosts: [firewall-admin.apps.undercloud.dev]
secretName: firewall-admin-tls
rules:
- host: firewall-admin.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: firewall-admin
port:
number: 4444
---
apiVersion: v1
kind: Service
metadata:
name: firewall-vpn
namespace: ingress-external
spec:
ports:
- name: https
port: 4443
targetPort: 4443
---
apiVersion: v1
kind: Endpoints
metadata:
name: firewall-vpn
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.1.1 # Sophos XG IP
ports:
- port: 4443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: firewall-vpn
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "firewall.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "firewall.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://firewall.undercloud.local:4443/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://firewall-vpn.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-cookie-domain: "firewall.undercloud.local firewall-vpn.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
tls:
- hosts: [firewall-vpn.apps.undercloud.dev]
secretName: firewall-vpn-tls
rules:
- host: firewall-vpn.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: firewall-vpn
port:
number: 4443
---
apiVersion: v1
kind: Service
metadata:
name: firewall-userportal
namespace: ingress-external
spec:
ports:
- name: https
port: 4443
targetPort: 4443
---
apiVersion: v1
kind: Endpoints
metadata:
name: firewall-userportal
namespace: ingress-external
subsets:
- addresses:
- ip: 10.0.1.1 # Sophos XG IP
ports:
- port: 4443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: firewall-userportal
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/upstream-vhost: "firewall.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "true"
nginx.ingress.kubernetes.io/proxy-ssl-name: "firewall.undercloud.local"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-redirect-from: "https://firewall.undercloud.local:4443/"
nginx.ingress.kubernetes.io/proxy-redirect-to: "https://firewall-userportal.apps.undercloud.dev/"
nginx.ingress.kubernetes.io/proxy-cookie-domain: "firewall.undercloud.local firewall-userportal.apps.undercloud.dev"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
tls:
- hosts: [firewall-userportal.apps.undercloud.dev]
secretName: firewall-userportal-tls
rules:
- host: firewall-userportal.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: firewall-userportal
port:
number: 4443
Reference in New Issue View Git Blame Copy Permalink