Migrated k3s manifests to use traefik ingres route

kubernetes-templates/drawio.yml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -47,7 +48,7 @@ metadata:
   name: drawio-service
   namespace: drawio
 spec:
-  type: NodePort
+  type: ClusterIP 
   selector:
     app: drawio
   ports:
@@ -55,4 +56,18 @@ spec:
       protocol: TCP
       port: 80
       targetPort: 8080
-      nodePort: 33004
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: drawio-web
+  namespace: drawio
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`drawio.khongisa.co.za`) 
+      kind: Rule
+      services:
+        - name: drawio-service
+          port: 80

kubernetes-templates/droneci.yml

@@ -1,4 +1,4 @@
---- 
+---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -90,11 +90,10 @@ spec:
               cpu: "500m"
               memory: "512Mi"
           env:
-            # FIX: Explicitly bind the address to bypass port validation logic
             - name: DRONE_SERVER_ADDR
               value: ":80"
             - name: DRONE_SERVER_HOST
-              value: "drone.khongisa.co.za"
+              value: "droneci.khongisa.co.za"
             - name: DRONE_SERVER_PROTO
               value: "https"
             - name: DRONE_GITEA_SERVER
@@ -162,11 +161,25 @@ metadata:
   name: drone-server
   namespace: drone-ci
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: drone-server
   ports:
     - name: http
       port: 80
       targetPort: 80
-      nodePort: 31001
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: drone-web
+  namespace: drone-ci
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`droneci.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: drone-server
+          port: 80

kubernetes-templates/filebrowser.yml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -10,7 +11,6 @@ metadata:
   namespace: filebrowser
 type: Opaque
 data:
-  # Value: Blackstar2@home
   admin-password: QmxhY2tzdGFyMkBob21l
 ---
 apiVersion: v1
@@ -61,11 +61,9 @@ spec:
                     operator: DoesNotExist
       containers:
         - name: filebrowser
-          image: filebrowser/filebrowser:v2.30.0 # Using a specific version for stability
+          image: filebrowser/filebrowser:v2.30.0
           ports:
             - containerPort: 80
-          # We remove 'command' and 'args' that rely on /bin/sh
-          # and use the native environment variables
           env:
             - name: FB_DATABASE
               value: "/config/database.db"
@@ -94,7 +92,7 @@ metadata:
   name: filebrowser-service
   namespace: filebrowser
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: filebrowser
   ports:
@@ -102,4 +100,18 @@ spec:
       protocol: TCP
       port: 80
       targetPort: 80
-      nodePort: 33003
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: filebrowser-web
+  namespace: filebrowser
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`drive.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: filebrowser-service
+          port: 80

kubernetes-templates/headlamp.yml

@@ -1,3 +1,4 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -16,7 +17,6 @@ spec:
       containers:
       - name: headlamp
         image: ghcr.io/headlamp-k8s/headlamp:latest
-        # We only use -in-cluster. No other flags allowed.
         args:
           - "-in-cluster"
         ports:
@@ -29,11 +29,25 @@ metadata:
   name: headlamp
   namespace: kube-system
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app.kubernetes.io/name: headlamp
   ports:
     - protocol: TCP
       port: 80
       targetPort: 4466
-      nodePort: 30001
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: headlamp-web
+  namespace: kube-system
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`cluster.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: headlamp
+          port: 80

kubernetes-templates/mealie-recipes.yml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -97,11 +98,25 @@ metadata:
   name: mealie-service
   namespace: mealie
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: mealie
   ports:
     - protocol: TCP
       port: 80
       targetPort: 9000
-      nodePort: 33007
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: mealie-web
+  namespace: mealie
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`mealie.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: mealie-service
+          port: 80

kubernetes-templates/nexus.yml

@@ -142,4 +142,19 @@ spec:
       protocol: TCP
       port: 8082
       targetPort: 8082
-      nodePort: 31010
+      nodePort: 31010
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nexus-web
+  namespace: nexus
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`nexus.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: nexus-service
+          port: 8081

kubernetes-templates/pgadmin.yml

@@ -101,7 +101,7 @@ metadata:
   name: pgadmin-service
   namespace: pgadmin
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: pgadmin
   ports:
@@ -109,5 +109,18 @@ spec:
       protocol: TCP
       port: 80
       targetPort: 80
-      nodePort: 32081
-       
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: pgadmin-web
+  namespace: pgadmin
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`pgadmin.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: pgadmin-service
+          port: 80

kubernetes-templates/phpmyadmin.yml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -75,10 +76,26 @@ metadata:
   name: phpmyadmin-service
   namespace: phpmyadmin
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: phpmyadmin
   ports:
-    - port: 80
+    - name: http
+      protocol: TCP
+      port: 80
       targetPort: 80
-      nodePort: 33006
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: phpmyadmin-web
+  namespace: phpmyadmin
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`phpmyadmin.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: phpmyadmin-service
+          port: 80

kubernetes-templates/redisinsight.yml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -170,20 +171,19 @@ spec:
     app: redisinsight
   ports:
     - port: 8001
-      targetPort: 8001 # maybe 5540
+      targetPort: 8001
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: redisinsight-ingress
+  name: redisinsight-web
   namespace: redisinsight
 spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`redisinsight.apps.mngoma.lab`)
+    - match: Host(`redisinsight.khongisa.co.za`)
       kind: Rule
       services:
         - name: redisinsight
-          port: 8001
-  tls: {}
+          port: 8001

kubernetes-templates/searxng.yml

@@ -38,6 +38,9 @@ spec:
               value: "0.0.0.0"
             - name: SEARXNG_SERVER_PORT
               value: "8080"
+            # Ensures the application generates internal links correctly for the public URL
+            - name: SEARXNG_BASE_URL
+              value: "https://search.khongisa.co.za"
           resources:
             requests:
               cpu: "100m"
@@ -52,7 +55,8 @@ metadata:
   name: searxng-server
   namespace: searxng
 spec:
-  type: NodePort
+  # Internal-only service; nodePort 32080 is no longer required
+  type: ClusterIP 
   selector:
     app.kubernetes.io/name: searxng-server
   ports:
@@ -60,7 +64,6 @@ spec:
       protocol: TCP
       port: 8080
       targetPort: 8080
-      nodePort: 32080
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
@@ -71,10 +74,11 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`searxng.apps.mngoma.lab`)
+    # Matches the specific subdomain configured in Pangolin
+    - match: Host(`search.khongisa.co.za`) 
       kind: Rule
       services:
         - name: searxng-server
           port: 8080
           scheme: http
-  tls: {}
+  tls: {}

kubernetes-templates/semaphoreui.yml

@@ -58,7 +58,7 @@ data:
   admin-password: QmxhY2tzdGFyMkBob21l
   access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE=
   id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K
-  id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4K
+  id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXpkeEBkYXJrc3VuCg==
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -109,8 +109,6 @@ spec:
       initContainers:
         - name: fix-ssh-permissions
           image: busybox:latest
-          # We ensure the directory exists and has 700. 
-          # We don't touch the files yet because they are mounted by the main container.
           command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chmod 700 /home/semaphore/.ssh"]
           volumeMounts:
             - name: semaphore-persistent-storage
@@ -188,7 +186,7 @@ metadata:
   name: semaphore-service
   namespace: semaphore
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: semaphore
   ports:
@@ -196,4 +194,18 @@ spec:
       protocol: TCP
       port: 3000
       targetPort: 3000
-      nodePort: 31011
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: semaphore-web
+  namespace: semaphore
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`semaphore.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: semaphore-service
+          port: 3000

kubernetes-templates/traefik-dashboard.yml

@@ -1,10 +1,11 @@
+---
 apiVersion: v1
 kind: Service
 metadata:
-  name: traefik-dashboard-nodeport
+  name: traefik-dashboard
   namespace: kube-system
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app.kubernetes.io/name: traefik
   ports:
@@ -12,4 +13,18 @@ spec:
       protocol: TCP
       port: 8080
       targetPort: 8080
-      nodePort: 30000
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: traefik-dashboard-web
+  namespace: kube-system
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`traefik.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: api@internal
+          kind: TraefikService

kubernetes-templates/vaultwarden.yml

@@ -112,7 +112,7 @@ metadata:
   name: vaultwarden-service
   namespace: vaultwarden
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: vaultwarden
   ports:
@@ -120,4 +120,18 @@ spec:
       protocol: TCP
       port: 80
       targetPort: 80
-      nodePort: 32085
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: vaultwarden-web
+  namespace: vaultwarden
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`vault.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: vaultwarden-service
+          port: 80

kubernetes-templates/vscode.yml

@@ -119,7 +119,7 @@ metadata:
   name: vscode-service
   namespace: vscode
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: vscode
   ports:
@@ -127,7 +127,6 @@ spec:
       protocol: TCP
       port: 8080
       targetPort: 8080
-      nodePort: 33000
 ---
 apiVersion: v1
 kind: Service
@@ -135,7 +134,7 @@ metadata:
   name: vscode-dev-service
   namespace: vscode
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: vscode
   ports:
@@ -143,9 +142,52 @@ spec:
       protocol: TCP
       port: 3000
       targetPort: 3000
-      nodePort: 33001
     - name: dotnet-dev
       protocol: TCP
       port: 5000
       targetPort: 5000
-      nodePort: 33002
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: vscode-web
+  namespace: vscode
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`code.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: vscode-service
+          port: 8080
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: vscode-node-uat
+  namespace: vscode
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`node.uat.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: vscode-dev-service
+          port: 3000
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: vscode-dotnet-uat
+  namespace: vscode
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`dotnet.uat.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: vscode-dev-service
+          port: 5000

kubernetes-templates/whoami.yml

@@ -45,7 +45,7 @@ metadata:
   name: whoami
   namespace: whoami
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: whoami
   ports:
@@ -53,4 +53,18 @@ spec:
       protocol: TCP
       port: 80
       targetPort: 80
-      nodePort: 31002
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: whoami-web
+  namespace: whoami
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`whoami.khongisa.co.za`)
+      kind: Rule
+      services:
+        - name: whoami
+          port: 80