diff --git a/kubernetes-templates/drawio.yml b/kubernetes-templates/drawio.yml index 620d887..7fdfaef 100644 --- a/kubernetes-templates/drawio.yml +++ b/kubernetes-templates/drawio.yml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: @@ -47,7 +48,7 @@ metadata: name: drawio-service namespace: drawio spec: - type: NodePort + type: ClusterIP selector: app: drawio ports: @@ -55,4 +56,18 @@ spec: protocol: TCP port: 80 targetPort: 8080 - nodePort: 33004 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: drawio-web + namespace: drawio +spec: + entryPoints: + - websecure + routes: + - match: Host(`drawio.khongisa.co.za`) + kind: Rule + services: + - name: drawio-service + port: 80 \ No newline at end of file diff --git a/kubernetes-templates/droneci.yml b/kubernetes-templates/droneci.yml index ccc7b99..0bcde4a 100644 --- a/kubernetes-templates/droneci.yml +++ b/kubernetes-templates/droneci.yml @@ -1,4 +1,4 @@ ---- +--- apiVersion: v1 kind: Namespace metadata: @@ -90,11 +90,10 @@ spec: cpu: "500m" memory: "512Mi" env: - # FIX: Explicitly bind the address to bypass port validation logic - name: DRONE_SERVER_ADDR value: ":80" - name: DRONE_SERVER_HOST - value: "drone.khongisa.co.za" + value: "droneci.khongisa.co.za" - name: DRONE_SERVER_PROTO value: "https" - name: DRONE_GITEA_SERVER @@ -162,11 +161,25 @@ metadata: name: drone-server namespace: drone-ci spec: - type: NodePort + type: ClusterIP selector: app: drone-server ports: - name: http port: 80 targetPort: 80 - nodePort: 31001 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: drone-web + namespace: drone-ci +spec: + entryPoints: + - websecure + routes: + - match: Host(`droneci.khongisa.co.za`) + kind: Rule + services: + - name: drone-server + port: 80 \ No newline at end of file diff --git a/kubernetes-templates/filebrowser.yml b/kubernetes-templates/filebrowser.yml index cb2946e..307d5c2 100644 --- a/kubernetes-templates/filebrowser.yml +++ b/kubernetes-templates/filebrowser.yml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: @@ -10,7 +11,6 @@ metadata: namespace: filebrowser type: Opaque data: - # Value: Blackstar2@home admin-password: QmxhY2tzdGFyMkBob21l --- apiVersion: v1 @@ -61,11 +61,9 @@ spec: operator: DoesNotExist containers: - name: filebrowser - image: filebrowser/filebrowser:v2.30.0 # Using a specific version for stability + image: filebrowser/filebrowser:v2.30.0 ports: - containerPort: 80 - # We remove 'command' and 'args' that rely on /bin/sh - # and use the native environment variables env: - name: FB_DATABASE value: "/config/database.db" @@ -94,7 +92,7 @@ metadata: name: filebrowser-service namespace: filebrowser spec: - type: NodePort + type: ClusterIP selector: app: filebrowser ports: @@ -102,4 +100,18 @@ spec: protocol: TCP port: 80 targetPort: 80 - nodePort: 33003 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: filebrowser-web + namespace: filebrowser +spec: + entryPoints: + - websecure + routes: + - match: Host(`drive.khongisa.co.za`) + kind: Rule + services: + - name: filebrowser-service + port: 80 \ No newline at end of file diff --git a/kubernetes-templates/headlamp.yml b/kubernetes-templates/headlamp.yml index 1530682..b6f480a 100644 --- a/kubernetes-templates/headlamp.yml +++ b/kubernetes-templates/headlamp.yml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -16,7 +17,6 @@ spec: containers: - name: headlamp image: ghcr.io/headlamp-k8s/headlamp:latest - # We only use -in-cluster. No other flags allowed. args: - "-in-cluster" ports: @@ -29,11 +29,25 @@ metadata: name: headlamp namespace: kube-system spec: - type: NodePort + type: ClusterIP selector: app.kubernetes.io/name: headlamp ports: - protocol: TCP port: 80 targetPort: 4466 - nodePort: 30001 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: headlamp-web + namespace: kube-system +spec: + entryPoints: + - websecure + routes: + - match: Host(`cluster.khongisa.co.za`) + kind: Rule + services: + - name: headlamp + port: 80 \ No newline at end of file diff --git a/kubernetes-templates/mealie-recipes.yml b/kubernetes-templates/mealie-recipes.yml index 598d953..b70720d 100644 --- a/kubernetes-templates/mealie-recipes.yml +++ b/kubernetes-templates/mealie-recipes.yml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: @@ -97,11 +98,25 @@ metadata: name: mealie-service namespace: mealie spec: - type: NodePort + type: ClusterIP selector: app: mealie ports: - protocol: TCP port: 80 targetPort: 9000 - nodePort: 33007 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: mealie-web + namespace: mealie +spec: + entryPoints: + - websecure + routes: + - match: Host(`mealie.khongisa.co.za`) + kind: Rule + services: + - name: mealie-service + port: 80 \ No newline at end of file diff --git a/kubernetes-templates/nexus.yml b/kubernetes-templates/nexus.yml index 293386c..d754e87 100644 --- a/kubernetes-templates/nexus.yml +++ b/kubernetes-templates/nexus.yml @@ -142,4 +142,19 @@ spec: protocol: TCP port: 8082 targetPort: 8082 - nodePort: 31010 \ No newline at end of file + nodePort: 31010 +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: nexus-web + namespace: nexus +spec: + entryPoints: + - websecure + routes: + - match: Host(`nexus.khongisa.co.za`) + kind: Rule + services: + - name: nexus-service + port: 8081 \ No newline at end of file diff --git a/kubernetes-templates/pgadmin.yml b/kubernetes-templates/pgadmin.yml index a63d04a..bbc0769 100644 --- a/kubernetes-templates/pgadmin.yml +++ b/kubernetes-templates/pgadmin.yml @@ -101,7 +101,7 @@ metadata: name: pgadmin-service namespace: pgadmin spec: - type: NodePort + type: ClusterIP selector: app: pgadmin ports: @@ -109,5 +109,18 @@ spec: protocol: TCP port: 80 targetPort: 80 - nodePort: 32081 - \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: pgadmin-web + namespace: pgadmin +spec: + entryPoints: + - websecure + routes: + - match: Host(`pgadmin.khongisa.co.za`) + kind: Rule + services: + - name: pgadmin-service + port: 80 \ No newline at end of file diff --git a/kubernetes-templates/phpmyadmin.yml b/kubernetes-templates/phpmyadmin.yml index fb64e3e..34f018b 100644 --- a/kubernetes-templates/phpmyadmin.yml +++ b/kubernetes-templates/phpmyadmin.yml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: @@ -75,10 +76,26 @@ metadata: name: phpmyadmin-service namespace: phpmyadmin spec: - type: NodePort + type: ClusterIP selector: app: phpmyadmin ports: - - port: 80 + - name: http + protocol: TCP + port: 80 targetPort: 80 - nodePort: 33006 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: phpmyadmin-web + namespace: phpmyadmin +spec: + entryPoints: + - websecure + routes: + - match: Host(`phpmyadmin.khongisa.co.za`) + kind: Rule + services: + - name: phpmyadmin-service + port: 80 \ No newline at end of file diff --git a/kubernetes-templates/redisinsight.yml b/kubernetes-templates/redisinsight.yml index e9304b0..566f57b 100644 --- a/kubernetes-templates/redisinsight.yml +++ b/kubernetes-templates/redisinsight.yml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: @@ -170,20 +171,19 @@ spec: app: redisinsight ports: - port: 8001 - targetPort: 8001 # maybe 5540 + targetPort: 8001 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: redisinsight-ingress + name: redisinsight-web namespace: redisinsight spec: entryPoints: - websecure routes: - - match: Host(`redisinsight.apps.mngoma.lab`) + - match: Host(`redisinsight.khongisa.co.za`) kind: Rule services: - name: redisinsight - port: 8001 - tls: {} \ No newline at end of file + port: 8001 \ No newline at end of file diff --git a/kubernetes-templates/searxng.yml b/kubernetes-templates/searxng.yml index a5d0606..b887808 100644 --- a/kubernetes-templates/searxng.yml +++ b/kubernetes-templates/searxng.yml @@ -38,6 +38,9 @@ spec: value: "0.0.0.0" - name: SEARXNG_SERVER_PORT value: "8080" + # Ensures the application generates internal links correctly for the public URL + - name: SEARXNG_BASE_URL + value: "https://search.khongisa.co.za" resources: requests: cpu: "100m" @@ -52,7 +55,8 @@ metadata: name: searxng-server namespace: searxng spec: - type: NodePort + # Internal-only service; nodePort 32080 is no longer required + type: ClusterIP selector: app.kubernetes.io/name: searxng-server ports: @@ -60,7 +64,6 @@ spec: protocol: TCP port: 8080 targetPort: 8080 - nodePort: 32080 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute @@ -71,10 +74,11 @@ spec: entryPoints: - websecure routes: - - match: Host(`searxng.apps.mngoma.lab`) + # Matches the specific subdomain configured in Pangolin + - match: Host(`search.khongisa.co.za`) kind: Rule services: - name: searxng-server port: 8080 scheme: http - tls: {} + tls: {} \ No newline at end of file diff --git a/kubernetes-templates/semaphoreui.yml b/kubernetes-templates/semaphoreui.yml index 9eabc6d..3c4ecf6 100644 --- a/kubernetes-templates/semaphoreui.yml +++ b/kubernetes-templates/semaphoreui.yml @@ -58,7 +58,7 @@ data: admin-password: QmxhY2tzdGFyMkBob21l access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE= id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K - id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4K + id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXpkeEBkYXJrc3VuCg== --- apiVersion: v1 kind: ConfigMap @@ -109,8 +109,6 @@ spec: initContainers: - name: fix-ssh-permissions image: busybox:latest - # We ensure the directory exists and has 700. - # We don't touch the files yet because they are mounted by the main container. command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chmod 700 /home/semaphore/.ssh"] volumeMounts: - name: semaphore-persistent-storage @@ -188,7 +186,7 @@ metadata: name: semaphore-service namespace: semaphore spec: - type: NodePort + type: ClusterIP selector: app: semaphore ports: @@ -196,4 +194,18 @@ spec: protocol: TCP port: 3000 targetPort: 3000 - nodePort: 31011 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: semaphore-web + namespace: semaphore +spec: + entryPoints: + - websecure + routes: + - match: Host(`semaphore.khongisa.co.za`) + kind: Rule + services: + - name: semaphore-service + port: 3000 \ No newline at end of file diff --git a/kubernetes-templates/traefik-dashboard.yml b/kubernetes-templates/traefik-dashboard.yml index aec3100..7bd6c8b 100644 --- a/kubernetes-templates/traefik-dashboard.yml +++ b/kubernetes-templates/traefik-dashboard.yml @@ -1,10 +1,11 @@ +--- apiVersion: v1 kind: Service metadata: - name: traefik-dashboard-nodeport + name: traefik-dashboard namespace: kube-system spec: - type: NodePort + type: ClusterIP selector: app.kubernetes.io/name: traefik ports: @@ -12,4 +13,18 @@ spec: protocol: TCP port: 8080 targetPort: 8080 - nodePort: 30000 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: traefik-dashboard-web + namespace: kube-system +spec: + entryPoints: + - websecure + routes: + - match: Host(`traefik.khongisa.co.za`) + kind: Rule + services: + - name: api@internal + kind: TraefikService \ No newline at end of file diff --git a/kubernetes-templates/vaultwarden.yml b/kubernetes-templates/vaultwarden.yml index 4aaf7b5..4eebcd9 100644 --- a/kubernetes-templates/vaultwarden.yml +++ b/kubernetes-templates/vaultwarden.yml @@ -112,7 +112,7 @@ metadata: name: vaultwarden-service namespace: vaultwarden spec: - type: NodePort + type: ClusterIP selector: app: vaultwarden ports: @@ -120,4 +120,18 @@ spec: protocol: TCP port: 80 targetPort: 80 - nodePort: 32085 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: vaultwarden-web + namespace: vaultwarden +spec: + entryPoints: + - websecure + routes: + - match: Host(`vault.khongisa.co.za`) + kind: Rule + services: + - name: vaultwarden-service + port: 80 \ No newline at end of file diff --git a/kubernetes-templates/vscode.yml b/kubernetes-templates/vscode.yml index b67bdaf..a9ef87f 100644 --- a/kubernetes-templates/vscode.yml +++ b/kubernetes-templates/vscode.yml @@ -119,7 +119,7 @@ metadata: name: vscode-service namespace: vscode spec: - type: NodePort + type: ClusterIP selector: app: vscode ports: @@ -127,7 +127,6 @@ spec: protocol: TCP port: 8080 targetPort: 8080 - nodePort: 33000 --- apiVersion: v1 kind: Service @@ -135,7 +134,7 @@ metadata: name: vscode-dev-service namespace: vscode spec: - type: NodePort + type: ClusterIP selector: app: vscode ports: @@ -143,9 +142,52 @@ spec: protocol: TCP port: 3000 targetPort: 3000 - nodePort: 33001 - name: dotnet-dev protocol: TCP port: 5000 targetPort: 5000 - nodePort: 33002 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: vscode-web + namespace: vscode +spec: + entryPoints: + - websecure + routes: + - match: Host(`code.khongisa.co.za`) + kind: Rule + services: + - name: vscode-service + port: 8080 +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: vscode-node-uat + namespace: vscode +spec: + entryPoints: + - websecure + routes: + - match: Host(`node.uat.khongisa.co.za`) + kind: Rule + services: + - name: vscode-dev-service + port: 3000 +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: vscode-dotnet-uat + namespace: vscode +spec: + entryPoints: + - websecure + routes: + - match: Host(`dotnet.uat.khongisa.co.za`) + kind: Rule + services: + - name: vscode-dev-service + port: 5000 \ No newline at end of file diff --git a/kubernetes-templates/whoami.yml b/kubernetes-templates/whoami.yml index d6c7f83..c61087f 100644 --- a/kubernetes-templates/whoami.yml +++ b/kubernetes-templates/whoami.yml @@ -45,7 +45,7 @@ metadata: name: whoami namespace: whoami spec: - type: NodePort + type: ClusterIP selector: app: whoami ports: @@ -53,4 +53,18 @@ spec: protocol: TCP port: 80 targetPort: 80 - nodePort: 31002 \ No newline at end of file +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: whoami-web + namespace: whoami +spec: + entryPoints: + - websecure + routes: + - match: Host(`whoami.khongisa.co.za`) + kind: Rule + services: + - name: whoami + port: 80 \ No newline at end of file