Migrated k3s manifests to use traefik ingres route

2026-05-01 11:09:52 +00:00
parent 80715dc15a
commit a428260243
15 changed files with 266 additions and 51 deletions
@@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -47,7 +48,7 @@ metadata:
  name: drawio-service
  namespace: drawio
 spec:
-  type: NodePort
+  type: ClusterIP 
  selector:
    app: drawio
  ports:
@@ -55,4 +56,18 @@ spec:
      protocol: TCP
      port: 80
      targetPort: 8080
-      nodePort: 33004
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: drawio-web
  namespace: drawio
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`drawio.khongisa.co.za`) 
      kind: Rule
      services:
        - name: drawio-service
          port: 80
@@ -1,4 +1,4 @@
--- 
+---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -90,11 +90,10 @@ spec:
              cpu: "500m"
              memory: "512Mi"
          env:
            # FIX: Explicitly bind the address to bypass port validation logic
            - name: DRONE_SERVER_ADDR
              value: ":80"
            - name: DRONE_SERVER_HOST
-              value: "drone.khongisa.co.za"
+              value: "droneci.khongisa.co.za"
            - name: DRONE_SERVER_PROTO
              value: "https"
            - name: DRONE_GITEA_SERVER
@@ -162,11 +161,25 @@ metadata:
  name: drone-server
  namespace: drone-ci
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: drone-server
  ports:
    - name: http
      port: 80
      targetPort: 80
-      nodePort: 31001
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: drone-web
  namespace: drone-ci
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`droneci.khongisa.co.za`)
      kind: Rule
      services:
        - name: drone-server
          port: 80
@@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -10,7 +11,6 @@ metadata:
  namespace: filebrowser
 type: Opaque
 data:
  # Value: Blackstar2@home
  admin-password: QmxhY2tzdGFyMkBob21l
 ---
 apiVersion: v1
@@ -61,11 +61,9 @@ spec:
                    operator: DoesNotExist
      containers:
        - name: filebrowser
-          image: filebrowser/filebrowser:v2.30.0 # Using a specific version for stability
+          image: filebrowser/filebrowser:v2.30.0
          ports:
            - containerPort: 80
          # We remove 'command' and 'args' that rely on /bin/sh
          # and use the native environment variables
          env:
            - name: FB_DATABASE
              value: "/config/database.db"
@@ -94,7 +92,7 @@ metadata:
  name: filebrowser-service
  namespace: filebrowser
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: filebrowser
  ports:
@@ -102,4 +100,18 @@ spec:
      protocol: TCP
      port: 80
      targetPort: 80
-      nodePort: 33003
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: filebrowser-web
  namespace: filebrowser
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`drive.khongisa.co.za`)
      kind: Rule
      services:
        - name: filebrowser-service
          port: 80
@@ -1,3 +1,4 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -16,7 +17,6 @@ spec:
      containers:
      - name: headlamp
        image: ghcr.io/headlamp-k8s/headlamp:latest
        # We only use -in-cluster. No other flags allowed.
        args:
          - "-in-cluster"
        ports:
@@ -29,11 +29,25 @@ metadata:
  name: headlamp
  namespace: kube-system
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app.kubernetes.io/name: headlamp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 4466
-      nodePort: 30001
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: headlamp-web
  namespace: kube-system
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`cluster.khongisa.co.za`)
      kind: Rule
      services:
        - name: headlamp
          port: 80
@@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -97,11 +98,25 @@ metadata:
  name: mealie-service
  namespace: mealie
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: mealie
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9000
-      nodePort: 33007
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: mealie-web
  namespace: mealie
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`mealie.khongisa.co.za`)
      kind: Rule
      services:
        - name: mealie-service
          port: 80
@@ -142,4 +142,19 @@ spec:
      protocol: TCP
      port: 8082
      targetPort: 8082
-      nodePort: 31010
+      nodePort: 31010
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: nexus-web
  namespace: nexus
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`nexus.khongisa.co.za`)
      kind: Rule
      services:
        - name: nexus-service
          port: 8081
@@ -101,7 +101,7 @@ metadata:
  name: pgadmin-service
  namespace: pgadmin
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: pgadmin
  ports:
@@ -109,5 +109,18 @@ spec:
      protocol: TCP
      port: 80
      targetPort: 80
-      nodePort: 32081
+---
-       
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: pgadmin-web
  namespace: pgadmin
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`pgadmin.khongisa.co.za`)
      kind: Rule
      services:
        - name: pgadmin-service
          port: 80
@@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -75,10 +76,26 @@ metadata:
  name: phpmyadmin-service
  namespace: phpmyadmin
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: phpmyadmin
  ports:
-    - port: 80
+    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
-      nodePort: 33006
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: phpmyadmin-web
  namespace: phpmyadmin
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`phpmyadmin.khongisa.co.za`)
      kind: Rule
      services:
        - name: phpmyadmin-service
          port: 80
@@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -170,20 +171,19 @@ spec:
    app: redisinsight
  ports:
    - port: 8001
-      targetPort: 8001 # maybe 5540
+      targetPort: 8001
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: redisinsight-ingress
+  name: redisinsight-web
  namespace: redisinsight
 spec:
  entryPoints:
    - websecure
  routes:
-    - match: Host(`redisinsight.apps.mngoma.lab`)
+    - match: Host(`redisinsight.khongisa.co.za`)
      kind: Rule
      services:
        - name: redisinsight
-          port: 8001
+          port: 8001
  tls: {}
@@ -38,6 +38,9 @@ spec:
              value: "0.0.0.0"
            - name: SEARXNG_SERVER_PORT
              value: "8080"
            # Ensures the application generates internal links correctly for the public URL
            - name: SEARXNG_BASE_URL
              value: "https://search.khongisa.co.za"
          resources:
            requests:
              cpu: "100m"
@@ -52,7 +55,8 @@ metadata:
  name: searxng-server
  namespace: searxng
 spec:
-  type: NodePort
+  # Internal-only service; nodePort 32080 is no longer required
  type: ClusterIP 
  selector:
    app.kubernetes.io/name: searxng-server
  ports:
@@ -60,7 +64,6 @@ spec:
      protocol: TCP
      port: 8080
      targetPort: 8080
      nodePort: 32080
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
@@ -71,10 +74,11 @@ spec:
  entryPoints:
    - websecure
  routes:
-    - match: Host(`searxng.apps.mngoma.lab`)
+    # Matches the specific subdomain configured in Pangolin
    - match: Host(`search.khongisa.co.za`) 
      kind: Rule
      services:
        - name: searxng-server
          port: 8080
          scheme: http
-  tls: {}
+  tls: {}
@@ -58,7 +58,7 @@ data:
  admin-password: QmxhY2tzdGFyMkBob21l
  access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE=
  id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K
-  id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4K
+  id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXpkeEBkYXJrc3VuCg==
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -109,8 +109,6 @@ spec:
      initContainers:
        - name: fix-ssh-permissions
          image: busybox:latest
          # We ensure the directory exists and has 700. 
          # We don't touch the files yet because they are mounted by the main container.
          command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chmod 700 /home/semaphore/.ssh"]
          volumeMounts:
            - name: semaphore-persistent-storage
@@ -188,7 +186,7 @@ metadata:
  name: semaphore-service
  namespace: semaphore
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: semaphore
  ports:
@@ -196,4 +194,18 @@ spec:
      protocol: TCP
      port: 3000
      targetPort: 3000
-      nodePort: 31011
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: semaphore-web
  namespace: semaphore
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`semaphore.khongisa.co.za`)
      kind: Rule
      services:
        - name: semaphore-service
          port: 3000
@@ -1,10 +1,11 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: traefik-dashboard-nodeport
+  name: traefik-dashboard
  namespace: kube-system
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app.kubernetes.io/name: traefik
  ports:
@@ -12,4 +13,18 @@ spec:
      protocol: TCP
      port: 8080
      targetPort: 8080
-      nodePort: 30000
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: traefik-dashboard-web
  namespace: kube-system
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`traefik.khongisa.co.za`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
@@ -112,7 +112,7 @@ metadata:
  name: vaultwarden-service
  namespace: vaultwarden
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: vaultwarden
  ports:
@@ -120,4 +120,18 @@ spec:
      protocol: TCP
      port: 80
      targetPort: 80
-      nodePort: 32085
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: vaultwarden-web
  namespace: vaultwarden
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`vault.khongisa.co.za`)
      kind: Rule
      services:
        - name: vaultwarden-service
          port: 80
@@ -119,7 +119,7 @@ metadata:
  name: vscode-service
  namespace: vscode
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: vscode
  ports:
@@ -127,7 +127,6 @@ spec:
      protocol: TCP
      port: 8080
      targetPort: 8080
      nodePort: 33000
 ---
 apiVersion: v1
 kind: Service
@@ -135,7 +134,7 @@ metadata:
  name: vscode-dev-service
  namespace: vscode
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: vscode
  ports:
@@ -143,9 +142,52 @@ spec:
      protocol: TCP
      port: 3000
      targetPort: 3000
      nodePort: 33001
    - name: dotnet-dev
      protocol: TCP
      port: 5000
      targetPort: 5000
-      nodePort: 33002
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: vscode-web
  namespace: vscode
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`code.khongisa.co.za`)
      kind: Rule
      services:
        - name: vscode-service
          port: 8080
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: vscode-node-uat
  namespace: vscode
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`node.uat.khongisa.co.za`)
      kind: Rule
      services:
        - name: vscode-dev-service
          port: 3000
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: vscode-dotnet-uat
  namespace: vscode
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`dotnet.uat.khongisa.co.za`)
      kind: Rule
      services:
        - name: vscode-dev-service
          port: 5000
@@ -45,7 +45,7 @@ metadata:
  name: whoami
  namespace: whoami
 spec:
-  type: NodePort
+  type: ClusterIP
  selector:
    app: whoami
  ports:
@@ -53,4 +53,18 @@ spec:
      protocol: TCP
      port: 80
      targetPort: 80
-      nodePort: 31002
+---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: whoami-web
  namespace: whoami
 spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`whoami.khongisa.co.za`)
      kind: Rule
      services:
        - name: whoami
          port: 80