MngomaLab/automation
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Migrated k3s manifests to use traefik ingres route

Browse Source
This commit is contained in:
=
2026-05-01 11:09:52 +00:00
parent 80715dc15a
commit a428260243
15 changed files with 266 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files
kubernetes-templates/drawio.yml
+17 -2
View File
@@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:
@@ -47,7 +48,7 @@ metadata:
name: drawio-service
namespace: drawio
spec:
type: NodePort
type: ClusterIP
selector:
app: drawio
ports:
@@ -55,4 +56,18 @@ spec:
protocol: TCP
port: 80
targetPort: 8080
nodePort: 33004
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: drawio-web
namespace: drawio
spec:
entryPoints:
- websecure
routes:
- match: Host(`drawio.khongisa.co.za`)
kind: Rule
services:
- name: drawio-service
port: 80
kubernetes-templates/droneci.yml
+17 -4
View File
@@ -90,11 +90,10 @@ spec:
cpu: "500m"
memory: "512Mi"
env:
# FIX: Explicitly bind the address to bypass port validation logic
- name: DRONE_SERVER_ADDR
value: ":80"
- name: DRONE_SERVER_HOST
value: "drone.khongisa.co.za"
value: "droneci.khongisa.co.za"
- name: DRONE_SERVER_PROTO
value: "https"
- name: DRONE_GITEA_SERVER
@@ -162,11 +161,25 @@ metadata:
name: drone-server
namespace: drone-ci
spec:
type: NodePort
type: ClusterIP
selector:
app: drone-server
ports:
- name: http
port: 80
targetPort: 80
nodePort: 31001
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: drone-web
namespace: drone-ci
spec:
entryPoints:
- websecure
routes:
- match: Host(`droneci.khongisa.co.za`)
kind: Rule
services:
- name: drone-server
port: 80
kubernetes-templates/filebrowser.yml
+18 -6
View File
@@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:
@@ -10,7 +11,6 @@ metadata:
namespace: filebrowser
type: Opaque
data:
# Value: Blackstar2@home
admin-password: QmxhY2tzdGFyMkBob21l
---
apiVersion: v1
@@ -61,11 +61,9 @@ spec:
operator: DoesNotExist
containers:
- name: filebrowser
image: filebrowser/filebrowser:v2.30.0 # Using a specific version for stability
image: filebrowser/filebrowser:v2.30.0
ports:
- containerPort: 80
# We remove 'command' and 'args' that rely on /bin/sh
# and use the native environment variables
env:
- name: FB_DATABASE
value: "/config/database.db"
@@ -94,7 +92,7 @@ metadata:
name: filebrowser-service
namespace: filebrowser
spec:
type: NodePort
type: ClusterIP
selector:
app: filebrowser
ports:
@@ -102,4 +100,18 @@ spec:
protocol: TCP
port: 80
targetPort: 80
nodePort: 33003
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: filebrowser-web
namespace: filebrowser
spec:
entryPoints:
- websecure
routes:
- match: Host(`drive.khongisa.co.za`)
kind: Rule
services:
- name: filebrowser-service
port: 80
kubernetes-templates/headlamp.yml
+17 -3
View File
@@ -1,3 +1,4 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -16,7 +17,6 @@ spec:
containers:
- name: headlamp
image: ghcr.io/headlamp-k8s/headlamp:latest
# We only use -in-cluster. No other flags allowed.
args:
- "-in-cluster"
ports:
@@ -29,11 +29,25 @@ metadata:
name: headlamp
namespace: kube-system
spec:
type: NodePort
type: ClusterIP
selector:
app.kubernetes.io/name: headlamp
ports:
- protocol: TCP
port: 80
targetPort: 4466
nodePort: 30001
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: headlamp-web
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- match: Host(`cluster.khongisa.co.za`)
kind: Rule
services:
- name: headlamp
port: 80
kubernetes-templates/mealie-recipes.yml
+17 -2
View File
@@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:
@@ -97,11 +98,25 @@ metadata:
name: mealie-service
namespace: mealie
spec:
type: NodePort
type: ClusterIP
selector:
app: mealie
ports:
- protocol: TCP
port: 80
targetPort: 9000
nodePort: 33007
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mealie-web
namespace: mealie
spec:
entryPoints:
- websecure
routes:
- match: Host(`mealie.khongisa.co.za`)
kind: Rule
services:
- name: mealie-service
port: 80
kubernetes-templates/nexus.yml
+15
View File
@@ -143,3 +143,18 @@ spec:
port: 8082
targetPort: 8082
nodePort: 31010
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nexus-web
namespace: nexus
spec:
entryPoints:
- websecure
routes:
- match: Host(`nexus.khongisa.co.za`)
kind: Rule
services:
- name: nexus-service
port: 8081
kubernetes-templates/pgadmin.yml
+16 -3
View File
@@ -101,7 +101,7 @@ metadata:
name: pgadmin-service
namespace: pgadmin
spec:
type: NodePort
type: ClusterIP
selector:
app: pgadmin
ports:
@@ -109,5 +109,18 @@ spec:
protocol: TCP
port: 80
targetPort: 80
nodePort: 32081
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: pgadmin-web
namespace: pgadmin
spec:
entryPoints:
- websecure
routes:
- match: Host(`pgadmin.khongisa.co.za`)
kind: Rule
services:
- name: pgadmin-service
port: 80
kubernetes-templates/phpmyadmin.yml
+20 -3
View File
@@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:
@@ -75,10 +76,26 @@ metadata:
name: phpmyadmin-service
namespace: phpmyadmin
spec:
type: NodePort
type: ClusterIP
selector:
app: phpmyadmin
ports:
- port: 80
- name: http
protocol: TCP
port: 80
targetPort: 80
nodePort: 33006
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: phpmyadmin-web
namespace: phpmyadmin
spec:
entryPoints:
- websecure
routes:
- match: Host(`phpmyadmin.khongisa.co.za`)
kind: Rule
services:
- name: phpmyadmin-service
port: 80
kubernetes-templates/redisinsight.yml
+4 -4
View File
@@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Namespace
metadata:
@@ -170,20 +171,19 @@ spec:
app: redisinsight
ports:
- port: 8001
targetPort: 8001 # maybe 5540
targetPort: 8001
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: redisinsight-ingress
name: redisinsight-web
namespace: redisinsight
spec:
entryPoints:
- websecure
routes:
- match: Host(`redisinsight.apps.mngoma.lab`)
- match: Host(`redisinsight.khongisa.co.za`)
kind: Rule
services:
- name: redisinsight
port: 8001
tls: {}
kubernetes-templates/searxng.yml
+7 -3
View File
@@ -38,6 +38,9 @@ spec:
value: "0.0.0.0"
- name: SEARXNG_SERVER_PORT
value: "8080"
# Ensures the application generates internal links correctly for the public URL
- name: SEARXNG_BASE_URL
value: "https://search.khongisa.co.za"
resources:
requests:
cpu: "100m"
@@ -52,7 +55,8 @@ metadata:
name: searxng-server
namespace: searxng
spec:
type: NodePort
# Internal-only service; nodePort 32080 is no longer required
type: ClusterIP
selector:
app.kubernetes.io/name: searxng-server
ports:
@@ -60,7 +64,6 @@ spec:
protocol: TCP
port: 8080
targetPort: 8080
nodePort: 32080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
@@ -71,7 +74,8 @@ spec:
entryPoints:
- websecure
routes:
- match: Host(`searxng.apps.mngoma.lab`)
# Matches the specific subdomain configured in Pangolin
- match: Host(`search.khongisa.co.za`)
kind: Rule
services:
- name: searxng-server
kubernetes-templates/semaphoreui.yml
+17 -5
View File
@@ -58,7 +58,7 @@ data:
admin-password: QmxhY2tzdGFyMkBob21l
access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE=
id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K
id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4K
id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXpkeEBkYXJrc3VuCg==
---
apiVersion: v1
kind: ConfigMap
@@ -109,8 +109,6 @@ spec:
initContainers:
- name: fix-ssh-permissions
image: busybox:latest
# We ensure the directory exists and has 700.
# We don't touch the files yet because they are mounted by the main container.
command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chmod 700 /home/semaphore/.ssh"]
volumeMounts:
- name: semaphore-persistent-storage
@@ -188,7 +186,7 @@ metadata:
name: semaphore-service
namespace: semaphore
spec:
type: NodePort
type: ClusterIP
selector:
app: semaphore
ports:
@@ -196,4 +194,18 @@ spec:
protocol: TCP
port: 3000
targetPort: 3000
nodePort: 31011
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: semaphore-web
namespace: semaphore
spec:
entryPoints:
- websecure
routes:
- match: Host(`semaphore.khongisa.co.za`)
kind: Rule
services:
- name: semaphore-service
port: 3000
kubernetes-templates/traefik-dashboard.yml
+18 -3
View File
@@ -1,10 +1,11 @@
---
apiVersion: v1
kind: Service
metadata:
name: traefik-dashboard-nodeport
name: traefik-dashboard
namespace: kube-system
spec:
type: NodePort
type: ClusterIP
selector:
app.kubernetes.io/name: traefik
ports:
@@ -12,4 +13,18 @@ spec:
protocol: TCP
port: 8080
targetPort: 8080
nodePort: 30000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard-web
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- match: Host(`traefik.khongisa.co.za`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
kubernetes-templates/vaultwarden.yml
+16 -2
View File
@@ -112,7 +112,7 @@ metadata:
name: vaultwarden-service
namespace: vaultwarden
spec:
type: NodePort
type: ClusterIP
selector:
app: vaultwarden
ports:
@@ -120,4 +120,18 @@ spec:
protocol: TCP
port: 80
targetPort: 80
nodePort: 32085
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: vaultwarden-web
namespace: vaultwarden
spec:
entryPoints:
- websecure
routes:
- match: Host(`vault.khongisa.co.za`)
kind: Rule
services:
- name: vaultwarden-service
port: 80
kubernetes-templates/vscode.yml
+47 -5
View File
@@ -119,7 +119,7 @@ metadata:
name: vscode-service
namespace: vscode
spec:
type: NodePort
type: ClusterIP
selector:
app: vscode
ports:
@@ -127,7 +127,6 @@ spec:
protocol: TCP
port: 8080
targetPort: 8080
nodePort: 33000
---
apiVersion: v1
kind: Service
@@ -135,7 +134,7 @@ metadata:
name: vscode-dev-service
namespace: vscode
spec:
type: NodePort
type: ClusterIP
selector:
app: vscode
ports:
@@ -143,9 +142,52 @@ spec:
protocol: TCP
port: 3000
targetPort: 3000
nodePort: 33001
- name: dotnet-dev
protocol: TCP
port: 5000
targetPort: 5000
nodePort: 33002
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: vscode-web
namespace: vscode
spec:
entryPoints:
- websecure
routes:
- match: Host(`code.khongisa.co.za`)
kind: Rule
services:
- name: vscode-service
port: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: vscode-node-uat
namespace: vscode
spec:
entryPoints:
- websecure
routes:
- match: Host(`node.uat.khongisa.co.za`)
kind: Rule
services:
- name: vscode-dev-service
port: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: vscode-dotnet-uat
namespace: vscode
spec:
entryPoints:
- websecure
routes:
- match: Host(`dotnet.uat.khongisa.co.za`)
kind: Rule
services:
- name: vscode-dev-service
port: 5000
kubernetes-templates/whoami.yml
+16 -2
View File
@@ -45,7 +45,7 @@ metadata:
name: whoami
namespace: whoami
spec:
type: NodePort
type: ClusterIP
selector:
app: whoami
ports:
@@ -53,4 +53,18 @@ spec:
protocol: TCP
port: 80
targetPort: 80
nodePort: 31002
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: whoami-web
namespace: whoami
spec:
entryPoints:
- websecure
routes:
- match: Host(`whoami.khongisa.co.za`)
kind: Rule
services:
- name: whoami
port: 80