k3s-cluster/ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: rogicasa-ingress
  namespace: default
  annotations:
    # Use Traefik as the ingress controller (default in k3s)
    kubernetes.io/ingress.class: "traefik"
    # Enable SSL redirect
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    # Optional: enable compression
    traefik.ingress.kubernetes.io/compress: "true"
    cert-manager.io/issuer: prod-issuer
    cert-manager.io/issuer-kind: OriginIssuer
    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
spec:
  tls:
    - hosts:
      - "*.rogi.casa"
      secretName: rogicasa-tls
  rules:
  - host: glance.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: glance-service
              port:
                number: 80
  - host: pihole.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: pihole-web
              port:
                number: 80
  - host: litellm.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: litellm-service
              port:
                number: 80
  - host: openai.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: open-webui-service
              port:
                number: 80
  - host: gym.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: gym-tracker
              port:
                number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: gitea-ingress
  namespace: gitea
  annotations:
    # Use Traefik as the ingress controller (default in k3s)
    kubernetes.io/ingress.class: "traefik"
    # Enable SSL redirect
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    # Optional: enable compression
    traefik.ingress.kubernetes.io/compress: "true"
    cert-manager.io/issuer: prod-issuer
    cert-manager.io/issuer-kind: OriginIssuer
    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
spec:
  tls:
    - hosts:
      - "*.rogi.casa"
      secretName: rogicasa-tls
  rules:
  - host: gitea.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: gitea
              port:
                number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: monitoring-ingress
  namespace: monitoring
  annotations:
    # Use Traefik as the ingress controller (default in k3s)
    kubernetes.io/ingress.class: "traefik"
    # Enable SSL redirect
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    # Optional: enable compression
    traefik.ingress.kubernetes.io/compress: "true"
    cert-manager.io/issuer: prod-issuer
    cert-manager.io/issuer-kind: OriginIssuer
    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
spec:
  tls:
    - hosts:
      - "*.rogi.casa"
      secretName: rogicasa-tls
  rules:
  - host: grafana.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: grafana
              port:
                number: 80
  - host: prometheus.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: prometheus-k8s
              port:
                number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: vaultwarden-ingress
  namespace: vaultwarden
  annotations:
    # Use Traefik as the ingress controller (default in k3s)
    kubernetes.io/ingress.class: "traefik"
    # Enable SSL redirect
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    # Optional: enable compression
    traefik.ingress.kubernetes.io/compress: "true"
    cert-manager.io/issuer: prod-issuer
    cert-manager.io/issuer-kind: OriginIssuer
    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
spec:
  tls:
    - hosts:
      - "*.rogi.casa"
      secretName: rogicasa-tls
  rules:
  - host: vaultwarden.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: vaultwarden
              port:
                number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: homeassistant-ingress
  namespace: home-assistant
  annotations:
    # Use Traefik as the ingress controller (default in k3s)
    kubernetes.io/ingress.class: "traefik"
    # Enable SSL redirect
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    # Optional: enable compression
    traefik.ingress.kubernetes.io/compress: "true"
    cert-manager.io/issuer: prod-issuer
    cert-manager.io/issuer-kind: OriginIssuer
    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
spec:
  tls:
    - hosts:
      - "*.rogi.casa"
      secretName: rogicasa-tls
  rules:
  - host: homeassistant.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: home-assistant
              port:
                number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: minecraft-ingress
  namespace: minecraft
  annotations:
    # Use Traefik as the ingress controller (default in k3s)
    kubernetes.io/ingress.class: "traefik"
    # Enable SSL redirect
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    # Optional: enable compression
    traefik.ingress.kubernetes.io/compress: "true"
    cert-manager.io/issuer: prod-issuer
    cert-manager.io/issuer-kind: OriginIssuer
    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
spec:
  tls:
    - hosts:
      - "*.rogi.casa"
      secretName: rogicasa-tls
  rules:
  - host: minecraft.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: minecraft-server
              port:
                number: 25565
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-ingress
  namespace: argocd
  annotations:
    # Use Traefik as the ingress controller (default in k3s)
    kubernetes.io/ingress.class: "traefik"
    # Enable SSL redirect
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    # Optional: enable compression
    traefik.ingress.kubernetes.io/compress: "true"
    cert-manager.io/issuer: prod-issuer
    cert-manager.io/issuer-kind: OriginIssuer
    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
spec:
  tls:
    - hosts:
      - "*.rogi.casa"
      secretName: rogicasa-tls
  rules:
  - host: argocd.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: argocd-server
              port:
                number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nas-ingress
  namespace: default
  annotations:
    # Use Traefik as the ingress controller (default in k3s)
    kubernetes.io/ingress.class: "traefik"
    # Enable SSL redirect
    traefik.ingress.kubernetes.io/redirect-entry-point: https
    # Optional: enable compression
    traefik.ingress.kubernetes.io/compress: "true"
    # Allow large file uploads (5GB) for NAS
    traefik.ingress.kubernetes.io/max-request-body-bytes: "5368709120"
    cert-manager.io/issuer: prod-issuer
    cert-manager.io/issuer-kind: OriginIssuer
    cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com
spec:
  tls:
    - hosts:
      - "*.rogi.casa"
      secretName: rogicasa-tls
  rules:
  - host: nas.rogi.casa
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: external-ip
              port:
                number: 80
initialize repository with glance, litellm, openwebui, nas and pihole services 2025-08-01 11:11:46 +02:00			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: rogicasa-ingress`
init cluster 2025-11-02 18:13:46 +01:00			`namespace: default`
initialize repository with glance, litellm, openwebui, nas and pihole services 2025-08-01 11:11:46 +02:00			`annotations:`
			`# Use Traefik as the ingress controller (default in k3s)`
			`kubernetes.io/ingress.class: "traefik"`
			`# Enable SSL redirect`
			`traefik.ingress.kubernetes.io/redirect-entry-point: https`
			`# Optional: enable compression`
			`traefik.ingress.kubernetes.io/compress: "true"`
			`cert-manager.io/issuer: prod-issuer`
			`cert-manager.io/issuer-kind: OriginIssuer`
			`cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com`
			`spec:`
			`tls:`
			`- hosts:`
			`- "*.rogi.casa"`
			`secretName: rogicasa-tls`
			`rules:`
			`- host: glance.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: glance-service`
			`port:`
			`number: 80`
			`- host: pihole.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: pihole-web`
			`port:`
			`number: 80`
			`- host: litellm.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: litellm-service`
			`port:`
			`number: 80`
			`- host: openai.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: open-webui-service`
			`port:`
			`number: 80`
init cluster 2025-11-02 18:13:46 +01:00			`- host: gym.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: gym-tracker`
			`port:`
			`number: 80`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: gitea-ingress`
			`namespace: gitea`
			`annotations:`
			`# Use Traefik as the ingress controller (default in k3s)`
			`kubernetes.io/ingress.class: "traefik"`
			`# Enable SSL redirect`
			`traefik.ingress.kubernetes.io/redirect-entry-point: https`
			`# Optional: enable compression`
			`traefik.ingress.kubernetes.io/compress: "true"`
			`cert-manager.io/issuer: prod-issuer`
			`cert-manager.io/issuer-kind: OriginIssuer`
			`cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com`
			`spec:`
			`tls:`
			`- hosts:`
			`- "*.rogi.casa"`
			`secretName: rogicasa-tls`
			`rules:`
			`- host: gitea.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: gitea`
			`port:`
			`number: 80`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: monitoring-ingress`
			`namespace: monitoring`
			`annotations:`
			`# Use Traefik as the ingress controller (default in k3s)`
			`kubernetes.io/ingress.class: "traefik"`
			`# Enable SSL redirect`
			`traefik.ingress.kubernetes.io/redirect-entry-point: https`
			`# Optional: enable compression`
			`traefik.ingress.kubernetes.io/compress: "true"`
			`cert-manager.io/issuer: prod-issuer`
			`cert-manager.io/issuer-kind: OriginIssuer`
			`cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com`
			`spec:`
			`tls:`
			`- hosts:`
			`- "*.rogi.casa"`
			`secretName: rogicasa-tls`
			`rules:`
			`- host: grafana.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: grafana`
			`port:`
			`number: 80`
			`- host: prometheus.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: prometheus-k8s`
			`port:`
			`number: 80`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: vaultwarden-ingress`
			`namespace: vaultwarden`
			`annotations:`
			`# Use Traefik as the ingress controller (default in k3s)`
			`kubernetes.io/ingress.class: "traefik"`
			`# Enable SSL redirect`
			`traefik.ingress.kubernetes.io/redirect-entry-point: https`
			`# Optional: enable compression`
			`traefik.ingress.kubernetes.io/compress: "true"`
			`cert-manager.io/issuer: prod-issuer`
			`cert-manager.io/issuer-kind: OriginIssuer`
			`cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com`
			`spec:`
			`tls:`
			`- hosts:`
			`- "*.rogi.casa"`
			`secretName: rogicasa-tls`
			`rules:`
			`- host: vaultwarden.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: vaultwarden`
			`port:`
			`number: 80`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: homeassistant-ingress`
			`namespace: home-assistant`
			`annotations:`
			`# Use Traefik as the ingress controller (default in k3s)`
			`kubernetes.io/ingress.class: "traefik"`
			`# Enable SSL redirect`
			`traefik.ingress.kubernetes.io/redirect-entry-point: https`
			`# Optional: enable compression`
			`traefik.ingress.kubernetes.io/compress: "true"`
			`cert-manager.io/issuer: prod-issuer`
			`cert-manager.io/issuer-kind: OriginIssuer`
			`cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com`
			`spec:`
			`tls:`
			`- hosts:`
			`- "*.rogi.casa"`
			`secretName: rogicasa-tls`
			`rules:`
			`- host: homeassistant.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: home-assistant`
			`port:`
			`number: 80`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: minecraft-ingress`
			`namespace: minecraft`
			`annotations:`
			`# Use Traefik as the ingress controller (default in k3s)`
			`kubernetes.io/ingress.class: "traefik"`
			`# Enable SSL redirect`
			`traefik.ingress.kubernetes.io/redirect-entry-point: https`
			`# Optional: enable compression`
			`traefik.ingress.kubernetes.io/compress: "true"`
			`cert-manager.io/issuer: prod-issuer`
			`cert-manager.io/issuer-kind: OriginIssuer`
			`cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com`
			`spec:`
			`tls:`
			`- hosts:`
			`- "*.rogi.casa"`
			`secretName: rogicasa-tls`
			`rules:`
			`- host: minecraft.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: minecraft-server`
			`port:`
			`number: 25565`
update manifests 2026-01-23 21:10:40 +01:00			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: argocd-ingress`
			`namespace: argocd`
			`annotations:`
			`# Use Traefik as the ingress controller (default in k3s)`
			`kubernetes.io/ingress.class: "traefik"`
			`# Enable SSL redirect`
			`traefik.ingress.kubernetes.io/redirect-entry-point: https`
			`# Optional: enable compression`
			`traefik.ingress.kubernetes.io/compress: "true"`
			`cert-manager.io/issuer: prod-issuer`
			`cert-manager.io/issuer-kind: OriginIssuer`
			`cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com`
			`spec:`
			`tls:`
			`- hosts:`
			`- "*.rogi.casa"`
			`secretName: rogicasa-tls`
			`rules:`
			`- host: argocd.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: argocd-server`
			`port:`
			`number: 80`
change traefik file size limit to 5gb for nas.rogi.casa 2026-03-10 19:59:54 +01:00			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: nas-ingress`
			`namespace: default`
			`annotations:`
			`# Use Traefik as the ingress controller (default in k3s)`
			`kubernetes.io/ingress.class: "traefik"`
			`# Enable SSL redirect`
			`traefik.ingress.kubernetes.io/redirect-entry-point: https`
			`# Optional: enable compression`
			`traefik.ingress.kubernetes.io/compress: "true"`
			`# Allow large file uploads (5GB) for NAS`
			`traefik.ingress.kubernetes.io/max-request-body-bytes: "5368709120"`
			`cert-manager.io/issuer: prod-issuer`
			`cert-manager.io/issuer-kind: OriginIssuer`
			`cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com`
			`spec:`
			`tls:`
			`- hosts:`
			`- "*.rogi.casa"`
			`secretName: rogicasa-tls`
			`rules:`
			`- host: nas.rogi.casa`
			`http:`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: external-ip`
			`port:`
			`number: 80`