From 153cf16194e5b4199d8991de3507e7a2633ae3ee Mon Sep 17 00:00:00 2001 From: Roger Oriol Date: Tue, 23 Jun 2026 00:26:29 +0200 Subject: [PATCH] refactor ingresses --- README.md | 64 ++-- gitea/{gitea-ingress.yaml => ingress.yaml} | 5 +- glance/config-map.yaml | 1 + glance/glance.yaml | 8 +- glance/ingress.yaml | 24 ++ gym-tracker/deployment.yaml | 8 + gym-tracker/ingress.yaml | 24 ++ homeassistant/ingress.yaml | 24 ++ ingress.yaml | 307 ------------------ litellm/ingress.yaml | 24 ++ litellm/litellm.yaml | 9 +- litellm/postgres.yaml | 3 + minecraft-server/ingress.yaml | 24 ++ monitoring/ingress.yaml | 35 ++ myorg-assistant/configmap.yaml | 2 +- .../cronjobs/deadline-checker.yaml | 2 +- myorg-assistant/cronjobs/evening-summary.yaml | 2 +- myorg-assistant/cronjobs/git-sync.yaml | 2 +- .../cronjobs/morning-briefing.yaml | 2 +- .../cronjobs/waiting-followup.yaml | 2 +- myorg-assistant/deployment.yaml | 7 +- myorg-assistant/ingress.yaml | 2 +- myorg-assistant/pvc.yaml | 2 +- myorg-assistant/service.yaml | 2 +- nas.yaml | 45 --- nas/ingress.yaml | 26 ++ nas/nas.yaml | 31 ++ openwebui/ingress.yaml | 24 ++ openwebui/openwebui.yaml | 8 + qbittorrent/ingress.yaml | 1 + qbittorrent/qbittorrent.yaml | 9 + vaultwarden/ingress.yaml | 24 ++ 32 files changed, 367 insertions(+), 386 deletions(-) rename gitea/{gitea-ingress.yaml => ingress.yaml} (86%) create mode 100644 glance/ingress.yaml create mode 100644 gym-tracker/ingress.yaml create mode 100644 homeassistant/ingress.yaml delete mode 100644 ingress.yaml create mode 100644 litellm/ingress.yaml create mode 100644 minecraft-server/ingress.yaml create mode 100644 monitoring/ingress.yaml delete mode 100644 nas.yaml create mode 100644 nas/ingress.yaml create mode 100644 nas/nas.yaml create mode 100644 openwebui/ingress.yaml create mode 100644 vaultwarden/ingress.yaml diff --git a/README.md b/README.md index ca06c6e..fcc3412 100644 --- a/README.md +++ b/README.md @@ -25,18 +25,20 @@ Aquest clúster K3s gestiona els següents serveis: ``` . ├── README.md # Aquest fitxer -├── ingress.yaml # Configuració d'Ingress principal (Traefik) -├── nas.yaml # Servei extern per al NAS ├── / # Cada aplicació té el seu directori │ ├── deployment.yaml # Definició del Deployment -│ ├── service.yaml # Definició del Service -│ ├── ingress.yaml # Configuració d'Ingress (opcional) +│ ├── service.yaml # Definició del Service +│ ├── ingress.yaml # Configuració d'Ingress de l'aplicació │ ├── namespace.yaml # Namespace dedicat (opcional) -│ ├── configmap.yaml # ConfigMaps (opcional) +│ ├── configmap.yaml # ConfigMaps (opcional) │ └── pvc.yaml # PersistentVolumeClaims (opcional) -└── monitoring/ # Stack de monitorització complet +└── nas/ # Servei extern per al NAS + ├── nas.yaml # Service i Endpoints externs + └── ingress.yaml # Ingress del NAS ``` +> **Nota**: Cada aplicació té el seu propi `ingress.yaml` dins del seu directori. Ja no hi ha cap `ingress.yaml` centralitzat a l'arrel. + ## 🚀 Desplegament ### Prerequisits @@ -66,9 +68,8 @@ for dir in */; do kubectl apply -f "$dir" done -# O aplicar recursos globals primer -kubectl apply -f ingress.yaml -kubectl apply -f nas.yaml +# O aplicar recursos globals primer (opcional) +kubectl apply -f nas/ ``` ### Eliminar una Aplicació @@ -83,18 +84,43 @@ kubectl delete -f /.yaml ## 🌐 Ingress i Networking -### Configuració d'Ingress Principal +### Configuració d'Ingress per Aplicació -El fitxer [ingress.yaml](ingress.yaml) conté la configuració centralitzada d'Ingress utilitzant **Traefik** (controlador per defecte de K3s). Característiques: +Cada aplicació té el seu propi fitxer `ingress.yaml` dins del seu directori, seguint el model de [pihole/ingress.yaml](pihole/ingress.yaml). Característiques: -- **TLS/SSL**: Certificats wildcard `*.rogi.casa` gestionats per cert-manager -- **Cloudflare Origin Issuer**: Utilitzat per generar certificats -- **Redirect HTTPS**: Redireccions automàtiques de HTTP a HTTPS -- **Compressió**: Habilitada per defecte +- **Traefik**: Controlador per defecte de K3s (`ingressClassName: traefik`) +- **TLS/SSL**: Certificats per host gestionats per cert-manager amb el cluster-issuer `letsencrypt-prod` +- **Secret per aplicació**: Cada ingress té el seu propi `-tls` +- **Namespace dedicat**: Cada ingress pertany al namespace de la seva aplicació -### Aplicacions amb Ingress Dedicat +Exemple (`pihole/ingress.yaml`): -Algunes aplicacions tenen el seu propi fitxer `ingress.yaml` dins del seu directori per a configuracions específiques. +```yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: pihole + namespace: pihole + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - pihole.rogi.casa + secretName: pihole-tls + rules: + - host: pihole.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pihole-web + port: + number: 80 +``` ## 💾 Persistència de Dades @@ -218,7 +244,7 @@ kubectl get pv ## 📝 Bones Pràctiques -1. **Namespaces**: Les aplicacions complexes utilitzen namespaces dedicats (n8n, monitoring, phoenix) +1. **Namespaces**: Totes les aplicacions tenen un namespace dedicat; cap queda al namespace `default` 2. **Labels**: Tots els recursos utilitzen labels consistents per facilitar la gestió 3. **Resources Limits**: Configura limits de CPU/memòria per evitar overconsumption 4. **Health Checks**: Implementa liveness i readiness probes quan sigui possible @@ -245,7 +271,7 @@ kubectl rollout undo deployment/ -n ## 🌟 Serveis Externs ### NAS -El fitxer [nas.yaml](nas.yaml) configura un servei extern que apunta al NAS local (10.88.88.238:5000) sense desplegar pods dins del clúster. +El fitxer [nas/nas.yaml](nas/nas.yaml) configura un servei extern que apunta al NAS local (10.88.88.238:5000) sense desplegar pods dins del clúster. L'Ingress corresponent és a [nas/ingress.yaml](nas/ingress.yaml). ## 📚 Recursos Addicionals diff --git a/gitea/gitea-ingress.yaml b/gitea/ingress.yaml similarity index 86% rename from gitea/gitea-ingress.yaml rename to gitea/ingress.yaml index e940f88..a98727f 100644 --- a/gitea/gitea-ingress.yaml +++ b/gitea/ingress.yaml @@ -1,4 +1,3 @@ -# gitea-ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -10,10 +9,10 @@ spec: ingressClassName: traefik tls: - hosts: - - git.rogi.casa + - gitea.rogi.casa secretName: gitea-tls rules: - - host: git.rogi.casa + - host: gitea.rogi.casa http: paths: - path: / diff --git a/glance/config-map.yaml b/glance/config-map.yaml index 8559ce1..43b88da 100644 --- a/glance/config-map.yaml +++ b/glance/config-map.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: glance-config + namespace: glance data: glance.yml: | pages: diff --git a/glance/glance.yaml b/glance/glance.yaml index d3c756d..81cdeab 100644 --- a/glance/glance.yaml +++ b/glance/glance.yaml @@ -1,7 +1,13 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: glance +--- apiVersion: apps/v1 kind: Deployment metadata: name: glance + namespace: glance spec: replicas: 1 selector: @@ -29,7 +35,7 @@ apiVersion: v1 kind: Service metadata: name: glance-service - namespace: default + namespace: glance spec: type: ClusterIP selector: diff --git a/glance/ingress.yaml b/glance/ingress.yaml new file mode 100644 index 0000000..dd71903 --- /dev/null +++ b/glance/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: glance + namespace: glance + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - glance.rogi.casa + secretName: glance-tls + rules: + - host: glance.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: glance-service + port: + number: 80 diff --git a/gym-tracker/deployment.yaml b/gym-tracker/deployment.yaml index a9f9c25..cc633db 100644 --- a/gym-tracker/deployment.yaml +++ b/gym-tracker/deployment.yaml @@ -1,7 +1,13 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: gym-tracker +--- apiVersion: apps/v1 kind: Deployment metadata: name: gym-tracker + namespace: gym-tracker labels: app: gym-tracker spec: @@ -67,6 +73,7 @@ apiVersion: v1 kind: Service metadata: name: gym-tracker + namespace: gym-tracker labels: app: gym-tracker spec: @@ -87,6 +94,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: gym-tracker-data + namespace: gym-tracker labels: app: gym-tracker spec: diff --git a/gym-tracker/ingress.yaml b/gym-tracker/ingress.yaml new file mode 100644 index 0000000..52de08a --- /dev/null +++ b/gym-tracker/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gym-tracker + namespace: gym-tracker + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - gym.rogi.casa + secretName: gym-tracker-tls + rules: + - host: gym.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gym-tracker + port: + number: 80 diff --git a/homeassistant/ingress.yaml b/homeassistant/ingress.yaml new file mode 100644 index 0000000..88cc4f7 --- /dev/null +++ b/homeassistant/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: homeassistant + namespace: home-assistant + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - homeassistant.rogi.casa + secretName: homeassistant-tls + rules: + - host: homeassistant.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: home-assistant + port: + number: 80 diff --git a/ingress.yaml b/ingress.yaml deleted file mode 100644 index 1d6d4a4..0000000 --- a/ingress.yaml +++ /dev/null @@ -1,307 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: rogicasa-ingress - namespace: default - annotations: - # Use Traefik as the ingress controller (default in k3s) - kubernetes.io/ingress.class: "traefik" - # Enable SSL redirect - traefik.ingress.kubernetes.io/redirect-entry-point: https - # Optional: enable compression - traefik.ingress.kubernetes.io/compress: "true" - cert-manager.io/issuer: prod-issuer - cert-manager.io/issuer-kind: OriginIssuer - cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com -spec: - tls: - - hosts: - - "*.rogi.casa" - secretName: rogicasa-tls - rules: - - host: glance.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: glance-service - port: - number: 80 - - host: pihole.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: pihole-web - port: - number: 80 - - host: litellm.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: litellm-service - port: - number: 80 - - host: openai.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: open-webui-service - port: - number: 80 - - host: gym.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: gym-tracker - port: - number: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: gitea-ingress - namespace: gitea - annotations: - # Use Traefik as the ingress controller (default in k3s) - kubernetes.io/ingress.class: "traefik" - # Enable SSL redirect - traefik.ingress.kubernetes.io/redirect-entry-point: https - # Optional: enable compression - traefik.ingress.kubernetes.io/compress: "true" - cert-manager.io/issuer: prod-issuer - cert-manager.io/issuer-kind: OriginIssuer - cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com -spec: - tls: - - hosts: - - "*.rogi.casa" - secretName: rogicasa-tls - rules: - - host: gitea.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: gitea - port: - number: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: monitoring-ingress - namespace: monitoring - annotations: - # Use Traefik as the ingress controller (default in k3s) - kubernetes.io/ingress.class: "traefik" - # Enable SSL redirect - traefik.ingress.kubernetes.io/redirect-entry-point: https - # Optional: enable compression - traefik.ingress.kubernetes.io/compress: "true" - cert-manager.io/issuer: prod-issuer - cert-manager.io/issuer-kind: OriginIssuer - cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com -spec: - tls: - - hosts: - - "*.rogi.casa" - secretName: rogicasa-tls - rules: - - host: grafana.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: grafana - port: - number: 80 - - host: prometheus.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: prometheus-k8s - port: - number: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: vaultwarden-ingress - namespace: vaultwarden - annotations: - # Use Traefik as the ingress controller (default in k3s) - kubernetes.io/ingress.class: "traefik" - # Enable SSL redirect - traefik.ingress.kubernetes.io/redirect-entry-point: https - # Optional: enable compression - traefik.ingress.kubernetes.io/compress: "true" - cert-manager.io/issuer: prod-issuer - cert-manager.io/issuer-kind: OriginIssuer - cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com -spec: - tls: - - hosts: - - "*.rogi.casa" - secretName: rogicasa-tls - rules: - - host: vaultwarden.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: vaultwarden - port: - number: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: homeassistant-ingress - namespace: home-assistant - annotations: - # Use Traefik as the ingress controller (default in k3s) - kubernetes.io/ingress.class: "traefik" - # Enable SSL redirect - traefik.ingress.kubernetes.io/redirect-entry-point: https - # Optional: enable compression - traefik.ingress.kubernetes.io/compress: "true" - cert-manager.io/issuer: prod-issuer - cert-manager.io/issuer-kind: OriginIssuer - cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com -spec: - tls: - - hosts: - - "*.rogi.casa" - secretName: rogicasa-tls - rules: - - host: homeassistant.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: home-assistant - port: - number: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: minecraft-ingress - namespace: minecraft - annotations: - # Use Traefik as the ingress controller (default in k3s) - kubernetes.io/ingress.class: "traefik" - # Enable SSL redirect - traefik.ingress.kubernetes.io/redirect-entry-point: https - # Optional: enable compression - traefik.ingress.kubernetes.io/compress: "true" - cert-manager.io/issuer: prod-issuer - cert-manager.io/issuer-kind: OriginIssuer - cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com -spec: - tls: - - hosts: - - "*.rogi.casa" - secretName: rogicasa-tls - rules: - - host: minecraft.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: minecraft-server - port: - number: 25565 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: argocd-ingress - namespace: argocd - annotations: - # Use Traefik as the ingress controller (default in k3s) - kubernetes.io/ingress.class: "traefik" - # Enable SSL redirect - traefik.ingress.kubernetes.io/redirect-entry-point: https - # Optional: enable compression - traefik.ingress.kubernetes.io/compress: "true" - cert-manager.io/issuer: prod-issuer - cert-manager.io/issuer-kind: OriginIssuer - cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com -spec: - tls: - - hosts: - - "*.rogi.casa" - secretName: rogicasa-tls - rules: - - host: argocd.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: argocd-server - port: - number: 80 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: nas-ingress - namespace: default - annotations: - # Use Traefik as the ingress controller (default in k3s) - kubernetes.io/ingress.class: "traefik" - # Enable SSL redirect - traefik.ingress.kubernetes.io/redirect-entry-point: https - # Optional: enable compression - traefik.ingress.kubernetes.io/compress: "true" - # Allow large file uploads (5GB) for NAS - traefik.ingress.kubernetes.io/max-request-body-bytes: "5368709120" - cert-manager.io/issuer: prod-issuer - cert-manager.io/issuer-kind: OriginIssuer - cert-manager.io/issuer-group: cert-manager.k8s.cloudflare.com -spec: - tls: - - hosts: - - "*.rogi.casa" - secretName: rogicasa-tls - rules: - - host: nas.rogi.casa - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: external-ip - port: - number: 80 diff --git a/litellm/ingress.yaml b/litellm/ingress.yaml new file mode 100644 index 0000000..a9b965b --- /dev/null +++ b/litellm/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: litellm + namespace: litellm + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - litellm.rogi.casa + secretName: litellm-tls + rules: + - host: litellm.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: litellm-service + port: + number: 80 diff --git a/litellm/litellm.yaml b/litellm/litellm.yaml index 153dd3e..a814a29 100644 --- a/litellm/litellm.yaml +++ b/litellm/litellm.yaml @@ -1,7 +1,13 @@ apiVersion: v1 +kind: Namespace +metadata: + name: litellm +--- +apiVersion: v1 kind: ConfigMap metadata: name: litellm-config-file + namespace: litellm data: config.yaml: | model_list: @@ -50,6 +56,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: litellm-deployment + namespace: litellm labels: app: litellm spec: @@ -88,7 +95,7 @@ apiVersion: v1 kind: Service metadata: name: litellm-service - namespace: default + namespace: litellm spec: type: ClusterIP selector: diff --git a/litellm/postgres.yaml b/litellm/postgres.yaml index c56c332..d2dc6b2 100644 --- a/litellm/postgres.yaml +++ b/litellm/postgres.yaml @@ -18,6 +18,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: postgres-volume-claim + namespace: litellm labels: app: postgres spec: @@ -32,6 +33,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: postgres + namespace: litellm spec: replicas: 1 selector: @@ -63,6 +65,7 @@ apiVersion: v1 kind: Service metadata: name: postgres + namespace: litellm labels: app: postgres spec: diff --git a/minecraft-server/ingress.yaml b/minecraft-server/ingress.yaml new file mode 100644 index 0000000..786d52e --- /dev/null +++ b/minecraft-server/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: minecraft + namespace: minecraft + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - minecraft.rogi.casa + secretName: minecraft-tls + rules: + - host: minecraft.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: minecraft-server + port: + number: 25565 diff --git a/monitoring/ingress.yaml b/monitoring/ingress.yaml new file mode 100644 index 0000000..03f3b76 --- /dev/null +++ b/monitoring/ingress.yaml @@ -0,0 +1,35 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: monitoring + namespace: monitoring + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - grafana.rogi.casa + - prometheus.rogi.casa + secretName: monitoring-tls + rules: + - host: grafana.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: grafana + port: + number: 80 + - host: prometheus.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prometheus-k8s + port: + number: 80 diff --git a/myorg-assistant/configmap.yaml b/myorg-assistant/configmap.yaml index be4182a..f72d0de 100644 --- a/myorg-assistant/configmap.yaml +++ b/myorg-assistant/configmap.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: myorg-assistant-config - namespace: default + namespace: myorg-assistant data: # LiteLLM Configuration LITELLM_ENDPOINT: "http://litellm-service.default.svc.cluster.local:4000" diff --git a/myorg-assistant/cronjobs/deadline-checker.yaml b/myorg-assistant/cronjobs/deadline-checker.yaml index 74d43c4..d6e0c2a 100644 --- a/myorg-assistant/cronjobs/deadline-checker.yaml +++ b/myorg-assistant/cronjobs/deadline-checker.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: myorg-deadline-checker - namespace: default + namespace: myorg-assistant labels: app: myorg-assistant job: deadline-checker diff --git a/myorg-assistant/cronjobs/evening-summary.yaml b/myorg-assistant/cronjobs/evening-summary.yaml index 6eaef63..f4e35d5 100644 --- a/myorg-assistant/cronjobs/evening-summary.yaml +++ b/myorg-assistant/cronjobs/evening-summary.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: myorg-evening-summary - namespace: default + namespace: myorg-assistant labels: app: myorg-assistant job: evening-summary diff --git a/myorg-assistant/cronjobs/git-sync.yaml b/myorg-assistant/cronjobs/git-sync.yaml index 5ea7318..45d42ea 100644 --- a/myorg-assistant/cronjobs/git-sync.yaml +++ b/myorg-assistant/cronjobs/git-sync.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: myorg-git-sync - namespace: default + namespace: myorg-assistant labels: app: myorg-assistant job: git-sync diff --git a/myorg-assistant/cronjobs/morning-briefing.yaml b/myorg-assistant/cronjobs/morning-briefing.yaml index 7f1576b..b73bb9a 100644 --- a/myorg-assistant/cronjobs/morning-briefing.yaml +++ b/myorg-assistant/cronjobs/morning-briefing.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: myorg-morning-briefing - namespace: default + namespace: myorg-assistant labels: app: myorg-assistant job: morning-briefing diff --git a/myorg-assistant/cronjobs/waiting-followup.yaml b/myorg-assistant/cronjobs/waiting-followup.yaml index a2417fa..33d70c0 100644 --- a/myorg-assistant/cronjobs/waiting-followup.yaml +++ b/myorg-assistant/cronjobs/waiting-followup.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: CronJob metadata: name: myorg-waiting-followup - namespace: default + namespace: myorg-assistant labels: app: myorg-assistant job: waiting-followup diff --git a/myorg-assistant/deployment.yaml b/myorg-assistant/deployment.yaml index e759cdc..86ab20d 100644 --- a/myorg-assistant/deployment.yaml +++ b/myorg-assistant/deployment.yaml @@ -1,8 +1,13 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: myorg-assistant +--- apiVersion: apps/v1 kind: Deployment metadata: name: myorg-assistant - namespace: default + namespace: myorg-assistant labels: app: myorg-assistant spec: diff --git a/myorg-assistant/ingress.yaml b/myorg-assistant/ingress.yaml index 672fcb5..f51b52a 100644 --- a/myorg-assistant/ingress.yaml +++ b/myorg-assistant/ingress.yaml @@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: myorg-ingress - namespace: default + namespace: myorg-assistant annotations: # Use Traefik as the ingress controller (default in k3s) kubernetes.io/ingress.class: "traefik" diff --git a/myorg-assistant/pvc.yaml b/myorg-assistant/pvc.yaml index 74c071c..5e0267a 100644 --- a/myorg-assistant/pvc.yaml +++ b/myorg-assistant/pvc.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: myorg-assistant-pvc - namespace: default + namespace: myorg-assistant spec: accessModes: - ReadWriteOnce diff --git a/myorg-assistant/service.yaml b/myorg-assistant/service.yaml index c971879..6ceeaf4 100644 --- a/myorg-assistant/service.yaml +++ b/myorg-assistant/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: myorg-assistant-service - namespace: default + namespace: myorg-assistant labels: app: myorg-assistant spec: diff --git a/nas.yaml b/nas.yaml deleted file mode 100644 index 746eb9e..0000000 --- a/nas.yaml +++ /dev/null @@ -1,45 +0,0 @@ -#apiVersion: networking.k8s.io/v1 -#kind: Ingress -#metadata: -# name: nas-redirect -# annotations: -# nginx.ingress.kubernetes.io/permanent-redirect: "http://10.88.88.238:5000" -#spec: -# rules: -# - host: nas.rogi.casa -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: dummy-service -# port: -# number: 80 -apiVersion: v1 -kind: Service -metadata: - name: external-ip -spec: - ports: - - name: app - port: 80 - protocol: TCP - targetPort: 5000 - clusterIP: None - type: ClusterIP ---- -apiVersion: v1 -kind: Endpoints -metadata: - name: external-ip -subsets: -- addresses: - - ip: 10.88.88.238 - ports: - - name: app - port: 5000 - protocol: TCP - - - diff --git a/nas/ingress.yaml b/nas/ingress.yaml new file mode 100644 index 0000000..206c2a3 --- /dev/null +++ b/nas/ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nas + namespace: nas + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + # Allow large file uploads (5GB) for NAS + traefik.ingress.kubernetes.io/max-request-body-bytes: "5368709120" +spec: + ingressClassName: traefik + tls: + - hosts: + - nas.rogi.casa + secretName: nas-tls + rules: + - host: nas.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: external-ip + port: + number: 80 diff --git a/nas/nas.yaml b/nas/nas.yaml new file mode 100644 index 0000000..57c0fa0 --- /dev/null +++ b/nas/nas.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nas +--- +apiVersion: v1 +kind: Service +metadata: + name: external-ip + namespace: nas +spec: + ports: + - name: app + port: 80 + protocol: TCP + targetPort: 5000 + clusterIP: None + type: ClusterIP +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: external-ip + namespace: nas +subsets: +- addresses: + - ip: 10.88.88.238 + ports: + - name: app + port: 5000 + protocol: TCP diff --git a/openwebui/ingress.yaml b/openwebui/ingress.yaml new file mode 100644 index 0000000..d15e902 --- /dev/null +++ b/openwebui/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: openwebui + namespace: openwebui + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - openai.rogi.casa + secretName: openwebui-tls + rules: + - host: openai.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: open-webui-service + port: + number: 80 diff --git a/openwebui/openwebui.yaml b/openwebui/openwebui.yaml index 9ef2901..ef465dc 100644 --- a/openwebui/openwebui.yaml +++ b/openwebui/openwebui.yaml @@ -1,7 +1,13 @@ apiVersion: v1 +kind: Namespace +metadata: + name: openwebui +--- +apiVersion: v1 kind: PersistentVolumeClaim metadata: name: openwebui-pvc + namespace: openwebui spec: accessModes: - ReadWriteOnce @@ -15,6 +21,7 @@ metadata: labels: app: open-webui name: open-webui + namespace: openwebui spec: replicas: 1 selector: @@ -84,6 +91,7 @@ metadata: labels: app: open-webui name: open-webui-service + namespace: openwebui spec: ports: - name: http diff --git a/qbittorrent/ingress.yaml b/qbittorrent/ingress.yaml index ffd0b46..4587e43 100644 --- a/qbittorrent/ingress.yaml +++ b/qbittorrent/ingress.yaml @@ -2,6 +2,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: qbittorrent-ingress + namespace: qbittorrent annotations: kubernetes.io/ingress.class: "traefik" traefik.ingress.kubernetes.io/redirect-entry-point: https diff --git a/qbittorrent/qbittorrent.yaml b/qbittorrent/qbittorrent.yaml index c4a6c46..1b1a8ea 100644 --- a/qbittorrent/qbittorrent.yaml +++ b/qbittorrent/qbittorrent.yaml @@ -1,7 +1,13 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: qbittorrent +--- apiVersion: apps/v1 kind: Deployment metadata: name: qbittorrent + namespace: qbittorrent labels: app: qbittorrent spec: @@ -48,6 +54,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: qbittorrent-config + namespace: qbittorrent labels: app: qbittorrent spec: @@ -76,6 +83,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: qbittorrent-downloads + namespace: qbittorrent labels: app: qbittorrent spec: @@ -91,6 +99,7 @@ apiVersion: v1 kind: Service metadata: name: qbittorrent + namespace: qbittorrent labels: app: qbittorrent spec: diff --git a/vaultwarden/ingress.yaml b/vaultwarden/ingress.yaml new file mode 100644 index 0000000..fec4fc7 --- /dev/null +++ b/vaultwarden/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden + namespace: vaultwarden + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + tls: + - hosts: + - vaultwarden.rogi.casa + secretName: vaultwarden-tls + rules: + - host: vaultwarden.rogi.casa + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vaultwarden + port: + number: 80