Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 12b6b5e038 | |||
| e87f56d597 | |||
| be7a195d3e | |||
| 2c6d88aa6b | |||
| 58368948d9 | |||
| 4f5c3f7ea0 | |||
| fd87cb96b5 | |||
| d619f9195e | |||
| 1944dbbfcd | |||
| 0940cc20f8 | |||
| 20ce2b1b92 | |||
| 64dc5a0242 | |||
| 57c14d32c0 | |||
| 2df359c4a9 |
@@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: Gateway
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
traefik.io/instance: internal
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: vault-issuer
|
||||||
|
cert-manager.io/common-name: rancher.k8s.syd1.au.unkin.net
|
||||||
|
cert-manager.io/private-key-size: "4096"
|
||||||
|
external-dns.alpha.kubernetes.io/hostname: rancher.k8s.syd1.au.unkin.net
|
||||||
|
external-dns.alpha.kubernetes.io/target: "198.18.200.4"
|
||||||
|
name: rancher
|
||||||
|
namespace: cattle-system
|
||||||
|
spec:
|
||||||
|
gatewayClassName: traefik-internal
|
||||||
|
listeners:
|
||||||
|
- allowedRoutes:
|
||||||
|
namespaces:
|
||||||
|
from: Same
|
||||||
|
hostname: rancher.k8s.syd1.au.unkin.net
|
||||||
|
name: https
|
||||||
|
port: 443
|
||||||
|
protocol: HTTPS
|
||||||
|
tls:
|
||||||
|
certificateRefs:
|
||||||
|
- kind: Secret
|
||||||
|
name: rancher-tls
|
||||||
|
mode: Terminate
|
||||||
@@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: rancher
|
||||||
|
namespace: cattle-system
|
||||||
|
spec:
|
||||||
|
hostnames:
|
||||||
|
- rancher.k8s.syd1.au.unkin.net
|
||||||
|
parentRefs:
|
||||||
|
- name: rancher
|
||||||
|
sectionName: https
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: rancher
|
||||||
|
port: 80
|
||||||
|
matches:
|
||||||
|
- path:
|
||||||
|
type: PathPrefix
|
||||||
|
value: /
|
||||||
@@ -1,29 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: rancher
|
|
||||||
namespace: cattle-system
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: vault-issuer
|
|
||||||
cert-manager.io/common-name: rancher.k8s.syd1.au.unkin.net
|
|
||||||
cert-manager.io/private-key-size: "4096"
|
|
||||||
external-dns.alpha.kubernetes.io/hostname: rancher.k8s.syd1.au.unkin.net
|
|
||||||
external-dns.alpha.kubernetes.io/target: "198.18.200.0"
|
|
||||||
spec:
|
|
||||||
ingressClassName: nginx
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- rancher.k8s.syd1.au.unkin.net
|
|
||||||
secretName: rancher-tls
|
|
||||||
rules:
|
|
||||||
- host: rancher.k8s.syd1.au.unkin.net
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: rancher
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
@@ -6,4 +6,5 @@ resources:
|
|||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- vaultauth.yaml
|
- vaultauth.yaml
|
||||||
- vaultstaticsecret.yaml
|
- vaultstaticsecret.yaml
|
||||||
- ingress.yaml
|
- gateway.yaml
|
||||||
|
- httproute.yaml
|
||||||
|
|||||||
@@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: Gateway
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
traefik.io/instance: internal
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: vault-issuer
|
||||||
|
cert-manager.io/common-name: litellm.k8s.syd1.au.unkin.net
|
||||||
|
cert-manager.io/private-key-size: "4096"
|
||||||
|
external-dns.alpha.kubernetes.io/hostname: litellm.k8s.syd1.au.unkin.net
|
||||||
|
external-dns.alpha.kubernetes.io/target: 198.18.200.4
|
||||||
|
name: litellm
|
||||||
|
namespace: litellm
|
||||||
|
spec:
|
||||||
|
gatewayClassName: traefik-internal
|
||||||
|
listeners:
|
||||||
|
- allowedRoutes:
|
||||||
|
namespaces:
|
||||||
|
from: Same
|
||||||
|
hostname: litellm.k8s.syd1.au.unkin.net
|
||||||
|
name: https
|
||||||
|
port: 443
|
||||||
|
protocol: HTTPS
|
||||||
|
tls:
|
||||||
|
certificateRefs:
|
||||||
|
- kind: Secret
|
||||||
|
name: litellm-tls
|
||||||
|
mode: Terminate
|
||||||
@@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: litellm
|
||||||
|
namespace: litellm
|
||||||
|
spec:
|
||||||
|
hostnames:
|
||||||
|
- litellm.k8s.syd1.au.unkin.net
|
||||||
|
parentRefs:
|
||||||
|
- name: litellm
|
||||||
|
sectionName: https
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: litellm
|
||||||
|
port: 4000
|
||||||
|
matches:
|
||||||
|
- path:
|
||||||
|
type: PathPrefix
|
||||||
|
value: /
|
||||||
@@ -1,29 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: nginx
|
|
||||||
external-dns.alpha.kubernetes.io/hostname: litellm.k8s.syd1.au.unkin.net
|
|
||||||
external-dns.alpha.kubernetes.io/target: 198.18.200.0
|
|
||||||
cert-manager.io/cluster-issuer: vault-issuer
|
|
||||||
cert-manager.io/common-name: litellm.k8s.syd1.au.unkin.net
|
|
||||||
cert-manager.io/private-key-size: "4096"
|
|
||||||
name: litellm
|
|
||||||
namespace: litellm
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: litellm.k8s.syd1.au.unkin.net
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- backend:
|
|
||||||
service:
|
|
||||||
name: litellm
|
|
||||||
port:
|
|
||||||
number: 4000
|
|
||||||
path: /
|
|
||||||
pathType: Prefix
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- litellm.k8s.syd1.au.unkin.net
|
|
||||||
secretName: litellm-tls
|
|
||||||
@@ -7,7 +7,8 @@ resources:
|
|||||||
- cnpg_pooler.yaml
|
- cnpg_pooler.yaml
|
||||||
- deployment.yaml
|
- deployment.yaml
|
||||||
- hpa.yaml
|
- hpa.yaml
|
||||||
- ingress.yaml
|
- gateway.yaml
|
||||||
|
- httproute.yaml
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- redis-deployment.yaml
|
- redis-deployment.yaml
|
||||||
- redis-pvc.yaml
|
- redis-pvc.yaml
|
||||||
|
|||||||
@@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: Gateway
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
traefik.io/instance: internal
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: vault-issuer
|
||||||
|
cert-manager.io/common-name: paperclip.k8s.syd1.au.unkin.net
|
||||||
|
cert-manager.io/private-key-size: "4096"
|
||||||
|
external-dns.alpha.kubernetes.io/hostname: paperclip.k8s.syd1.au.unkin.net
|
||||||
|
external-dns.alpha.kubernetes.io/target: 198.18.200.4
|
||||||
|
name: paperclip
|
||||||
|
namespace: paperclip
|
||||||
|
spec:
|
||||||
|
gatewayClassName: traefik-internal
|
||||||
|
listeners:
|
||||||
|
- allowedRoutes:
|
||||||
|
namespaces:
|
||||||
|
from: Same
|
||||||
|
hostname: paperclip.k8s.syd1.au.unkin.net
|
||||||
|
name: https
|
||||||
|
port: 443
|
||||||
|
protocol: HTTPS
|
||||||
|
tls:
|
||||||
|
certificateRefs:
|
||||||
|
- kind: Secret
|
||||||
|
name: paperclip-tls
|
||||||
|
mode: Terminate
|
||||||
@@ -0,0 +1,20 @@
|
|||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: paperclip
|
||||||
|
namespace: paperclip
|
||||||
|
spec:
|
||||||
|
hostnames:
|
||||||
|
- paperclip.k8s.syd1.au.unkin.net
|
||||||
|
parentRefs:
|
||||||
|
- name: paperclip
|
||||||
|
sectionName: https
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: paperclip
|
||||||
|
port: 3100
|
||||||
|
matches:
|
||||||
|
- path:
|
||||||
|
type: PathPrefix
|
||||||
|
value: /
|
||||||
@@ -1,29 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: nginx
|
|
||||||
external-dns.alpha.kubernetes.io/hostname: paperclip.k8s.syd1.au.unkin.net
|
|
||||||
external-dns.alpha.kubernetes.io/target: 198.18.200.0
|
|
||||||
cert-manager.io/cluster-issuer: vault-issuer
|
|
||||||
cert-manager.io/common-name: paperclip.k8s.syd1.au.unkin.net
|
|
||||||
cert-manager.io/private-key-size: "4096"
|
|
||||||
name: paperclip
|
|
||||||
namespace: paperclip
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: paperclip.k8s.syd1.au.unkin.net
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- backend:
|
|
||||||
service:
|
|
||||||
name: paperclip
|
|
||||||
port:
|
|
||||||
number: 3100
|
|
||||||
path: /
|
|
||||||
pathType: Prefix
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- paperclip.k8s.syd1.au.unkin.net
|
|
||||||
secretName: paperclip-tls
|
|
||||||
@@ -6,7 +6,8 @@ resources:
|
|||||||
- cnpg_cluster.yaml
|
- cnpg_cluster.yaml
|
||||||
- cnpg_pooler.yaml
|
- cnpg_pooler.yaml
|
||||||
- deployment.yaml
|
- deployment.yaml
|
||||||
- ingress.yaml
|
- gateway.yaml
|
||||||
|
- httproute.yaml
|
||||||
- namespace.yaml
|
- namespace.yaml
|
||||||
- services.yaml
|
- services.yaml
|
||||||
- vaultauth.yaml
|
- vaultauth.yaml
|
||||||
|
|||||||
@@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: Gateway
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: vault-issuer
|
||||||
|
cert-manager.io/common-name: puppetboard.k8s.syd1.au.unkin.net
|
||||||
|
cert-manager.io/private-key-size: "4096"
|
||||||
|
external-dns.alpha.kubernetes.io/hostname: puppetboard.k8s.syd1.au.unkin.net
|
||||||
|
external-dns.alpha.kubernetes.io/target: 198.18.200.4
|
||||||
|
labels:
|
||||||
|
traefik.io/instance: internal
|
||||||
|
app.kubernetes.io/component: puppetboard
|
||||||
|
app.kubernetes.io/instance: puppetserver
|
||||||
|
app.kubernetes.io/name: puppetserver
|
||||||
|
app.kubernetes.io/version: 8.8.0
|
||||||
|
name: puppetboard
|
||||||
|
namespace: puppet
|
||||||
|
spec:
|
||||||
|
gatewayClassName: traefik-internal
|
||||||
|
listeners:
|
||||||
|
- allowedRoutes:
|
||||||
|
namespaces:
|
||||||
|
from: Same
|
||||||
|
hostname: puppetboard.k8s.syd1.au.unkin.net
|
||||||
|
name: https
|
||||||
|
port: 443
|
||||||
|
protocol: HTTPS
|
||||||
|
tls:
|
||||||
|
certificateRefs:
|
||||||
|
- kind: Secret
|
||||||
|
name: puppetboard-tls
|
||||||
|
mode: Terminate
|
||||||
@@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/component: puppetboard
|
||||||
|
app.kubernetes.io/instance: puppetserver
|
||||||
|
app.kubernetes.io/name: puppetserver
|
||||||
|
app.kubernetes.io/version: 8.8.0
|
||||||
|
name: puppetboard
|
||||||
|
namespace: puppet
|
||||||
|
spec:
|
||||||
|
hostnames:
|
||||||
|
- puppetboard.k8s.syd1.au.unkin.net
|
||||||
|
parentRefs:
|
||||||
|
- name: puppetboard
|
||||||
|
sectionName: https
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: puppetboard
|
||||||
|
port: 80
|
||||||
|
matches:
|
||||||
|
- path:
|
||||||
|
type: PathPrefix
|
||||||
|
value: /
|
||||||
@@ -1,34 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: nginx
|
|
||||||
external-dns.alpha.kubernetes.io/hostname: puppetboard.k8s.syd1.au.unkin.net
|
|
||||||
external-dns.alpha.kubernetes.io/target: 198.18.200.0
|
|
||||||
cert-manager.io/cluster-issuer: vault-issuer
|
|
||||||
cert-manager.io/common-name: puppetboard.k8s.syd1.au.unkin.net
|
|
||||||
cert-manager.io/private-key-size: "4096"
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/component: puppetboard
|
|
||||||
app.kubernetes.io/instance: puppetserver
|
|
||||||
app.kubernetes.io/name: puppetserver
|
|
||||||
app.kubernetes.io/version: 8.8.0
|
|
||||||
name: puppetboard
|
|
||||||
namespace: puppet
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: puppetboard.k8s.syd1.au.unkin.net
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- backend:
|
|
||||||
service:
|
|
||||||
name: puppetboard
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
path: /
|
|
||||||
pathType: Prefix
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- puppetboard.k8s.syd1.au.unkin.net
|
|
||||||
secretName: puppetboard-tls
|
|
||||||
@@ -25,7 +25,8 @@ resources:
|
|||||||
- horizontalpodautoscaler_puppetserver-masters-autoscaler.yaml
|
- horizontalpodautoscaler_puppetserver-masters-autoscaler.yaml
|
||||||
- horizontalpodautoscaler_puppetserver-puppetboard-autoscaler.yaml
|
- horizontalpodautoscaler_puppetserver-puppetboard-autoscaler.yaml
|
||||||
- horizontalpodautoscaler_puppetserver-puppetdb-autoscaler.yaml
|
- horizontalpodautoscaler_puppetserver-puppetdb-autoscaler.yaml
|
||||||
- ingress_puppetboard.yaml
|
- gateway_puppetboard.yaml
|
||||||
|
- httproute_puppetboard.yaml
|
||||||
- gateway_puppetdb.yaml
|
- gateway_puppetdb.yaml
|
||||||
- httproute_puppetdb.yaml
|
- httproute_puppetdb.yaml
|
||||||
- service_puppetserver-agents-to-puppet.yaml
|
- service_puppetserver-agents-to-puppet.yaml
|
||||||
|
|||||||
@@ -2,6 +2,8 @@
|
|||||||
apiVersion: gateway.networking.k8s.io/v1
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
kind: GatewayClass
|
kind: GatewayClass
|
||||||
metadata:
|
metadata:
|
||||||
|
labels:
|
||||||
|
traefik.io/instance: external
|
||||||
name: traefik-external
|
name: traefik-external
|
||||||
spec:
|
spec:
|
||||||
controllerName: traefik.io/gateway-controller
|
controllerName: traefik.io/gateway-controller
|
||||||
|
|||||||
@@ -2,6 +2,8 @@
|
|||||||
apiVersion: gateway.networking.k8s.io/v1
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
kind: GatewayClass
|
kind: GatewayClass
|
||||||
metadata:
|
metadata:
|
||||||
|
labels:
|
||||||
|
traefik.io/instance: internal
|
||||||
name: traefik-internal
|
name: traefik-internal
|
||||||
spec:
|
spec:
|
||||||
controllerName: traefik.io/gateway-controller
|
controllerName: traefik.io/gateway-controller
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ resources:
|
|||||||
helmCharts:
|
helmCharts:
|
||||||
- name: external-dns
|
- name: external-dns
|
||||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||||
version: "1.19.0"
|
version: "1.21.1"
|
||||||
releaseName: externaldns
|
releaseName: externaldns
|
||||||
namespace: externaldns
|
namespace: externaldns
|
||||||
valuesFile: values.yaml
|
valuesFile: values.yaml
|
||||||
|
|||||||
@@ -25,10 +25,7 @@ sources:
|
|||||||
- service
|
- service
|
||||||
- ingress
|
- ingress
|
||||||
- gateway-httproute
|
- gateway-httproute
|
||||||
- gateway-tlsroute
|
|
||||||
- gateway-grpcroute
|
- gateway-grpcroute
|
||||||
- gateway-tcproute
|
|
||||||
- gateway-udproute
|
|
||||||
|
|
||||||
# Environment variables for TSIG secret and algorithm from Vault
|
# Environment variables for TSIG secret and algorithm from Vault
|
||||||
env:
|
env:
|
||||||
@@ -54,3 +51,5 @@ extraArgs:
|
|||||||
- --rfc2136-tsig-axfr
|
- --rfc2136-tsig-axfr
|
||||||
- --rfc2136-tsig-secret=$(EXTERNAL_DNS_RFC2136_TSIG_SECRET)
|
- --rfc2136-tsig-secret=$(EXTERNAL_DNS_RFC2136_TSIG_SECRET)
|
||||||
- --ingress-class=nginx
|
- --ingress-class=nginx
|
||||||
|
|
||||||
|
logLevel: debug
|
||||||
|
|||||||
@@ -82,4 +82,17 @@ podSecurityContext:
|
|||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop: [ALL]
|
||||||
|
add: [NET_BIND_SERVICE]
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
|
||||||
|
ports:
|
||||||
|
web:
|
||||||
|
port: 80
|
||||||
|
websecure:
|
||||||
|
port: 443
|
||||||
|
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
@@ -82,4 +82,17 @@ podSecurityContext:
|
|||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop: [ALL]
|
||||||
|
add: [NET_BIND_SERVICE]
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
|
||||||
|
ports:
|
||||||
|
web:
|
||||||
|
port: 80
|
||||||
|
websecure:
|
||||||
|
port: 443
|
||||||
|
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
Reference in New Issue
Block a user