steffen/kubedeploy-k3s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reintroduced cert pvc as shared object

Browse Source
This commit is contained in:
Steffen Illium
2024-04-07 10:56:18 +02:00
parent cb74bad994
commit d43022f70d
8 changed files with 12 additions and 6 deletions

29
infrastructure/03-traefik/shared/base/dc-secret-sealed.yaml Normal file

@ -0,0 +1,29 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "dc-secret",
"namespace": "traefik",
"creationTimestamp": null,
"annotations": {
"sealedsecrets.bitnami.com/namespace-wide": "true"
}
},
"spec": {
"template": {
"metadata": {
"name": "dc-secret",
"namespace": "traefik",
"creationTimestamp": null,
"annotations": {
"sealedsecrets.bitnami.com/namespace-wide": "true"
}
},
"type": "Opaque"
},
"encryptedData": {
"IONOS_API_KEY": "AgCXqtKxmdslz80mWyR1q+y18A6ouEKxYOqfElGebXX5KNputkjDBI+IFyDttKS08YObOMiN42CH9wn1VJg08dYA+gBeFj+NdW7dT0Qiz3uo/ZL8LVuuapprFM5Zh9ipcFqTCFYNHBAGVzCQ6DOyrsfqTNxr+9OVOTX6t9Fye1N46pghTUHs+60pf8EPL1KMKXbU3DIrYkp7gzpdUN7J6ZO4Z92ge4YfnyEY8qnPTrI4ae/XbFzQhtCTk9gyvuO5iIEETWuHgEwTpvoHsED+OFVK0zskafyuXwfJOsJRVIVjg5ltHfO+In6Mc3yHm3SRgbRcTB+IkrxrbOElxRIuyi29eWKekGHHJRF3oknMLIyORIFFgeegZ9NHVky0G/EQx7CryuPCInAHIem+eRFj8Gdcebi/qL5fPnfx7p5uc2iCRXfII0FuiZeKEkt582N9aBccvXll3rT3TWzJ+oIGkgQaSeWkziCkrSaSpoSSAljW2j8+1Nko4pfvJu0kxKpvFWHhve8dSCCBv2ePH4AS9jZYCldZOOajpRuRUSI9ux4911d4rmKXv5tg6tEesbcKkrshv5h2q4TsNSr6EPM2QSqR/8FvtLPYSQs3Z4kPBQgvI3hgE0OSU73ZZ7VPj3QcJzv8OVM3tQk/1+j65AS+SRHVHf7GpraOoMEKEXGsJ/XuFhFSH5rJKi06ytl0T4kqNRH/ownWwRpodZvxxjO9JLNZTcPZMIua30zTXODh7A6fBzQkPrjETM0Mu3SlXiUr6m5o7w1EjyOBT9GBfzB1Dqz2CuwZKSAOZIlqAZxS6dycylUavaBLpKtzd/RpXc4OXZ+p2FnK3ANMel4944n8XOGZetbPSzD4Iw==",
"IONOS_MAIL": "AgBmtvjL16dX9fkB2wUrUlYUDh8zgJfxsdAdR9c/7u8/Xg7a6FoENhYWffnLF8OhFIWTitRzQRPpvEcxBp6VtbhHWPekGl/WI4DrFQP7nDuhIZ7ebRnZij6Hi9uxzaJAkNDsHrCU+zZdrNm4AG5ra/VYialOHCml2vHd4ObpvuVRRmuV9PdHkCYXaiZlPnPtxoarssAE+GxElJmNNKrjvHhpVGwtvP3s/iayg3uBBqxiCva+lqigyRmSb7IBIzVC+1yXzJz4VUkM8thpFWqVJYZVx90Qf0sKogYR0aIH8O4jEbcSyw8DsE3LreUNnQAuPp0fJ7pfK77VxU38O6mxecr4u6xBIkoAdlAxMCx9feRoS2u7AxSVVZko/2/UNNLHUo/EyFNsjDKHChzaCrk+kmaMQGzWckCxfyvHXzsf8YyDQ396lD6HXP6euGZpj/C7T4M81smAUdE89NrK8Fkg/nVzc+0Z9w27/8Fq7UMQiAWKoDlWnCt10QN3uopJ8LJGuaEHEPL/jRBWS2WqNoPF6A88an29rbFOgyAW+xz85sjbjBmkY6kq3FVOzgQRdQAz0Jo7NrwE1VI/aqPnE3x8hPBh2TMU+5uMngUdut01aJ0rMzn/NJ1oure+52WcGB+dcJRJfpdT9p9/UatfRLqKpkIDeVcltiG7/QxHpj/V4tDMIRXB8BVPwWPQQQFEXpUNs3RDFoB3HiF3wM+VGMn/V6oNqhP/w7I="
}
}
}

23
infrastructure/03-traefik/shared/base/traefik-middleware-authentik.yaml Normal file

@ -0,0 +1,23 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: authentik-middleware
namespace: traefik
labels:
expose: "true"
spec:
forwardAuth:
address: https://auth.steffenillium.de/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

20
infrastructure/03-traefik/shared/base/traefik-middleware-default-headers.yaml Normal file

@ -0,0 +1,20 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: default-headers
namespace: traefik
labels:
local: "true"
expose: "true"
spec:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https

4
infrastructure/03-traefik/shared/base/traefik-namespace.yaml Normal file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: traefik

12
infrastructure/03-traefik/shared/base/traefik-pvc.yaml Normal file

@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: traefik-pvc
namespace: traefik
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi