Enable ingress for ceph dashboard

2025-02-13 03:32:38 +01:00 · 2025-02-13 03:32:38 +01:00 · 3d020782d4
commit 3d020782d4
parent 5aed410550
4 changed files with 25 additions and 1 deletions
--- a/apps/authelia/release.yaml
+++ b/apps/authelia/release.yaml
@ -80,6 +80,9 @@ spec:
          - domain: traefik.${domain}
            policy: one_factor
            subject: "group:lldap_admin"
+          - domain: ceph.${domain}
+            policy: one_factor
+            subject: "group:lldap_admin"
          - domain: grafana.${domain}
            policy: one_factor
          # Deny by default, mainly a placeholder to allow patching in other rules
--- a/apps/grafana/release.yaml
+++ b/apps/grafana/release.yaml
@ -23,7 +23,7 @@ spec:
        - secretName: ${domain//./-}-tls
      annotations:
        traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
-        traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd" # name of your middleware, as defined in your middleware.yml
+        traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd"
        traefik.ingress.kubernetes.io/router.tls: "true"

    envValueFrom:
--- a/clusters/titan.lan.huizinga.dev/infrastructure.yaml
+++ b/clusters/titan.lan.huizinga.dev/infrastructure.yaml
@ -14,6 +14,12 @@ spec:
  sourceRef:
    kind: GitRepository
    name: flux-system
+  postBuild:
+    substitute:
+      domain: staging.huizinga.dev
+      # Specifically for authelia
+      subdomain: .staging
+      topdomain: huizinga.dev
  path: ./infrastructure/controllers
  prune: true
  wait: true
--- a/infrastructure/controllers/rook/helm-release-cluster.yaml
+++ b/infrastructure/controllers/rook/helm-release-cluster.yaml
@ -17,6 +17,19 @@ spec:
  values:
    toolbox:
      enabled: true
+    # TODO: Not sure we really need this is we have prometheus + grafana set up
+    ingress:
+      dashboard:
+        annotations:
+          traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
+          traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd"
+          traefik.ingress.kubernetes.io/router.tls: "true"
+        host:
+          name: ceph.${domain}
+        tls:
+          - hosts:
+              - ceph.${domain}
+            secretName: ${domain//./-}-tls
    # Uncomment once prometheus stack has been added
    # monitoring:
    #   enabled: true
@ -26,6 +39,8 @@ spec:
    cephFileSystemVolumeSnapshotClass:
      enabled: true
    cephClusterSpec:
+      dashboard:
+        ssl: false
      storage:
        useAllDevices: false
        deviceFilter: "^nvme."