Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

Enable ingress for ceph dashboard

Browse Source
This commit is contained in:
Dreaded_X 2025-02-13 03:32:38 +01:00
parent 5aed410550
commit 3d020782d4
Signed by: Dreaded_X
GPG Key ID: FA5F485356B0D2D4
4 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/authelia/release.yaml
View File

@ -80,6 +80,9 @@ spec:
- domain: traefik.${domain} - domain: traefik.${domain}
policy: one_factor policy: one_factor
subject: "group:lldap_admin" subject: "group:lldap_admin"
- domain: ceph.${domain}
policy: one_factor
subject: "group:lldap_admin"
- domain: grafana.${domain} - domain: grafana.${domain}
policy: one_factor policy: one_factor
# Deny by default, mainly a placeholder to allow patching in other rules # Deny by default, mainly a placeholder to allow patching in other rules

2
apps/grafana/release.yaml
View File

@ -23,7 +23,7 @@ spec:
- secretName: ${domain//./-}-tls - secretName: ${domain//./-}-tls
annotations: annotations:
traefik.ingress.kubernetes.io/router.entryPoints: "websecure" traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd" # name of your middleware, as defined in your middleware.yml traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd"
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
envValueFrom: envValueFrom:

6
clusters/titan.lan.huizinga.dev/infrastructure.yaml
View File

@ -14,6 +14,12 @@ spec:
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository
name: flux-system name: flux-system
postBuild:
substitute:
domain: staging.huizinga.dev
# Specifically for authelia
subdomain: .staging
topdomain: huizinga.dev
path: ./infrastructure/controllers path: ./infrastructure/controllers
prune: true prune: true
wait: true wait: true

15
infrastructure/controllers/rook/helm-release-cluster.yaml
View File

@ -17,6 +17,19 @@ spec:
values: values:
toolbox: toolbox:
enabled: true enabled: true
# TODO: Not sure we really need this is we have prometheus + grafana set up
ingress:
dashboard:
annotations:
traefik.ingress.kubernetes.io/router.entryPoints: "websecure"
traefik.ingress.kubernetes.io/router.middlewares: "authelia-forwardauth-authelia@kubernetescrd"
traefik.ingress.kubernetes.io/router.tls: "true"
host:
name: ceph.${domain}
tls:
- hosts:
- ceph.${domain}
secretName: ${domain//./-}-tls
# Uncomment once prometheus stack has been added # Uncomment once prometheus stack has been added
# monitoring: # monitoring:
# enabled: true # enabled: true
@ -26,6 +39,8 @@ spec:
cephFileSystemVolumeSnapshotClass: cephFileSystemVolumeSnapshotClass:
enabled: true enabled: true
cephClusterSpec: cephClusterSpec:
dashboard:
ssl: false
storage: storage:
useAllDevices: false useAllDevices: false
deviceFilter: "^nvme." deviceFilter: "^nvme."