From 72693ea8a71413846a2d3b0f1e093165797abc6a Mon Sep 17 00:00:00 2001 From: Jonathan Leech-Pepin Date: Thu, 30 Jan 2025 10:08:13 -0500 Subject: [PATCH] Initial homelab gateway config --- namespaces/homelab/gateway.yaml | 59 +++++++++++++++++++++++++++++++ namespaces/homelab/namespace.yaml | 7 ++++ namespaces/homelab/secrets.yaml | 33 +++++++++++++++++ 3 files changed, 99 insertions(+) create mode 100644 namespaces/homelab/gateway.yaml create mode 100644 namespaces/homelab/namespace.yaml create mode 100644 namespaces/homelab/secrets.yaml diff --git a/namespaces/homelab/gateway.yaml b/namespaces/homelab/gateway.yaml new file mode 100644 index 0000000..17b6861 --- /dev/null +++ b/namespaces/homelab/gateway.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: homelab-gateway + namespace: homelab +spec: + gatewayClassName: traefik + listeners: + - allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + homelab-access: "true" + name: web + port: 8000 + protocol: HTTP + - allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + homelab-access: "true" + name: websecure + port: 8443 + protocol: HTTPS + tls: + mode: Terminate + certificateRefs: + - kind: Secret + name: infisical-self-signed-cert + - allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + homelab-access: "true" + name: postgres + port: 5432 + protocol: TCP + - allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + homelab-access: "true" + name: redis + port: 6379 + protocol: HTTP + - allowedRoutes: + namespaces: + from: Selector + selector: + matchLabels: + homelab-access: "true" + name: ollama + port: 11434 + protocol: HTTP diff --git a/namespaces/homelab/namespace.yaml b/namespaces/homelab/namespace.yaml new file mode 100644 index 0000000..8514d56 --- /dev/null +++ b/namespaces/homelab/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + homelab-access: "true" + name: homelab diff --git a/namespaces/homelab/secrets.yaml b/namespaces/homelab/secrets.yaml new file mode 100644 index 0000000..f4ecc5d --- /dev/null +++ b/namespaces/homelab/secrets.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: secrets.infisical.com/v1alpha1 +kind: InfisicalSecret +metadata: + name: homelab-sslcert-secrets + namespace: infisical + labels: + label-to-be-passed-to-managed-secret: homelab + annotations: + example.com/annotation-to-be-passed-to-managed-secret: "homelab" +spec: + hostAPI: https://app.infisical.com/api + resyncInterval: 10 + authentication: + # Universal Auth + universalAuth: + secretsScope: + projectSlug: homelab-n-f-yj + envSlug: prod + secretsPath: "/homelab" # Root is "/" + recursive: true # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false + credentialsRef: + secretName: universal-auth-credentials + secretNamespace: infisical + managedSecretReference: + secretName: infisical-self-signed-cert + secretNamespace: homelab + creationPolicy: "Orphan" ## Owner | Orphan + secretType: kubernetes.io/tls + template: + data: + tls.crt: "{{ .TLS_CERT.Value }}" + tls.key: "{{ .TLS_KEY.Value }}"