This commit is contained in:
Márcio Fernandes
14
deploy/infra/ingress-ssh-public.yaml
Normal file
14
deploy/infra/ingress-ssh-public.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: ssh-public
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik-public
|
||||
spec:
|
||||
entryPoints:
|
||||
- tcp2222
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: gitea-ssh
|
||||
port: 2222
|
||||
14
deploy/infra/ingress-ssh.yaml
Normal file
14
deploy/infra/ingress-ssh.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: ssh
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
spec:
|
||||
entryPoints:
|
||||
- tcp2222
|
||||
routes:
|
||||
- match: HostSNI(`*`)
|
||||
services:
|
||||
- name: gitea-ssh
|
||||
port: 2222
|
||||
@@ -1,10 +1,12 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: public-https
|
||||
name: web-public
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik-public
|
||||
spec:
|
||||
entryPoints:
|
||||
- public-https
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`git.limbosolutions.com`) && !PathPrefix(`/-/admin`)
|
||||
kind: Rule
|
||||
@@ -1,7 +1,9 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: websecure
|
||||
name: web
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
@@ -5,8 +5,10 @@ resources:
|
||||
- cd-serviceaccount.yaml
|
||||
- network-policies.yaml
|
||||
- certificate.yaml
|
||||
- websecure-ingress-route.yaml
|
||||
- public-https-ingress-route.yaml
|
||||
- ingress-web.yaml
|
||||
- ingress-web-public.yaml
|
||||
- ingress-ssh.yaml
|
||||
- ingress-ssh-public.yaml
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
|
||||
|
||||
@@ -14,29 +14,10 @@ spec:
|
||||
|
||||
|
||||
---
|
||||
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: allow-ssh-to-gitea
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: gitea
|
||||
|
||||
ingress:
|
||||
- fromCIDRSet:
|
||||
- cidr: 0.0.0.0/0
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "2222"
|
||||
protocol: TCP
|
||||
---
|
||||
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumNetworkPolicy
|
||||
metadata:
|
||||
name: allow-gitea-ingress
|
||||
name: allow-traefik-ingress
|
||||
spec:
|
||||
endpointSelector:
|
||||
matchLabels:
|
||||
@@ -44,7 +25,7 @@ spec:
|
||||
|
||||
ingress:
|
||||
# -------------------------------------------------------------
|
||||
# Allow Traefik (in kube-system) to reach Gitea on port 3000
|
||||
# Allow Traefik (in kube-system) to reach Gitea on port 3000 and 2222
|
||||
# -------------------------------------------------------------
|
||||
- fromEndpoints:
|
||||
- matchLabels:
|
||||
@@ -53,9 +34,12 @@ spec:
|
||||
- key: k8s:io.kubernetes.pod.namespace
|
||||
operator: In
|
||||
values:
|
||||
- kube-system
|
||||
- traefik
|
||||
- traefik-public
|
||||
toPorts:
|
||||
- ports:
|
||||
- port: "3000"
|
||||
protocol: TCP
|
||||
|
||||
- ports:
|
||||
- port: "2222"
|
||||
protocol: TCP
|
||||
Reference in New Issue
Block a user