71442a0405
- Migrate all ingress hostnames from *.homelab.local to *.coreworlds.io - Remove broken Traefik certresolver config (cert-manager handles TLS) - Add internal-only IP allowlist middleware for platform services - Add IngressRoutes for ArgoCD, Grafana, Longhorn (LAN-only via middleware) - Seal and add Cloudflare API token for cert-manager DNS-01 challenges - Update cert-manager ClusterIssuers with real email - Update k3s TLS SAN to k3s.coreworlds.io - Rewrite Ubiquiti docs for single-node topology and split-horizon DNS - Fix seal-secret.sh controller name to match Helm release - Add UCG DNS setup script using API key auth
23 lines
510 B
YAML
23 lines
510 B
YAML
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: grafana
|
|
namespace: platform
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`grafana.coreworlds.io`)
|
|
kind: Rule
|
|
middlewares:
|
|
- name: internal-only
|
|
namespace: platform
|
|
services:
|
|
- name: kube-prometheus-stack-grafana
|
|
namespace: observability
|
|
port: 80
|
|
tls:
|
|
secretName: grafana-tls
|