71442a0405
- Migrate all ingress hostnames from *.homelab.local to *.coreworlds.io - Remove broken Traefik certresolver config (cert-manager handles TLS) - Add internal-only IP allowlist middleware for platform services - Add IngressRoutes for ArgoCD, Grafana, Longhorn (LAN-only via middleware) - Seal and add Cloudflare API token for cert-manager DNS-01 challenges - Update cert-manager ClusterIssuers with real email - Update k3s TLS SAN to k3s.coreworlds.io - Rewrite Ubiquiti docs for single-node topology and split-horizon DNS - Fix seal-secret.sh controller name to match Helm release - Add UCG DNS setup script using API key auth
2.6 KiB
2.6 KiB
Network Diagram
External Traffic Flow
┌──────────────┐
│ Internet │
└──────┬───────┘
│
┌────────┴────────┐
│ Cloudflare DNS │
│ coreworlds.io │
│ → public IP │
└────────┬────────┘
│
┌──────┴───────┐
│ UCG │
│ WAN :443 │
└──────┬───────┘
│ port-forward
┌──────┴───────┐
│ catherby │
│ 192.168.1.50 │
│ Traefik │
└──────┬───────┘
│
┌─────────────┼─────────────┐
│ │ │
coreworlds.io api.coreworlds.io ...
(web app) (api server)
LAN Traffic Flow (Split-Horizon DNS)
┌──────────────┐
│ LAN Client │
└──────┬───────┘
│ DNS query: argocd.coreworlds.io
┌──────┴───────┐
│ UCG DNS │
│ *.coreworlds │
│ → 192.168.1 │
│ .50 │
└──────┬───────┘
│ direct (no hairpin NAT)
┌──────┴───────┐
│ catherby │
│ 192.168.1.50 │
│ Traefik │
└──────────────┘
Service Routing
Traefik (192.168.1.50:443)
│
├── coreworlds.io → web (public)
├── api.coreworlds.io → api (public)
├── preview.coreworlds.io → web (public, preview ns)
├── api-preview.coreworlds.io → api (public, preview ns)
├── argocd.coreworlds.io → argocd (LAN only — internal-only middleware)
├── grafana.coreworlds.io → grafana (LAN only — internal-only middleware)
└── longhorn.coreworlds.io → longhorn (LAN only — internal-only middleware)