From d2525b6ce208cf0e0f9f08837300a759ac01d9af Mon Sep 17 00:00:00 2001 From: Aner Zakobar Date: Sat, 9 Apr 2022 15:22:55 +0300 Subject: [PATCH] Semi working! --- templates/dns.yaml | 2 +- templates/gitea.yaml | 4 +--- templates/jackett.yaml | 4 ++-- templates/jellyfin.yaml | 2 +- templates/ldap-auth.yaml | 18 ++++++++---------- templates/nefarious.yaml | 10 ++-------- templates/photoprism.yaml | 4 ++-- templates/phpldapadmin.yaml | 4 ++-- templates/transmission.yaml | 2 +- values.yaml | 23 +---------------------- 10 files changed, 21 insertions(+), 52 deletions(-) diff --git a/templates/dns.yaml b/templates/dns.yaml index 781c71d..0a3f804 100644 --- a/templates/dns.yaml +++ b/templates/dns.yaml @@ -22,7 +22,7 @@ spec: imagePullPolicy: "Always" env: - name: DNS_A - value: "*.{{ .Values.homey.url }}={{ .Values.homey.ip }}, {{ .Values.homey.url }}={{ .Values.homey.ip }}" + value: "*.{{ .Values.homey.url }}={{ .Values.homey.ip }}, {{ .Values.homey.url }}={{ .Values.homey.ip }}, *.{{ .Values.homey.internal_url }}={{ .Values.homey.ip }}, {{ .Values.homey.internal_url }}={{ .Values.homey.ip}}" - name: DNS_FORWARDER value: "8.8.8.8,8.8.4.4" - name: ALLOW_RECURSION diff --git a/templates/gitea.yaml b/templates/gitea.yaml index a59fd47..3613f83 100644 --- a/templates/gitea.yaml +++ b/templates/gitea.yaml @@ -51,7 +51,7 @@ spec: selector: app: gitea ports: - - name: ssh + - name: http-port protocol: TCP port: 3000 targetPort: http @@ -81,8 +81,6 @@ metadata: name: gitea-ingress annotations: kubernetes.io/ingress.allow-http: "false" - ingress.kubernetes.io/auth-type: forward - ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 spec: rules: - host: git.{{ .Values.homey.url }} diff --git a/templates/jackett.yaml b/templates/jackett.yaml index 1cffa68..96c2d71 100644 --- a/templates/jackett.yaml +++ b/templates/jackett.yaml @@ -52,9 +52,9 @@ metadata: spec: tls: - hosts: - - jackett.{{ .Values.homey.url }} + - jackett.{{ .Values.homey.internal_url }} rules: - - host: jackett.{{ .Values.homey.url }} + - host: jackett.{{ .Values.homey.internal_url }} http: paths: - path: / diff --git a/templates/jellyfin.yaml b/templates/jellyfin.yaml index 0298f58..e20e389 100644 --- a/templates/jellyfin.yaml +++ b/templates/jellyfin.yaml @@ -88,7 +88,7 @@ metadata: annotations: spec: rules: - - host: jellyfin.{{ .Values.homey.url }} + - host: jellyfin.{{ .Values.homey.internal_url }} http: paths: - path: / diff --git a/templates/ldap-auth.yaml b/templates/ldap-auth.yaml index 12d7d72..5d218ef 100644 --- a/templates/ldap-auth.yaml +++ b/templates/ldap-auth.yaml @@ -18,24 +18,22 @@ spec: spec: containers: - name: ldap-auth - image: dignajar/another-ldap-auth:latest + image: linuxserver/ldap-auth imagePullPolicy: Always env: - - name: LDAP_ENDPOINT - value: "ldap://openldap:389" - - name: LDAP_MANAGER_DN_USERNAME + - name: WERTHER_LDAP_ENDPOINTS + value: "openldap:389" + - name: WERTHER_LDAP_BINDDN value: "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}" - - name: LDAP_MANAGER_PASSWORD + - name: WERTHER_LDAP_BINDPW valueFrom: secretKeyRef: name: openldap-ro key: password - - name: LDAP_SEARCH_BASE + - name: WERTHER_LDAP_BASEDN value: "ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}" - - name: LDAP_SEARCH_FILTER - value: "(objectClass=inetOrgPerson)" - - name: LDAP_BIND_DN - value: "uid={username},ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}" +# - name: LDAP_USER_FILTER +# value: "(objectClass=inetOrgPerson)" --- apiVersion: v1 kind: Service diff --git a/templates/nefarious.yaml b/templates/nefarious.yaml index ca4a009..cca70de 100644 --- a/templates/nefarious.yaml +++ b/templates/nefarious.yaml @@ -4,13 +4,7 @@ kind: Secret metadata: name: nefarious-admin annotations: - "helm.sh/resource-policy": "keep" -type: Opaque -data: - {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "nefarious-admin") | default dict }} - {{- $secretData := (get $secretObj "data") | default dict }} - {{- $pass := (get $secretData "password") | default (randAlphaNum 32 | b64enc) }} - password: {{ $pass | quote }} + secret-generator.v1.mittwald.de/autogenerate: password --- apiVersion: apps/v1 kind: Deployment @@ -133,7 +127,7 @@ metadata: annotations: spec: rules: - - host: nefarious.{{ .Values.homey.url }} + - host: nefarious.{{ .Values.homey.internal_url }} http: paths: - path: / diff --git a/templates/photoprism.yaml b/templates/photoprism.yaml index 43fa589..4da9a47 100644 --- a/templates/photoprism.yaml +++ b/templates/photoprism.yaml @@ -62,7 +62,7 @@ spec: - name: PHOTOPRISM_DATABASE_DRIVER value: "sqlite" - name: PHOTOPRISM_SITE_URL - value: "http://gallery.{{ .Values.homey.url }}" + value: "http://gallery.{{ .Values.homey.internal_url }}" - name: PHOTOPRISM_SITE_TITLE value: "PhotoPrism" - name: PHOTOPRISM_SITE_CAPTION @@ -114,7 +114,7 @@ metadata: memrequestbodybytes: 62914560 spec: rules: - - host: album.{{ .Values.homey.url }} + - host: album.{{ .Values.homey.internal_url }} http: paths: - path: / diff --git a/templates/phpldapadmin.yaml b/templates/phpldapadmin.yaml index 50adad5..5b22947 100644 --- a/templates/phpldapadmin.yaml +++ b/templates/phpldapadmin.yaml @@ -22,7 +22,7 @@ spec: value: "false" - name: PHPLDAPADMIN_LDAP_HOSTS value: ldap://openldap:389 - image: osixia/phpldapadmin:0.7.1 + image: osixia/phpldapadmin name: phpldapadmin ports: - containerPort: 80 @@ -47,7 +47,7 @@ metadata: kubernetes.io/ingress.allow-http: "false" spec: rules: - - host: ldapadmin.{{ .Values.homey.url }} + - host: ldapadmin.{{ .Values.homey.internal_url }} http: paths: - path: / diff --git a/templates/transmission.yaml b/templates/transmission.yaml index 2d2d5f8..dfd1ee8 100644 --- a/templates/transmission.yaml +++ b/templates/transmission.yaml @@ -57,7 +57,7 @@ metadata: ingress.kubernetes.io/auth-url: http://ldap-auth.{{ .Release.Namespace }}.svc.cluster.local:80 spec: rules: - - host: torrent.{{ .Values.homey.url }} + - host: torrent.{{ .Values.homey.internal_url }} http: paths: - path: / diff --git a/values.yaml b/values.yaml index 70e60a6..78eaa13 100644 --- a/values.yaml +++ b/values.yaml @@ -2,12 +2,6 @@ replicaCount: 1 homeyNamespace: homey -image: - repository: nginx - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - imagePullSecrets: [] nameOverride: "homey-app" fullnameOverride: "homey-chart" @@ -38,22 +32,6 @@ service: type: ClusterIP port: 80 -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -84,5 +62,6 @@ homey: ip: "192.168.1.2" storageCapacity: 450Gi url: zakobar.com + internal_url: zakobar.home ip: 192.168.1.2