From a0be2889f0435015fb43261ab1c76c89fe91ecc9 Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Mon, 19 Feb 2024 00:39:40 +0100 Subject: [PATCH] fix(dashboard): Add proper ingress configuration --- clusters/k8s01/dashboard/certificate.yaml | 63 ++++++++++++++ clusters/k8s01/dashboard/ingress.yaml | 85 +++++++++++++++++++ clusters/k8s01/dashboard/kustomization.yaml | 10 +++ .../dashboard/kubernetes-dashboard.yaml | 37 -------- 4 files changed, 158 insertions(+), 37 deletions(-) create mode 100644 clusters/k8s01/dashboard/certificate.yaml create mode 100644 clusters/k8s01/dashboard/ingress.yaml create mode 100644 clusters/k8s01/dashboard/kustomization.yaml diff --git a/clusters/k8s01/dashboard/certificate.yaml b/clusters/k8s01/dashboard/certificate.yaml new file mode 100644 index 000000000..3ea8bcec0 --- /dev/null +++ b/clusters/k8s01/dashboard/certificate.yaml @@ -0,0 +1,63 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: dashboard-tls +spec: + dnsNames: + - ENC[AES256_GCM,data:8FbrgbnX267dhbdIZF80JpIEIr7Wja+jrVel,iv:Z2/NxKNhWLh/bklstOo8yGQERzoBl2o7bNY11s0XApY=,tag:W1EE1o2rOmDd5Jt2icYStg==,type:str] + issuerRef: + name: letsencrypt + kind: ClusterIssuer + secretName: ingress-dashboard-tls +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-02-18T23:38:35Z" + mac: ENC[AES256_GCM,data:Gt46IBGcGYv0g+5h51JKqUyUBH9hUEEwVxlprtkN7c35Q7IaEM2BzPfL3AQCEL0xnDuDuckXveDQzocid/38zfb1KYJkDTQnTE7sKLIIyCGhp6EKETCFDVB/0G5lumQaCpj/CD1fV2RlwFIQ9ZmTRRhTAkNsyAdw02Sjb8S/kmI=,iv:rtn/Fd5Nq9XYamg92cR2zd1QenSEz1fw/1/R/D1mR7Q=,tag:LGFd/n4Om7J9a0std+e1+g==,type:str] + pgp: + - created_at: "2022-01-21T18:13:48Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAAHhDshl1OJqNRUolNvbIXzOuDzssJnvyi6cIZuMmVMsxf + a6wAWAtYOehvtn1ODL7/h4fIpBtfp7d8VuwfJSrh3ghUeiOl3zRzQbmaFA2L5/iG + Jd94tFAVwIl30qjcYqGVB2RF27VF1RElzgDLQh3hiXn1hDC+WmNSnBF5hwnwCFOL + wM4BHuE2AB4TX3PlYSo1n71VSzcCqRzbIxelZasYLnJQVL0VE6AjEd/fHS468R8N + aZ3mhmHW3sWzuLHNREMD2Q3ghkguLhau0VoETlYRI9103I4k7/khFrhAj5l2/PUr + 2SWgpXyRqXVaKPeTiQs3QR8B5jNq3BlZj6Celw5Ig/wx3LY0EhI9e9WFgtSlZxM+ + 2yk65HQGvTIgsbys/z/0skA9vqik9csFRsH9iK42E/+XLvoAT6yxyl0cv1kBEyAS + ggPmKOq8+CT+voHzuh8kZHq9Sa8kH5xL1DQLzX2yIruV3OhTPSK+VlDpjUbycmI2 + qR1oCo/snOJwwwvfl9vu0B8FCwhrz8554ZQBErFfJl6GFiUV8LElRlZh5S9Jiysr + nYJS5gxrcvjF/0Y6EHEfWDRDxvCHoWQpWhl2hRkh5UlQKH0ab+QWLYpISyNJxjfl + orQJdaVX3BQwhqMLwiMLGoaNGrSpmxXveLOZmsdK0obXC67lyE6ZM/Wy6gx2dFnS + 5gFdXCLzQmmjYK8gIlsejQdnxZI2qWavZIN9T70OZQGaDE/S+U1uxKjuGBM7HTcP + 7f1nUa6z96A9ydWs1xHjtm7k172V16PMSrvjQ8KLhFJd9eJDq3ksAA== + =XgF6 + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-01-21T18:13:48Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPAQ//S/9rOkbd3beNH20dxgZ7VuZxgnjiV3Hd3om717njcMm2 + kCfTJ3AmpLtQsT2s1W221tIyCwtHOobj82ANP9KzNi4e6v3LlNTIVHTQiHXk9KJP + AX6JoCOLu3bAI0xcdApNBU2wAlHBVC+T4BUfhPqD5AdHpW++e1qUIsM/6TViunHj + BWoIA0bpXqyOhTm1GbkJrHMgczJn2qgR5lBf8wgGmASd8jlNyfA7SxoKHj8sl/Ji + nucP/90dmyD2eBIJYdYS3anJYa2uP96oioG5xxIyfppnL5dwozDAit3Z5vvnBZNb + 1rrpUnN8H0cCcaj7tmDEmjGfjGwxLKegQRZX7Pg5hwaaOOPGheXf8Ip/DpDf6T0n + Sq24X6DC5gD1RBU+YY6ZayMt/OKpVVVwRlY4BTDIUe4M+ecK/fve5vpDW2M+KWMc + pOkO1B09/prsX0w5XjFh8hb/6HlDDhomiB+BszcRCUDzocRzSEIFwMf7/iTaExe8 + 2fKCCHB4kHo6GHpydlQOpnGMOvDmiNKopXxTkFQUFQjyRmHGXf/u79JNXBjHkniv + ZiokjTEarwMp68dyiaL4L/5Uk+4NG3MetobqSaeW2TbeBwif3G2eFleYscz7QPIR + 5ZBBhU/CoUEz2Xge6t8rlp8PNcQ1yq/R+tZjaeqIIT4++ZxCErhA0lsxyFrgLefU + aAEJAhD7hR3IMDGN2zOZSiw1IBz9P8Jss/oERQiuVpe/eTv5Vqj9vuL+koKftwnF + vSVkNo0fLwNLtnU659Mkoj9utoUL9tAhcCMpP3NehKkBG5RjF9crnIP6zT3lvVU0 + GYyW4Lsfrt/a + =FfV+ + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$ + version: 3.7.3 diff --git a/clusters/k8s01/dashboard/ingress.yaml b/clusters/k8s01/dashboard/ingress.yaml new file mode 100644 index 000000000..70ca02f0b --- /dev/null +++ b/clusters/k8s01/dashboard/ingress.yaml @@ -0,0 +1,85 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dashboard-ingress + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/auth-response-headers: Authorization + nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth + nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri + nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/24 +spec: + rules: + - host: ENC[AES256_GCM,data:MM82hiwUbovVISr01QXaeKztbk4awPl5Dd4W,iv:IlIocetXxYqjdt02BdZgIZinzZluh0HpEyN56bDPYJA=,tag:956bR5AF3P5ciQpgSyhPbQ==,type:str] + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kubernetes-dashboard-web + port: + name: web + - path: /api + pathType: Prefix + backend: + service: + name: kubernetes-dashboard-api + port: + name: api + tls: + - hosts: + - ENC[AES256_GCM,data:R+j/qyIfjNbidj3b5nGDlg5ab0vH2E5kpIXp,iv:qAzcIRji0/RTXI4QKxhMXC6zLhwkRswr3PVrtk09zhQ=,tag:TEMpyGuE22j1F+C3RtnVtw==,type:str] + secretName: ingress-dashboard-tls +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-02-18T23:38:46Z" + mac: ENC[AES256_GCM,data:EZzOSUGvA2qypr+sun8EjgbvpOoR1KhIZqvCG59IwglDORPYcOIJc4CkTxf1xGwTg4lk4Vr+JqMXjqW0TqiSK063uYqJ0BBGTvDBFJoCxnK5+g/7M3CRP9v7nGA+vyr3hGlqdw/MCqsE/unCWedCuIVMVauTBPOz9sz0Gg1O2/c=,iv:LLCuszO+Q9ojiPoD2bJY9qeNffO/ElHH1LqfWqDZrTQ=,tag:QwnLw//JOVHsq8JzUmMdtw==,type:str] + pgp: + - created_at: "2022-01-22T02:43:51Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAAFvtohkvJRkXy/Xg0WB6vfDrlLkImoMDr0AdA43wLDb8g + asrWif9/RUwbackSqHMyArFznOgXEx2dH9fE7p2NAu1TdRZb8qU6XQULrGT699ZO + 0ndYeZiG8H2MTYW+0W+UKbpIZaaox2GW5RHFF0fxQCqUyYKmqdYOgozhlDnDbePT + xiCy8gVZMtfv7rFU8XmMP3wM9FJDT6dlddMP5QqS5CRw9loxo0LBNxwnBfEfkDRK + fRgNhZxnn77U4OCPtzjSgCMQvE4S+DckBjESzNLlsT/M4hTo7ALe1CrXlJQ70Hmc + WsYuQS+FI4D4JZ+5yhMAXwS1PjWASZvfx3ICwID3aodgT4z6Vo4vnpjQLD1rrRsp + d/BaIP7anI4QiAECfbiRS0eGGNMGqjSU/TADxaJ7oOoPnncp6oSWs+OOqCGq+LTm + 6NIhtp1dxN650xo3pNclSHcyzegPN9KbBSncZ753h/mf3ogndVcHX2JI6BJSDbeV + 1daSNxBPrO33/cyXJyeuAgjUqMH9v7Asm89i7qMXCTrS9ScNJLRKDq4Nt3kKMCuL + KZxrNMUGTwOY5wMnZRzzxmomWR3NinAuh4ig16mPGlPqz7Ytd3gXU8f90FM13wx/ + Q4MH1/QK5ofquX5Kh1ynd8zao3rXCPssIjaRAaWUWuZg/Bx/M6w8ti4LRVcqlrfS + 5gF6jN7S2V6BypBOukyYxN6IS5omLpNJASnlPWtsWWs2z/J/oE8Ffl9CzXzMTmDw + guWmOXyAToL5AQv+yYTM7mDkAJgFW1nubQRc6UGeYu1UKeLtk/45AA== + =w2Ry + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-01-22T02:43:51Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPAQ/+PiDZKJIrMbrffin3ZDaS3qoQswfaKOhxqytzN7mK0+kv + 7ePEHDTcHobwJXLiA7cT2p4c4VAa7imN3vew5Ock7b8F5A1kbKRqHWD1N6rCoVEM + jiczzb9AiAyh49kjF3YIgO2pCUCzbMDEqlrGDf9GTw+izQ2GWkWriZdRelXlnh7d + pgFoV1VKL/kwPivCZsGFxxnS/PDyxujl0GK+PYpLJJWnpxItDDfXtrcesvyLxE+/ + lxc7myEvwoXMKkPIg0bD0rrkQ4aSfgEB7f456hY3+qi/mqeD8pRtRrD8gIGprd2G + N/tDA9DaDXXVJcan/bVTczIosY+QDf6jG3nvBx6gDTfng3YfaESiH1na2AqfYJDv + oDklg6bahF7SDWUHGuxdfP5je4/ChgqyiQR63NTvqE8C4/jcDkD8bo9zMxGtkMpp + KsjJ5Q8zugMpT7A0sOE82wj93EJR1cc1F9cWhPNfZpnPvW5d60VWVnXqvIlVT+sk + 9hzXtFVLwA1LOWtdcoIESZ9f2e7O2iJlf33E/OJjhC7pNtJesV8nlq0o9iyGSGrP + i5vQugZmsXrBQUaCuAqb6iygTjdWCZEzn+yGV/DfdCLe8e0mCO274cOHnshkGaH7 + SqCtco5ZlUqnl+2s2IMTU45FWhd/OUopPZTdPcoUM2Sc68hQyrDbp6uPiygNdW3U + ZgEJAhBzTzVu56+K5xCdHSEVSSVSvrl7qBJQTGNOEfJPq+Az3VriPE5tbBe2RN7H + iQJf4UK17YwirkyyNHgLifSkbIW4N3DNKPC4JntSzJqyaDf7lO8L/TH+WPU+bCQa + lS1ReknhMw== + =adK1 + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$ + version: 3.7.3 diff --git a/clusters/k8s01/dashboard/kustomization.yaml b/clusters/k8s01/dashboard/kustomization.yaml new file mode 100644 index 000000000..3cb945dbd --- /dev/null +++ b/clusters/k8s01/dashboard/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: dashboard-system +resources: +- certificate.yaml +- ingress.yaml + +components: +- ../../../shared/components/oauth2-proxy +- ../../../shared/components/ingress-local-only \ No newline at end of file diff --git a/infrastructure/dashboard/kubernetes-dashboard.yaml b/infrastructure/dashboard/kubernetes-dashboard.yaml index a3553a8c2..7a245e4f7 100644 --- a/infrastructure/dashboard/kubernetes-dashboard.yaml +++ b/infrastructure/dashboard/kubernetes-dashboard.yaml @@ -196,43 +196,6 @@ spec: --- -kind: Ingress -apiVersion: networking.k8s.io/v1 -metadata: - name: kubernetes-dashboard - labels: - app.kubernetes.io/name: nginx-ingress - app.kubernetes.io/part-of: kubernetes-dashboard - annotations: - nginx.ingress.kubernetes.io/ssl-redirect: "true" - cert-manager.io/cluster-issuer: letsencrypt -spec: - ingressClassName: nginx - tls: - - hosts: - - localhost - secretName: kubernetes-dashboard-certs - rules: - - host: localhost - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: kubernetes-dashboard-web - port: - name: web - - path: /api - pathType: Prefix - backend: - service: - name: kubernetes-dashboard-api - port: - name: api - ---- - ################################ ### Deployments ################################ -- GitLab