feat: Add external reverse proxies

k8s/apps/external-reverse-proxies/codegen/config/config.yaml

@@ -1,7 +1,6 @@
 x-jellyfin: &jellyfin
   upstream_host: jellyfin.home.mnke.org
   upstream_port: 8096
-  pass_host_header: false
 
 proxies:
   - <<: *jellyfin
@@ -10,8 +9,23 @@ proxies:
     listen_hosts:
       - media.mnke.org
       - jellyfin.mnke.org
+    pass_host_header: false
 
   - <<: *jellyfin
     service_name: jellyfin-tonydu
     tls_secret_name: wildcard-tonydu-me-tls
     listen_host: media.tonydu.me
+
+  - service_name: seerr-tonydu
+    tls_secret_name: wildcard-tonydu-me-tls
+    listen_host: seerr.tonydu.me
+    upstream_host: seerr.jumper.mnke.org
+    upstream_port: 443
+    pass_host_header: false
+
+  - service_name: seerr-mnke
+    tls_secret_name: wildcard-mnke-org-tls
+    listen_host: seerr.mnke.org
+    upstream_host: seerr.jumper.mnke.org
+    upstream_port: 443
+    pass_host_header: false

k8s/apps/external-reverse-proxies/codegen/generator.py

@@ -24,7 +24,7 @@ def write_file(filename, content, dry_run):
         with open(filename, 'w') as f:
             f.write(content)
 
-kustomize_template = Template('''---
+kustomization_template = Template('''---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
@@ -56,9 +56,9 @@ def main(args):
         filenames.append(path.basename(generated_filename))
         write_file(generated_filename, content, dry_run)
 
-    kustomize_filename = path.join(output_path, 'kustomize.yaml')
-    kustomize_content = kustomize_template.render(filenames=filenames)
-    write_file(kustomize_filename, kustomize_content, dry_run)
+    kustomization_filename = path.join(output_path, 'kustomization.yaml')
+    kustomization_content = kustomization_template.render(filenames=filenames)
+    write_file(kustomization_filename, kustomization_content, dry_run)
 
 if __name__ == '__main__':
     default_config_path = path.join(path.dirname(__file__), 'config', 'config.yaml')

k8s/apps/external-reverse-proxies/codegen/templates/proxy.yaml.j2

@@ -31,7 +31,7 @@ spec:
         - kind: Service
           name: {{ service_name }}-external
           port: {{ upstream_port }}
-          passHostHeader: {{ pass_host_header }}
+          passHostHeader: {{ pass_host_header | default('true') }}
   {%- endfor %}
   tls:
     secretName: {{ tls_secret_name }}

k8s/apps/external-reverse-proxies/generated/jellyfin-mnke.yaml

@@ -1,4 +1,5 @@
 ---
+# This file was automatically generated. Do not modify.
 apiVersion: v1
 kind: Service
 metadata:
@@ -13,6 +14,7 @@ spec:
       targetPort: 8096
 
 ---
+# This file was automatically generated. Do not modify.
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:

k8s/apps/external-reverse-proxies/generated/jellyfin-tonydu.yaml

@@ -1,4 +1,5 @@
 ---
+# This file was automatically generated. Do not modify.
 apiVersion: v1
 kind: Service
 metadata:
@@ -13,6 +14,7 @@ spec:
       targetPort: 8096
 
 ---
+# This file was automatically generated. Do not modify.
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
@@ -28,6 +30,6 @@ spec:
         - kind: Service
           name: jellyfin-tonydu-external
           port: 8096
-          passHostHeader: False
+          passHostHeader: true
   tls:
     secretName: wildcard-tonydu-me-tls

k8s/apps/external-reverse-proxies/generated/kustomization.yaml

@@ -3,4 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - jellyfin-mnke.yaml
-  - jellyfin-tonydu.yaml
+  - jellyfin-tonydu.yaml
+  - seerr-tonydu.yaml
+  - seerr-mnke.yaml

k8s/apps/external-reverse-proxies/generated/seerr-mnke.yaml

@@ -0,0 +1,35 @@
+---
+# This file was automatically generated. Do not modify.
+apiVersion: v1
+kind: Service
+metadata:
+  name: seerr-mnke-external
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: seerr.jumper.mnke.org
+  ports:
+    - name: seerr-mnke-external
+      port: 443
+      targetPort: 443
+
+---
+# This file was automatically generated. Do not modify.
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: seerr-mnke-external
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`seerr.mnke.org`)
+      kind: Rule
+      services:
+        - kind: Service
+          name: seerr-mnke-external
+          port: 443
+          passHostHeader: False
+  tls:
+    secretName: wildcard-mnke-org-tls

k8s/apps/external-reverse-proxies/generated/seerr-tonydu.yaml

@@ -0,0 +1,35 @@
+---
+# This file was automatically generated. Do not modify.
+apiVersion: v1
+kind: Service
+metadata:
+  name: seerr-tonydu-external
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: seerr.jumper.mnke.org
+  ports:
+    - name: seerr-tonydu-external
+      port: 443
+      targetPort: 443
+
+---
+# This file was automatically generated. Do not modify.
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: seerr-tonydu-external
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`seerr.tonydu.me`)
+      kind: Rule
+      services:
+        - kind: Service
+          name: seerr-tonydu-external
+          port: 443
+          passHostHeader: False
+  tls:
+    secretName: wildcard-tonydu-me-tls

k8s/apps/external-reverse-proxies/kustomization.yaml

@@ -3,4 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - generated
-  - middlewares
+  # - middlewares

k8s/apps/kustomization.yaml

@@ -5,3 +5,4 @@ resources:
   - common
   - uptime-kuma
   - ghost
+  - external-reverse-proxies

k8s/infrastructure/configs/certificates/wildcard-mnke-org.yaml

@@ -16,8 +16,10 @@ spec:
       # reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "dev,staging,prod"  # Control destination namespaces
       # reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "dev,staging,prod" # Control auto-reflection namespaces
   dnsNames:
+    - "mnke.org"
     - "*.mnke.org"
     - "*.dolo.mnke.org"
+  commonName: "*.mnke.org"
   issuerRef:
     name: le-cf-issuer
     kind: ClusterIssuer