feat: Expose uptime kuma

2025-02-16 21:00:46 -08:00 · 2025-02-16 21:00:46 -08:00 · cd67c5ba2d
commit cd67c5ba2d
parent b6cca3f083
5 changed files with 38 additions and 28 deletions
--- a/dns/zones/mnke.org.zone
+++ b/dns/zones/mnke.org.zone
@ -1,8 +1,9 @@
 $ORIGIN mnke.org.
-@                     900       IN  SOA           dns-server. hostadmin 13 900 300 604800 900
+@                     900       IN  SOA           dns-server. hostadmin 33 900 300 604800 900
@                     3600      IN  NS            dns-server.
 authentik             600       IN  CNAME         authentik.dolo
 blog                  600       IN  CNAME         blog.dolo
 git                   600       IN  CNAME         git.jumper
-vault                 600       IN  CNAME         vault.jumper
 panel                 600       IN  CNAME         panel.jumper
+up                    600       IN  CNAME         up.dolo
+vault                 600       IN  CNAME         vault.jumper
--- a/k8s/apps/cloudflared/cloudflared-mnke.yaml
+++ b/k8s/apps/cloudflared/cloudflared-mnke.yaml
@ -116,13 +116,7 @@ data:
      service: https://blog.mnke.org
    - hostname: media.mnke.org
      service: https://media.mnke.org
-    # The old tonydu.me domains will be routed like this though. This
-    # is because I no longer want to support internal DNS entries for tonydu.me
-    - hostname: blog.tonydu.me
-      service: https://traefik.traefik.svc.cluster.local
-      originRequest:
-        noTLSVerify: true
-        http2Origin: true
-        httpHostHeader: blog.tonydu.me
+    - hostname: up.mnke.org
+      service: https://up.mnke.org
    # This rule matches any traffic which didn't match a previous rule, and responds with HTTP 404.
    - service: http_status:404
--- a/k8s/apps/ingressroutes/internal/kustomization.yaml
+++ b/k8s/apps/ingressroutes/internal/kustomization.yaml
@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - blog-tonydu.yaml
+  - up-mnke-org.yaml
--- a/k8s/apps/ingressroutes/internal/up-mnke-org.yaml
+++ b/k8s/apps/ingressroutes/internal/up-mnke-org.yaml
@ -0,0 +1,30 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: up-mnke-org
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: >-
+        (Host(`up.mnke.org`) || Host(`up.dolo.mnke.org`)) &&
+        (PathRegex(`^/status/*$`) || PathRegex(`^/api/*`))
+      kind: Rule
+      services:
+        - kind: Service
+          name: uptime-kuma
+          port: http
+
+    - match: Host(`up.mnke.org`) || Host(`up.dolo.mnke.org`)
+      kind: Rule
+      middlewares:
+        - name: authentik
+          namespace: default
+      services:
+        - kind: Service
+          name: uptime-kuma
+          port: http
+  tls:
+    secretName: wildcard-mnke-org-tls
--- a/k8s/apps/uptime-kuma/release.yaml
+++ b/k8s/apps/uptime-kuma/release.yaml
@ -18,24 +18,8 @@ spec:
        namespace: flux-system
  values:
    ingress:
-      enabled: true
-      annotations:
-        cert-manager.io/cluster-issuer: le-cf-issuer
-        kubernetes.io/ingress.class: traefik
-      hosts:
-        - host: uptime.dolo.mnke.org
-          paths:
-            - path: /
-              pathType: ImplementationSpecific
-        - host: uptime.mnke.org
-          paths:
-            - path: /
-              pathType: ImplementationSpecific
-      tls:
-        - hosts:
-            - uptime.dolo.mnke.org
-            - uptime.mnke.org
-          secretName: wildcard-mnke-org-tls
+      # We make our own IngressRoute for more granular control.
+      enabled: false
    resources:
      limits:
        cpu: 200m