From cd67c5ba2dd618f2d55be44f0d12c4e4fbe2761a Mon Sep 17 00:00:00 2001 From: Tony Du Date: Sun, 16 Feb 2025 21:00:46 -0800 Subject: [PATCH] feat: Expose uptime kuma --- dns/zones/mnke.org.zone | 5 ++-- k8s/apps/cloudflared/cloudflared-mnke.yaml | 10 ++----- .../ingressroutes/internal/kustomization.yaml | 1 + .../ingressroutes/internal/up-mnke-org.yaml | 30 +++++++++++++++++++ k8s/apps/uptime-kuma/release.yaml | 20 ++----------- 5 files changed, 38 insertions(+), 28 deletions(-) create mode 100644 k8s/apps/ingressroutes/internal/up-mnke-org.yaml diff --git a/dns/zones/mnke.org.zone b/dns/zones/mnke.org.zone index 4979a75..74d028b 100644 --- a/dns/zones/mnke.org.zone +++ b/dns/zones/mnke.org.zone @@ -1,8 +1,9 @@ $ORIGIN mnke.org. -@ 900 IN SOA dns-server. hostadmin 13 900 300 604800 900 +@ 900 IN SOA dns-server. hostadmin 33 900 300 604800 900 @ 3600 IN NS dns-server. authentik 600 IN CNAME authentik.dolo blog 600 IN CNAME blog.dolo git 600 IN CNAME git.jumper -vault 600 IN CNAME vault.jumper panel 600 IN CNAME panel.jumper +up 600 IN CNAME up.dolo +vault 600 IN CNAME vault.jumper diff --git a/k8s/apps/cloudflared/cloudflared-mnke.yaml b/k8s/apps/cloudflared/cloudflared-mnke.yaml index 1219411..7086fd2 100644 --- a/k8s/apps/cloudflared/cloudflared-mnke.yaml +++ b/k8s/apps/cloudflared/cloudflared-mnke.yaml @@ -116,13 +116,7 @@ data: service: https://blog.mnke.org - hostname: media.mnke.org service: https://media.mnke.org - # The old tonydu.me domains will be routed like this though. This - # is because I no longer want to support internal DNS entries for tonydu.me - - hostname: blog.tonydu.me - service: https://traefik.traefik.svc.cluster.local - originRequest: - noTLSVerify: true - http2Origin: true - httpHostHeader: blog.tonydu.me + - hostname: up.mnke.org + service: https://up.mnke.org # This rule matches any traffic which didn't match a previous rule, and responds with HTTP 404. - service: http_status:404 diff --git a/k8s/apps/ingressroutes/internal/kustomization.yaml b/k8s/apps/ingressroutes/internal/kustomization.yaml index 0c4c006..a178189 100644 --- a/k8s/apps/ingressroutes/internal/kustomization.yaml +++ b/k8s/apps/ingressroutes/internal/kustomization.yaml @@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - blog-tonydu.yaml + - up-mnke-org.yaml diff --git a/k8s/apps/ingressroutes/internal/up-mnke-org.yaml b/k8s/apps/ingressroutes/internal/up-mnke-org.yaml new file mode 100644 index 0000000..6b9e7a3 --- /dev/null +++ b/k8s/apps/ingressroutes/internal/up-mnke-org.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: up-mnke-org + namespace: default +spec: + entryPoints: + - websecure + routes: + - match: >- + (Host(`up.mnke.org`) || Host(`up.dolo.mnke.org`)) && + (PathRegex(`^/status/*$`) || PathRegex(`^/api/*`)) + kind: Rule + services: + - kind: Service + name: uptime-kuma + port: http + + - match: Host(`up.mnke.org`) || Host(`up.dolo.mnke.org`) + kind: Rule + middlewares: + - name: authentik + namespace: default + services: + - kind: Service + name: uptime-kuma + port: http + tls: + secretName: wildcard-mnke-org-tls diff --git a/k8s/apps/uptime-kuma/release.yaml b/k8s/apps/uptime-kuma/release.yaml index 4926e2d..b26df51 100644 --- a/k8s/apps/uptime-kuma/release.yaml +++ b/k8s/apps/uptime-kuma/release.yaml @@ -18,24 +18,8 @@ spec: namespace: flux-system values: ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: le-cf-issuer - kubernetes.io/ingress.class: traefik - hosts: - - host: uptime.dolo.mnke.org - paths: - - path: / - pathType: ImplementationSpecific - - host: uptime.mnke.org - paths: - - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - uptime.dolo.mnke.org - - uptime.mnke.org - secretName: wildcard-mnke-org-tls + # We make our own IngressRoute for more granular control. + enabled: false resources: limits: cpu: 200m