bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

restore external longhorn-ui

Browse Source
This commit is contained in:
Brad Stein 2025-09-05 02:12:45 -05:00
parent 1ac2c5112f
commit 7107558e41
18 changed files with 106 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
infrastructure/flux-system/kustomization-longhorn-ui.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: longhorn-ui
namespace: flux-system
spec:
interval: 10m
path: ./infrastructure/longhorn/ui-ingress
targetNamespace: longhorn-system
prune: true
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
dependsOn:
- name: core
wait: true

26
infrastructure/longhorn/ui-ingress/ingress.yaml Normal file
View File

@ -0,0 +1,26 @@
# infrastructure/longhorn/ui-ingress/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: longhorn-ingress
namespace: longhorn-system
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.middlewares: longhorn-system-longhorn-basicauth@kubernetescrd,longhorn-system-longhorn-headers@kubernetescrd
spec:
ingressClassName: traefik
tls:
- hosts: ["longhorn.bstein.dev"]
secretName: longhorn-tls
rules:
- host: longhorn.bstein.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: longhorn-frontend
port:
number: 80

6
infrastructure/longhorn/ui-ingress/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
# infrastructure/longhorn/ui-ingress/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- middlewares.yaml
- ingress.yaml

22
infrastructure/longhorn/ui-ingress/middleware.yaml Normal file
View File

@ -0,0 +1,22 @@
# infrastructure/longhorn/ui-ingress/middleware.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: longhorn-basicauth
namespace: longhorn-system
spec:
basicAuth:
secret: longhorn-basic-auth
realm: "Longhorn Dashboard"
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: longhorn-headers
namespace: longhorn-system
spec:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"

17
infrastructure/traefik/clusterrole.yaml
View File

@ -1,3 +1,4 @@
# infrastructure/traefik/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -60,3 +61,19 @@ rules:
- get
- list
- watch
- apiGroups:
- traefik.io
resources:
- middlewares
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
- traefikservices
verbs:
- get
- list
- watch

1
infrastructure/traefik/clusterrolebinding.yaml
View File

@ -1,3 +1,4 @@
# infrastructure/traefik/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:

2
infrastructure/traefik/deployment.yaml
View File

@ -1,3 +1,4 @@
# infrastructure/traefik/deployment.yaml
apiVersion: v1
items:
- apiVersion: apps/v1
@ -30,6 +31,7 @@ items:
containers:
- args:
- --providers.kubernetesIngress=true
- --providers.kubernetescrd=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --api.dashboard=true

1
infrastructure/traefik/kustomization.yaml
View File

@ -1,3 +1,4 @@
# infrastructure/traefik/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:

1
infrastructure/traefik/serviceaccount.yaml
View File

@ -1,3 +1,4 @@
# infrastructure/traefik/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:

6
scripts/jellyfin_manual_load.fish
View File

@ -193,7 +193,11 @@ if test -n "$REMOTE_SUBDIR"
end
# --- rsync flags (robust/resumable/overwrite) ---
set -l RSYNC_FLAGS -a --progress --partial --inplace --append-verify --human-readable --exclude='.nfs*' --chmod=Du=rwx,Dgo=rwx,Fu=rw,Fgo=rw --timeout=60 --contimeout=30
set -l RSYNC_FLAGS -a --progress --human-readable \
--partial --partial-dir=.rsync-partial --delay-updates \
--chmod=Du=rwx,Dgo=rwx,Fu=rw,Fgo=rw \
--timeout=600 --contimeout=30 \
--exclude='.nfs*'
# --- perform copy ---
set -l copy_ok 0

2
services/jellyfin/deployment.yaml
View File

@ -7,7 +7,7 @@ metadata:
labels:
app: jellyfin
spec:
replicas: 1
replicas: 0
strategy:
type: RollingUpdate
rollingUpdate:

2
services/jellyfin/loader.yaml
View File

@ -9,7 +9,7 @@ spec:
volumes:
- name: media
persistentVolumeClaim:
claimName: jellyfin-media
claimName: jellyfin-media-asteria
containers:
- name: toolbox
image: alpine:3.19

1
services/vault/helmrelease.yaml
View File

@ -1,3 +1,4 @@
# services/vault/helmrelease.yaml
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:

1
services/vault/ingress.yaml
View File

@ -1,3 +1,4 @@
# services/vault/helmrelease.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:

1
services/vault/kustomization.yaml
View File

@ -1,3 +1,4 @@
# services/vault/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: vault

1
services/vault/middleware.yaml
View File

@ -1,3 +1,4 @@
# services/vault/middleware.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:

1
services/vault/namespace.yaml
View File

@ -1,3 +1,4 @@
# services/vault/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:

1
services/vault/serverstransport.yaml
View File

@ -1,3 +1,4 @@
# services/vault/serverstransport.yaml
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata: