platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix: update ingress whitelisting annotations to use oceanbox.io/expose setting

Browse Source
This commit is contained in:
Jonas Juselius
2024-02-14 08:33:37 +01:00
parent dea6058420
commit 0dd70c4605
14 changed files with 12 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files
charts/busynix/values-prod.yaml
+1 -1
View File
@@ -4,7 +4,7 @@ ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
hosts:
- host: busynix.srv.oceanbox.io
paths:
charts/busynix/values-staging.yaml
+1 -1
View File
@@ -7,7 +7,7 @@ ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
hosts:
- host: busynix.beta.oceanbox.io
paths:
charts/geoserver/base/_manifest.yaml
-210
View File
@@ -1,210 +0,0 @@
---
# Source: geoserver/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: geoserver
labels:
helm.sh/chart: geoserver-1.1.0
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
app.kubernetes.io/version: "2.23.1"
app.kubernetes.io/managed-by: Helm
---
# Source: geoserver/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: geoserver
labels:
helm.sh/chart: geoserver-1.1.0
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
app.kubernetes.io/version: "2.23.1"
app.kubernetes.io/managed-by: Helm
data:
geoserver_admin_password: "Z2Vvc2VydmVy"
---
# Source: geoserver/templates/persistence.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: geoserver
labels:
helm.sh/chart: geoserver-1.1.0
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
app.kubernetes.io/version: "2.23.1"
app.kubernetes.io/managed-by: Helm
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "10Gi"
---
# Source: geoserver/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: geoserver
labels:
helm.sh/chart: geoserver-1.1.0
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
app.kubernetes.io/version: "2.23.1"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: geoserver
protocol: TCP
name: geoserver
selector:
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
---
# Source: geoserver/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: geoserver
labels:
helm.sh/chart: geoserver-1.1.0
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
app.kubernetes.io/version: "2.23.1"
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
strategy:
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
spec:
serviceAccountName: geoserver
securityContext:
fsGroup: 2000
containers:
- name: geoserver
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
runAsUser: 0
seccompProfile:
type: RuntimeDefault
image: "docker.osgeo.org/geoserver:2.23.1"
imagePullPolicy: IfNotPresent
env:
- name: INSTALL_EXTENSIONS
value: "false"
- name: STABLE_EXTENSIONS
value: ""
- name: CORS_ENABLED
value: "true"
- name: GEOSERVER_CSRF_WHITELIST
value: "geoserver.beta.oceanbox.io"
- name: SKIP_DEMO_DATA
value: "true"
- name: EXTRA_JAVA_OPTS
value: "-Xms512m -Xmx2g"
- name: GEOSERVER_ADMIN_USER
value: admin
- name: GEOSERVER_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: geoserver
key: geoserver_admin_password
ports:
- name: geoserver
containerPort: 8080
protocol: TCP
volumeMounts:
- name: geoserver
mountPath: /opt/geoserver_data
startupProbe:
httpGet:
path: /geoserver/web
port: geoserver
failureThreshold: 10
periodSeconds: 30
livenessProbe:
httpGet:
path: /geoserver/web
port: geoserver
readinessProbe:
httpGet:
path: /geoserver/web
port: geoserver
resources:
{}
volumes:
- name: geoserver
persistentVolumeClaim:
claimName: geoserver
---
# Source: geoserver/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: geoserver
labels:
helm.sh/chart: geoserver-1.1.0
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
app.kubernetes.io/version: "2.23.1"
app.kubernetes.io/managed-by: Helm
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
spec:
tls:
- hosts:
- "geoserver.beta.oceanbox.io"
secretName: staging-geoserver-tls
rules:
- host: "geoserver.beta.oceanbox.io"
http:
paths:
- path: /geoserver/
pathType: ImplementationSpecific
backend:
service:
name: geoserver
port:
number: 8080
---
# Source: geoserver/templates/tests/test-connection.yaml
apiVersion: v1
kind: Pod
metadata:
name: "geoserver-test-connection"
labels:
helm.sh/chart: geoserver-1.1.0
app.kubernetes.io/name: geoserver
app.kubernetes.io/instance: staging
app.kubernetes.io/version: "2.23.1"
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['geoserver:8080']
restartPolicy: Never
charts/geoserver/prod/ingress-web.yaml
+1 -1
View File
@@ -5,7 +5,7 @@ metadata:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
labels:
app.kubernetes.io/instance: geoserver
app.kubernetes.io/name: geoserver
charts/geoserver/staging/ingress-web.yaml
+1 -1
View File
@@ -5,7 +5,7 @@ metadata:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
labels:
app.kubernetes.io/instance: geoserver
app.kubernetes.io/name: geoserver
charts/geoserver/values-staging.yaml
+1 -1
View File
@@ -83,7 +83,7 @@ ingress:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
hosts:
- host: geoserver.beta.oceanbox.io
tls:
charts/hipster/values-prod.yaml
+1 -1
View File
@@ -3,4 +3,4 @@ fullnameOverride: hipster
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
charts/hipster/values-staging.yaml
+1 -1
View File
@@ -6,4 +6,4 @@ image:
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
charts/osm-tile-server/values-prod.yaml
+1 -1
View File
@@ -4,7 +4,7 @@ ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
hosts:
- host: osm.srv.oceanbox.io
paths:
charts/osm-tile-server/values-staging.yaml
+1 -1
View File
@@ -7,7 +7,7 @@ ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
hosts:
- host: osm.beta.oceanbox.io
paths:
charts/rabbitmq/values-prod.yaml
+1 -1
View File
@@ -9,7 +9,7 @@ ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
enabled: true
extraHosts: []
extraPaths: []
charts/rabbitmq/values-staging.yaml
+1 -1
View File
@@ -9,7 +9,7 @@ ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
atlantis.oceanbox.io/expose: internal
enabled: true
extraHosts: []
extraPaths: []
charts/seq/values.yaml
+1 -1
View File
@@ -63,8 +63,8 @@ service:
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
kubernetes.io/ingress.class: nginx
atlantis.oceanbox.io/expose: internal
tls:
- secretName: seq-tls
hosts:
charts/wordpress/values.yaml
-1
View File
@@ -54,7 +54,6 @@ ingress:
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
tls: false
selfSigned: false
extraHosts: