Refactor Authelia,Longhorn,Traefik; Enable ingress middlewares; Update docs

services/Authelia/_namespace-authelia.yml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: authelia

services/Authelia/deploy-Authelia.yml

@@ -1,147 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: authelia
-  labels:
-    app: authelia
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: authelia
-  template:
-    metadata:
-      labels:
-        app: authelia
-    spec:
-      enableServiceLinks: false
-      containers:
-      - name: authelia
-        image: authelia/authelia:4
-        imagePullPolicy: Always
-        env:
-        - name: TZ
-          value: Europe/Amsterdam
-        ports:
-          - name: web
-            containerPort: 9091
-        volumeMounts:
-        - name: flexvolsmb-authelia-conf
-          mountPath: /config
-      - name: redis
-        image: redis:7-alpine
-        args:
-          - redis-server
-          - --requirepass
-          - authelia
-          - --appendonly
-          - 'yes'
-        ports:
-          - name: redis
-            containerPort: 6379
-        volumeMounts:
-        - name: flexvolsmb-authelia-redis
-          mountPath: /data
-      volumes:
-      - name: flexvolsmb-authelia-conf
-        persistentVolumeClaim:
-          claimName: flexvolsmb-authelia-conf
-      - name: flexvolsmb-authelia-redis
-        persistentVolumeClaim:
-          claimName: flexvolsmb-authelia-redis
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: authelia
-spec:
-  ports:
-    - protocol: TCP
-      name: web
-      port: 9091
-    - protocol: TCP
-      name: redis
-      port: 6379
-  selector:
-    app: authelia
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: authelia
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`auth.spamasaurus.com`)
-    kind: Rule
-    services:
-    - name: authelia
-      port: 9091
-    middlewares:
-      - name: security-headers@file
-      - name: compression@file
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-authelia-conf
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-conf
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: smb-secret
-    options:
-      opts: domain=bessems.eu,file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
-      server: 192.168.11.225
-      share: /K3s.Volumes/authelia/conf
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-authelia-conf
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-conf
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: flexvolsmb-authelia-redis
-spec:
-  capacity:
-    storage: 1Gi
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-redis
-  flexVolume:
-    driver: mount/smb
-    secretRef:
-      name: smb-secret
-    options:
-      opts: domain=bessems.eu,file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
-      server: 192.168.11.225
-      share: /K3s.Volumes/authelia/redis
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: flexvolsmb-authelia-redis
-  namespace: default
-spec:
-  accessModes:
-    - ReadWriteMany
-  storageClassName: flexvolsmb-authelia-redis
-  resources:
-    requests:
-      storage: 1Gi

services/Authelia/deployment-authelia.yaml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: authelia
+  namespace: authelia
+  labels:
+    app: authelia
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: authelia
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: authelia
+    spec:
+      enableServiceLinks: false
+      containers:
+      - name: authelia
+        image: authelia/authelia:4
+        imagePullPolicy: Always
+        env:
+        - name: TZ
+          value: Europe/Amsterdam
+        ports:
+          - name: web
+            containerPort: 9091
+        volumeMounts:
+        - name: flexvolsmb-authelia-conf
+          mountPath: /config
+      - name: redis
+        image: redis:7-alpine
+        args:
+          - redis-server
+          - --requirepass
+          - authelia
+          - --appendonly
+          - 'yes'
+        ports:
+          - name: redis
+            containerPort: 6379
+        volumeMounts:
+        - name: flexvolsmb-authelia-redis
+          mountPath: /data
+      volumes:
+      - name: flexvolsmb-authelia-conf
+        persistentVolumeClaim:
+          claimName: flexvolsmb-authelia-conf
+      - name: flexvolsmb-authelia-redis
+        persistentVolumeClaim:
+          claimName: flexvolsmb-authelia-redis

services/Authelia/ingressroute-authelia.yaml

@@ -0,0 +1,17 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: authelia
+  namespace: authelia
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`auth.spamasaurus.com`)
+    kind: Rule
+    services:
+    - name: authelia
+      port: 9091
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file

services/Authelia/persistentvolume-flexvolsmb-authelia-conf.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-authelia-conf
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-authelia-conf
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0600,dir_mode=0600,iocharset=utf8,nobrl
+      server: 192.168.154.225
+      share: /K3s.Volumes/authelia/conf

services/Authelia/persistentvolume-flexvolsmb-authelia-redis.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-authelia-redis
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-authelia-redis
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0700,dir_mode=0700,uid=999,gid=1000,iocharset=utf8,nobrl
+      server: 192.168.154.225
+      share: /K3s.Volumes/authelia/redis

services/Authelia/persistentvolumeclaim-flexvolsmb-authelia-conf.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-authelia-conf
+  namespace: authelia
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-authelia-conf
+  resources:
+    requests:
+      storage: 1Gi

services/Authelia/persistentvolumeclaim-flexvolsmb-authelia-redis.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-authelia-redis
+  namespace: authelia
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-authelia-redis
+  resources:
+    requests:
+      storage: 1Gi

services/Authelia/sealedsecret-flexvolsmb-credentials.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: flexvolsmb-credentials
+  namespace: authelia
+spec:
+  encryptedData:
+    password: AgC/GDJHhqeyFSWsJ8Ie3tt9ppAe3Ns6tt29rieMKcJrQ71sn47MFEow9SOJJVNSjzUWukDg8tRrkq3CdB63jz7NO6CWKNy++nlSU0adDtuwioNUov3a9bnhzgdjjM/ZzpO/pz7j/utGFO1bkPWn4bU/tGoRYM1TsjP1t9m2qL/Me9LigLtafG8LTd/JKNHdyvii1CNcWkZoxKTocy+YdB3hA+0KZClxaQ2O5KPZMl6AoxJGWcuOVpvqQ831Epkl4f+uJp+YtMZbu+poB+hxhuhFZZH9Sx1sn20mZd8M2Kc863oJjzpZPAR5I9faMmDyEqBvJmdS9C9dZrpIdeDZFm25QYIGgu3ZNk+LItuWSoW8kZGsEefsINV6rqAOQmysfvq5aPkYe90RHvaf6Nf0F4wYq1fEiEoSnLPH+J0ToUSIPxMftBcXimTm/HtkUJCg2+rDb+EHp9ahjGaJBp45vd8hOKSF50GA2X8e4UlvbR6QBib6G//F7Pf6OBgsVxSvKQmlSsrBJRo3hxm7G7iLWd5lCmk0jbgRFWJvEnQMk/FqYoc/fcodpGtzEM0I6jL4Kpi1DnRnIgHQTWtU3LVF9aym2H1ExhZfhu0I2F56VQsQcg3vUVOBOwF+XjlrBaAEAEMcbBuigUbvqiSfpUHMQJSsIjtnkAEUs0/19iNCNNSvmjENr5Ml+88iqYQmg9hY11s4LbrsXa5t8q2TgTBrfPVw
+    username: AgCORI9b0L6FSdB+yDY6VEq77p9CFcwnpZ7nb0M1bz7tVNluYQSB69Y6dLTDCCVx2KdOXyU/QOdb0z8mzEywtC9R4Kzm4+SkTRHgrKOTmxXF3qW5VZDe0UlbSbJUUb3YdC9k2HPPoUvg45woGv1LGXFHgYTxbG+U1lxU8LDoMKfBQ3+GaeUUjI2bx33kyHKztyQizd+b2eSkoSHwRCHiBWZMNYa3zEvY6+07ytKJtaOhGhVsdt04blw4jUMym2sHOBCf95pAzI9gJH2RcuQBQI+ZXci0VeMPvmY3B6T+MruH+1Goy+/HoZOjI2Keu1Jk/Ppg/1FyB9VGX6A2YMyismk8LKWKG0/RNBfWn8RcDVlpgAcjDeX2PdYY17E/gZz2NLnIctBJ/dc93QjrAp/ZfLXBakCA3d0LKLFjUbpKwgaST5wnKif+UjqasDyjVkEG7jK5lGk3fmRCDyPgyxzqkUOSeCHQjDUa07AqKm56qfz/Wr9gm94VC1GiQ39F5/LAnAa2+qAQyJ+RVCBkXmt33sDSvelmXKmh9rIBCvsIxwUSkprpf76HcReRjaRv/9CyuPaskjYAkwOX6/NQPDQVHgKYtvoUhm4OnJ4amrsK2tPco1HC9xPGFIhrqoWeyfiUc1ui8IjxO5geV4hAWSUi5J/H3XBXsFpQt6ZqbemTnQyorTGd0asNP/6OTBtMcIgaPMmZi7F1Olo=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: flexvolsmb-credentials
+      namespace: authelia
+    type: mount/smb

services/Authelia/service-authelia.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: authelia
+  namespace: authelia
+spec:
+  ports:
+    - protocol: TCP
+      name: web
+      port: 9091
+    - protocol: TCP
+      name: redis
+      port: 6379
+  selector:
+    app: authelia

services/Gitea/ingressRoute-Gitea.yml

@@ -12,6 +12,6 @@ spec:
     services:
     - name: gitea
       port: 3000
-    # middlewares:
-    #   - name: security-headers@file
-    #   - name: compression@file
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file

services/Guacamole/ingressRoute-Guacamole.yml

@@ -14,5 +14,5 @@ spec:
       port: 8080
     middlewares:
       - name: prepend-path-guacamole
-      # - name: security-headers@file
-      # - name: compression@file
+      - name: security-headers@file
+      - name: compression@file

services/Vaultwarden/ingressroute-vaultwarden.yaml

@@ -20,6 +20,6 @@ spec:
     services:
     - name: vaultwarden
       port: 3012
-    # middlewares:
-    #   - name: security-headers@file
-    #   - name: compression@file
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file