Sunnypup-Helm/templates/routing.yaml

apiVersion: v1
kind: Secret
metadata:
  name: digitalocean-dns
  namespace: cert-manager
data:
  access-token: {{ .Values.digitalocean.access }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    email: ava@sunnypup.io
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: cert-issuer-account-key
    solvers:
    - dns01:
        digitalocean:
          tokenSecretRef:
            name: digitalocean-dns
            key: access-token
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: sunnypup-certs
spec:
  secretName: sunnypup-certs
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
  dnsNames:
  - cloud.sunnypup.io
  - office.sunnypup.io
  - echo.sunnypup.io
  - hephaestus.sunnypup.io
  - mimir.sunnypup.io
  - annwn.sunnypup.io
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: smsm-certs
spec:
  secretName: smsm-certs
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer
  dnsNames:
  - stmatthew-sanmateo.org
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: observability
  labels:
    acme.cert-manager.io/http01-solver: "true"
spec:
  host: mimir.sunnypup.io
  tls:
    cert-manager:
      cluster-issuer: letsencrypt
    secret: sunnypup-certs
    redirect:
      enable: true
  upstreams:
    - name: observability
      service: observability
      port: 3000
  routes:
    - path: /
      action:
        pass: observability
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: forge
  labels:
    acme.cert-manager.io/http01-solver: "true"
spec:
  host: hephaestus.sunnypup.io
  tls:
    cert-manager:
      cluster-issuer: letsencrypt
    secret: sunnypup-certs
    redirect:
      enable: true
  upstreams:
    - name: forge
      service: forge
      port: 3000
      client-max-body-size: 1G
      read-timeout: 120s
  routes:
    - path: /
      action:
        pass: forge
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: collabora
  labels: 
    acme.cert-manager.io/http01-solver: "true"
spec:
  host: office.sunnypup.io
  tls:
    cert-manager:
      cluster-issuer: letsencrypt
    secret: sunnypup-certs
    redirect:
      enable: true
  upstreams:
  - name: collabora
    service: collabora-collabora-online
    port: 9980
    client-max-body-size: 1G
  routes:
  - path: /browser
    action:
      pass: collabora
  - path: /hosting/discovery
    action:
      pass: collabora
  - path: /hosting/capabilities
    action:
      pass: collabora
  - path: /cool/adminws
    action:
      proxy:
        upstream: collabora
        requestHeaders:
          pass: true
          set:
            - name: Connection 
              value: "Upgrade"
            - name: Upgrade
              value: "${http_upgrade}"
  - path: ~ ^/cool/(.*)/ws$
    action:
      proxy:
        upstream: collabora
        requestHeaders:
          pass: true
          set:
            - name: Connection 
              value: "Upgrade"
            - name: Upgrade
              value: "${http_upgrade}"
  - path: /cool
    action:
      pass: collabora
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: homeassistant
  labels: 
    acme.cert-manager.io/http01-solver: "true"
spec:
  host: annwn.sunnypup.io
  tls:
    cert-manager:
      cluster-issuer: letsencrypt
    secret: sunnypup-certs
    redirect:
      enable: true
  upstreams:
  - name: homeassistant
    service: homeassistant
    port: 8123
  routes:
  - path: /
    location-snippets: |
      proxy_buffering off;
      proxy_redirect http:// https://;
    action:
      proxy:
        upstream: homeassistant
        requestHeaders:
          pass: true
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: echo
  labels: 
    acme.cert-manager.io/http01-solver: "true"
spec:
  host: echo.sunnypup.io
  tls:
    cert-manager:
      cluster-issuer: letsencrypt
    secret: sunnypup-certs
  upstreams:
  - name: echo
    service: echo
    port: 8080
  routes:
  - path: /
    action:
      pass: echo
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
  name: nextcloud
  labels: 
    acme.cert-manager.io/http01-solver: "true"
spec:
  host: cloud.sunnypup.io
  tls:
    cert-manager:
      cluster-issuer: letsencrypt
    secret: sunnypup-certs
    redirect:
      enable: true
  upstreams:
  - name: nextcloud
    service: nextcloud
    port: 80
    client-max-body-size: 4g
  routes:
  - path: /
    action:
      pass: nextcloud
---
apiVersion: k8s.nginx.org/v1
kind: TransportServer
metadata:
  name: forge-ssh-passthrough
spec:
  listener:
    name: forge-ssh
    protocol: TCP
  upstreams:
    - name: forge
      service: forge
      port: 22222
  action:
    pass: forge
---
apiVersion: k8s.nginx.org/v1
kind: TransportServer
metadata:
  name: matter-passthrough
spec:
  listener:
    name: matter-api
    protocol: TCP
  upstreams:
    - name: matter
      service: matter
      port: 5580
  action:
    pass: matter
initial commit Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-18 11:27:07 -07:00			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: digitalocean-dns`
			`namespace: cert-manager`
			`data:`
			`access-token: {{ .Values.digitalocean.access }}`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: ClusterIssuer`
			`metadata:`
			`name: letsencrypt`
			`spec:`
			`acme:`
			`email: ava@sunnypup.io`
			`server: https://acme-v02.api.letsencrypt.org/directory`
			`privateKeySecretRef:`
			`name: cert-issuer-account-key`
			`solvers:`
			`- dns01:`
			`digitalocean:`
			`tokenSecretRef:`
			`name: digitalocean-dns`
			`key: access-token`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: sunnypup-certs`
			`spec:`
			`secretName: sunnypup-certs`
			`issuerRef:`
			`name: letsencrypt`
			`kind: ClusterIssuer`
			`dnsNames:`
			`- cloud.sunnypup.io`
			`- office.sunnypup.io`
			`- echo.sunnypup.io`
			`- hephaestus.sunnypup.io`
Add observability stack Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-18 15:47:36 -07:00			`- mimir.sunnypup.io`
remove homeassistant proxy and rely fully on the container deployment Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-22 23:06:12 -07:00			`- annwn.sunnypup.io`
initial commit Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-18 11:27:07 -07:00			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: smsm-certs`
			`spec:`
			`secretName: smsm-certs`
			`issuerRef:`
			`name: letsencrypt`
			`kind: ClusterIssuer`
			`dnsNames:`
			`- stmatthew-sanmateo.org`
			`---`
			`apiVersion: k8s.nginx.org/v1`
			`kind: VirtualServer`
Add observability stack Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-18 15:47:36 -07:00			`metadata:`
			`name: observability`
			`labels:`
			`acme.cert-manager.io/http01-solver: "true"`
			`spec:`
			`host: mimir.sunnypup.io`
			`tls:`
			`cert-manager:`
			`cluster-issuer: letsencrypt`
			`secret: sunnypup-certs`
			`redirect:`
			`enable: true`
			`upstreams:`
			`- name: observability`
			`service: observability`
			`port: 3000`
			`routes:`
			`- path: /`
			`action:`
			`pass: observability`
			`---`
			`apiVersion: k8s.nginx.org/v1`
			`kind: VirtualServer`
initial commit Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-18 11:27:07 -07:00			`metadata:`
			`name: forge`
			`labels:`
			`acme.cert-manager.io/http01-solver: "true"`
			`spec:`
			`host: hephaestus.sunnypup.io`
			`tls:`
			`cert-manager:`
			`cluster-issuer: letsencrypt`
			`secret: sunnypup-certs`
			`redirect:`
			`enable: true`
			`upstreams:`
			`- name: forge`
			`service: forge`
			`port: 3000`
bump request body size for forgejo so that docker containers are reasonable to pull Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-23 18:39:30 -07:00			`client-max-body-size: 1G`
initial commit Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-18 11:27:07 -07:00			`read-timeout: 120s`
			`routes:`
			`- path: /`
			`action:`
			`pass: forge`
			`---`
			`apiVersion: k8s.nginx.org/v1`
			`kind: VirtualServer`
			`metadata:`
			`name: collabora`
			`labels:`
			`acme.cert-manager.io/http01-solver: "true"`
			`spec:`
			`host: office.sunnypup.io`
			`tls:`
			`cert-manager:`
			`cluster-issuer: letsencrypt`
			`secret: sunnypup-certs`
			`redirect:`
			`enable: true`
			`upstreams:`
			`- name: collabora`
			`service: collabora-collabora-online`
			`port: 9980`
			`client-max-body-size: 1G`
			`routes:`
			`- path: /browser`
			`action:`
			`pass: collabora`
			`- path: /hosting/discovery`
			`action:`
			`pass: collabora`
			`- path: /hosting/capabilities`
			`action:`
			`pass: collabora`
			`- path: /cool/adminws`
			`action:`
			`proxy:`
			`upstream: collabora`
			`requestHeaders:`
			`pass: true`
			`set:`
			`- name: Connection`
			`value: "Upgrade"`
			`- name: Upgrade`
			`value: "${http_upgrade}"`
			`- path: ~ ^/cool/(.*)/ws$`
			`action:`
			`proxy:`
			`upstream: collabora`
			`requestHeaders:`
			`pass: true`
			`set:`
			`- name: Connection`
			`value: "Upgrade"`
			`- name: Upgrade`
			`value: "${http_upgrade}"`
			`- path: /cool`
			`action:`
			`pass: collabora`
			`---`
			`apiVersion: k8s.nginx.org/v1`
			`kind: VirtualServer`
			`metadata:`
			`name: homeassistant`
			`labels:`
			`acme.cert-manager.io/http01-solver: "true"`
			`spec:`
remove homeassistant proxy and rely fully on the container deployment Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-22 23:06:12 -07:00			`host: annwn.sunnypup.io`
initial commit Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-07-18 11:27:07 -07:00			`tls:`
			`cert-manager:`
			`cluster-issuer: letsencrypt`
			`secret: sunnypup-certs`
			`redirect:`
			`enable: true`
			`upstreams:`
			`- name: homeassistant`
			`service: homeassistant`
			`port: 8123`
			`routes:`
			`- path: /`
			`location-snippets: \|`
			`proxy_buffering off;`
			`proxy_redirect http:// https://;`
			`action:`
			`proxy:`
			`upstream: homeassistant`
			`requestHeaders:`
			`pass: true`
			`---`
			`apiVersion: k8s.nginx.org/v1`
			`kind: VirtualServer`
			`metadata:`
			`name: echo`
			`labels:`
			`acme.cert-manager.io/http01-solver: "true"`
			`spec:`
			`host: echo.sunnypup.io`
			`tls:`
			`cert-manager:`
			`cluster-issuer: letsencrypt`
			`secret: sunnypup-certs`
			`upstreams:`
			`- name: echo`
			`service: echo`
			`port: 8080`
			`routes:`
			`- path: /`
			`action:`
			`pass: echo`
			`---`
			`apiVersion: k8s.nginx.org/v1`
			`kind: VirtualServer`
			`metadata:`
			`name: nextcloud`
			`labels:`
			`acme.cert-manager.io/http01-solver: "true"`
			`spec:`
			`host: cloud.sunnypup.io`
			`tls:`
			`cert-manager:`
			`cluster-issuer: letsencrypt`
			`secret: sunnypup-certs`
			`redirect:`
			`enable: true`
			`upstreams:`
			`- name: nextcloud`
			`service: nextcloud`
			`port: 80`
			`client-max-body-size: 4g`
			`routes:`
			`- path: /`
			`action:`
			`pass: nextcloud`
			`---`
			`apiVersion: k8s.nginx.org/v1`
			`kind: TransportServer`
			`metadata:`
			`name: forge-ssh-passthrough`
			`spec:`
			`listener:`
			`name: forge-ssh`
			`protocol: TCP`
			`upstreams:`
			`- name: forge`
			`service: forge`
			`port: 22222`
			`action:`
			`pass: forge`
homeassistant container deployment Signed-off-by: Ava Affine <ava@sunnypup.io> 2025-08-06 17:05:39 +00:00			`---`
			`apiVersion: k8s.nginx.org/v1`
			`kind: TransportServer`
			`metadata:`
			`name: matter-passthrough`
			`spec:`
			`listener:`
			`name: matter-api`
			`protocol: TCP`
			`upstreams:`
			`- name: matter`
			`service: matter`
			`port: 5580`
			`action:`
			`pass: matter`