initial commit

Signed-off-by: Ava Affine <ava@sunnypup.io>

templates/routing.yaml

@@ -0,0 +1,224 @@
+#dop_v1_8b514aa82e4930e58f8098a54088a36c01af2fb6020b792f7a7fe4be694ddc52
+# BIG NOTE
+# CAMS AND FRIGATE REMAIN UNEXPOSED TO WEB
+apiVersion: v1
+kind: Secret
+metadata:
+  name: digitalocean-dns
+  namespace: cert-manager
+data:
+  access-token: {{ .Values.digitalocean.access }}
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    email: ava@sunnypup.io
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cert-issuer-account-key
+    solvers:
+    - dns01:
+        digitalocean:
+          tokenSecretRef:
+            name: digitalocean-dns
+            key: access-token
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: sunnypup-certs
+spec:
+  secretName: sunnypup-certs
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+  - cloud.sunnypup.io
+  - office.sunnypup.io
+  - echo.sunnypup.io
+  - home.sunnypup.io
+  - hephaestus.sunnypup.io
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: smsm-certs
+spec:
+  secretName: smsm-certs
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+  - stmatthew-sanmateo.org
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: forge
+  labels:
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: hephaestus.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+    redirect:
+      enable: true
+  upstreams:
+    - name: forge
+      service: forge
+      port: 3000
+      client-max-body-size: 10M
+      read-timeout: 120s
+  routes:
+    - path: /
+      action:
+        pass: forge
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: collabora
+  labels: 
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: office.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+    redirect:
+      enable: true
+  upstreams:
+  - name: collabora
+    service: collabora-collabora-online
+    port: 9980
+    client-max-body-size: 1G
+  routes:
+  - path: /browser
+    action:
+      pass: collabora
+  - path: /hosting/discovery
+    action:
+      pass: collabora
+  - path: /hosting/capabilities
+    action:
+      pass: collabora
+  - path: /cool/adminws
+    action:
+      proxy:
+        upstream: collabora
+        requestHeaders:
+          pass: true
+          set:
+            - name: Connection 
+              value: "Upgrade"
+            - name: Upgrade
+              value: "${http_upgrade}"
+  - path: ~ ^/cool/(.*)/ws$
+    action:
+      proxy:
+        upstream: collabora
+        requestHeaders:
+          pass: true
+          set:
+            - name: Connection 
+              value: "Upgrade"
+            - name: Upgrade
+              value: "${http_upgrade}"
+  - path: /cool
+    action:
+      pass: collabora
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: homeassistant
+  labels: 
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: home.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+    redirect:
+      enable: true
+  upstreams:
+  - name: homeassistant
+    service: homeassistant
+    port: 8123
+  routes:
+  - path: /
+    location-snippets: |
+      proxy_buffering off;
+      proxy_redirect http:// https://;
+    action:
+      proxy:
+        upstream: homeassistant
+        requestHeaders:
+          pass: true
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: echo
+  labels: 
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: echo.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+  upstreams:
+  - name: echo
+    service: echo
+    port: 8080
+  routes:
+  - path: /
+    action:
+      pass: echo
+---
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: nextcloud
+  labels: 
+    acme.cert-manager.io/http01-solver: "true"
+spec:
+  host: cloud.sunnypup.io
+  tls:
+    cert-manager:
+      cluster-issuer: letsencrypt
+    secret: sunnypup-certs
+    redirect:
+      enable: true
+  upstreams:
+  - name: nextcloud
+    service: nextcloud
+    port: 80
+    client-max-body-size: 4g
+  routes:
+  - path: /
+    action:
+      pass: nextcloud
+---
+apiVersion: k8s.nginx.org/v1
+kind: TransportServer
+metadata:
+  name: forge-ssh-passthrough
+spec:
+  listener:
+    name: forge-ssh
+    protocol: TCP
+  upstreams:
+    - name: forge
+      service: forge
+      port: 22222
+  action:
+    pass: forge