From f3f9238d5fca428451b4467469305bae8a7d225c Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Sat, 29 Nov 2025 22:02:11 +0100 Subject: [PATCH] mtls fix 2 --- deployment/api-deployment.yaml | 3 - deployment/api-deployment.yaml.bak | 130 +++++++++++++++++++++++++++++ deployment/ui-deployment.yaml | 3 - deployment/ui-deployment.yaml.bak | 104 +++++++++++++++++++++++ 4 files changed, 234 insertions(+), 6 deletions(-) create mode 100644 deployment/api-deployment.yaml.bak create mode 100644 deployment/ui-deployment.yaml.bak diff --git a/deployment/api-deployment.yaml b/deployment/api-deployment.yaml index c1a67c5..73f4d45 100644 --- a/deployment/api-deployment.yaml +++ b/deployment/api-deployment.yaml @@ -108,10 +108,7 @@ metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-production-http traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd,homea2-security-headers@kubernetescrd - traefik.ingress.kubernetes.io/router.tls.options: homea2-homea2-mtls@kubernetescrd - # Traefik 2 mTLS Configuration traefik.ingress.kubernetes.io/router.tls.options: homea2-mtls@kubernetescrd - traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd spec: tls: - hosts: diff --git a/deployment/api-deployment.yaml.bak b/deployment/api-deployment.yaml.bak new file mode 100644 index 0000000..c1a67c5 --- /dev/null +++ b/deployment/api-deployment.yaml.bak @@ -0,0 +1,130 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api + namespace: homea2 + labels: + app: api + component: home-automation +spec: + replicas: 1 + selector: + matchLabels: + app: api + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + configmap.reloader.stakater.com/reload: "home-automation-environment,home-automation-config" + labels: + app: api + component: home-automation + spec: + containers: + - name: api + image: %IMAGE% + ports: + - containerPort: 8001 + name: http + env: + - name: MQTT_BROKER + valueFrom: + configMapKeyRef: + name: home-automation-environment + key: SHARED_MQTT_BROKER + - name: MQTT_PORT + valueFrom: + configMapKeyRef: + name: home-automation-environment + key: SHARED_MQTT_PORT + - name: REDIS_HOST + valueFrom: + configMapKeyRef: + name: home-automation-environment + key: SHARED_REDIS_HOST + - name: REDIS_PORT + valueFrom: + configMapKeyRef: + name: home-automation-environment + key: SHARED_REDIS_PORT + - name: REDIS_DB + valueFrom: + configMapKeyRef: + name: home-automation-environment + key: SHARED_REDIS_DB + - name: REDIS_CHANNEL + valueFrom: + configMapKeyRef: + name: home-automation-environment + key: API_REDIS_CHANNEL + volumeMounts: + - name: config-volume + mountPath: /app/config + readOnly: true + livenessProbe: + httpGet: + path: /health + port: 8001 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /health + port: 8001 + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 200m + memory: 256Mi + volumes: + - name: config-volume + configMap: + name: home-automation-config +--- +apiVersion: v1 +kind: Service +metadata: + name: api + labels: + app: api + component: home-automation +spec: + selector: + app: api + ports: + - port: 80 + targetPort: 8001 + name: http + type: ClusterIP +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: api-ingress + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production-http + traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd,homea2-security-headers@kubernetescrd + traefik.ingress.kubernetes.io/router.tls.options: homea2-homea2-mtls@kubernetescrd + # Traefik 2 mTLS Configuration + traefik.ingress.kubernetes.io/router.tls.options: homea2-mtls@kubernetescrd + traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd +spec: + tls: + - hosts: + - homea2-api.hottis.de + secretName: homea2-api-cert + rules: + - host: homea2-api.hottis.de + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: api + port: + number: 80 \ No newline at end of file diff --git a/deployment/ui-deployment.yaml b/deployment/ui-deployment.yaml index 82ea94c..f7179dc 100644 --- a/deployment/ui-deployment.yaml +++ b/deployment/ui-deployment.yaml @@ -85,10 +85,7 @@ metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-production-http traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd,homea2-security-headers@kubernetescrd - traefik.ingress.kubernetes.io/router.tls.options: homea2-homea2-mtls@kubernetescrd - # Traefik 2 mTLS Configuration traefik.ingress.kubernetes.io/router.tls.options: homea2-mtls@kubernetescrd - traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd spec: tls: - hosts: diff --git a/deployment/ui-deployment.yaml.bak b/deployment/ui-deployment.yaml.bak new file mode 100644 index 0000000..11b1278 --- /dev/null +++ b/deployment/ui-deployment.yaml.bak @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ui + namespace: homea2 + labels: + app: ui + component: home-automation +spec: + replicas: 1 + selector: + matchLabels: + app: ui + template: + metadata: + annotations: + reloader.stakater.com/auto: "true" + configmap.reloader.stakater.com/reload: "home-automation-environment" + labels: + app: ui + component: home-automation + spec: + containers: + - name: ui + image: %IMAGE% + ports: + - containerPort: 8002 + name: http + env: + - name: UI_PORT + valueFrom: + configMapKeyRef: + name: home-automation-environment + key: UI_UI_PORT + - name: API_BASE + valueFrom: + configMapKeyRef: + name: home-automation-environment + key: UI_API_BASE + - name: BASE_PATH + valueFrom: + configMapKeyRef: + name: home-automation-environment + key: UI_BASE_PATH + livenessProbe: + httpGet: + path: / + port: 8002 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 8002 + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: ui + labels: + app: ui + component: home-automation +spec: + selector: + app: ui + ports: + - port: 80 + targetPort: 8002 + name: http + type: ClusterIP +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ui-ingress + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production-http + traefik.ingress.kubernetes.io/router.middlewares: homea2-mtls-auth@kubernetescrd,homea2-security-headers@kubernetescrd + traefik.ingress.kubernetes.io/router.tls.options: homea2-homea2-mtls@kubernetescrd +spec: + tls: + - hosts: + - homea2.hottis.de + secretName: homea2-ui-cert + rules: + - host: homea2.hottis.de + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ui + port: + number: 80