Sascha Dodenhöft
00c7ec292f
Namespace, StorageClass (Longhorn), Postgres, API, Web, OAuth2-Proxy (Zitadel OIDC) und Traefik-Ingress fuer https://gongme.expertfab.de. Images: git.expertfab.de/expertfab/ef-gongme-{api,web}:latest Auth: Zitadel hinter OAuth2-Proxy v7.7.1 TLS: cert-manager letsencrypt-ClusterIssuer secret-oauth2.yaml enthaelt Platzhalter — CLIENT_ID/SECRET muessen nach Zitadel-App-Anlage eingetragen werden. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
41 lines
1.0 KiB
YAML
41 lines
1.0 KiB
YAML
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: redirect-https
|
|
namespace: gongme
|
|
spec:
|
|
redirectScheme:
|
|
scheme: https
|
|
permanent: true
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: gongme
|
|
namespace: gongme
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
|
traefik.ingress.kubernetes.io/router.middlewares: gongme-redirect-https@kubernetescrd
|
|
# SSE-Verbindungen (EventSource) bleiben lange offen — Timeouts hochsetzen.
|
|
ingress.kubernetes.io/proxy-read-timeout: "3600"
|
|
ingress.kubernetes.io/proxy-send-timeout: "3600"
|
|
spec:
|
|
ingressClassName: traefik
|
|
rules:
|
|
- host: gongme.expertfab.de
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: oauth2-proxy
|
|
port:
|
|
number: 4180
|
|
tls:
|
|
- hosts:
|
|
- gongme.expertfab.de
|
|
secretName: gongme-tls
|