e9e0ffa3c2
- addons/ext-proxy/ → addons/ingress-proxypass/ (git mv, история сохранена) - Все переменные Ansible: ext_proxy_* → ingress_proxypass_* - Все имена ресурсов K8s: ext-proxy → ingress-proxypass (namespace, chart, release) - Helm-хелперы: "ext-proxy.*" → "ingress-proxypass.*" - Makefile: addon-ext-proxy → addon-ingress-proxypass - group_vars/all/addons.yml: addon_ext_proxy → addon_ingress_proxypass - playbooks/addons.yml: обновлена ссылка на роль - docs/addons.md, README.md: обновлены все упоминания
99 lines
3.1 KiB
YAML
99 lines
3.1 KiB
YAML
# ─── Global defaults applied to all proxies unless overridden per-proxy ────────
|
|
defaults:
|
|
# ingress-nginx class name
|
|
ingressClass: nginx
|
|
|
|
# ── TLS ───────────────────────────────────────────────────────────────────────
|
|
tls:
|
|
enabled: false
|
|
# Name of an existing TLS Secret (e.g. wildcard cert managed by cert-manager)
|
|
secretName: ""
|
|
# cert-manager ClusterIssuer / Issuer integration
|
|
certManager:
|
|
enabled: false
|
|
issuer: "" # ClusterIssuer name (e.g. letsencrypt-prod)
|
|
issuerKind: ClusterIssuer # ClusterIssuer | Issuer
|
|
|
|
# ── Basic Auth (nginx auth_basic) ──────────────────────────────────────────
|
|
auth:
|
|
enabled: false
|
|
# Pre-generated htpasswd string. Generate with:
|
|
# htpasswd -nb admin 'mypassword'
|
|
credentials: ""
|
|
# OR reference an existing Secret (must contain key "auth" with htpasswd data)
|
|
secretName: ""
|
|
|
|
# Enable WebSocket upgrade headers (proxy-http-version 1.1)
|
|
websocket: true
|
|
|
|
# Default path and pathType for Ingress rules
|
|
path: /
|
|
pathType: Prefix
|
|
|
|
# Proxy timeout settings (seconds)
|
|
proxyConnectTimeout: 60
|
|
proxyReadTimeout: 3600
|
|
proxySendTimeout: 3600
|
|
|
|
# Max request body size (0 = unlimited, e.g. "10m", "1g")
|
|
proxyBodySize: "1g"
|
|
|
|
# Additional annotations added to every Ingress (per-proxy annotations override these)
|
|
annotations: {}
|
|
|
|
# ─── External service definitions ───────────────────────────────────────────────
|
|
# Each entry creates: Service + Endpoints + Ingress (+ optional auth Secret)
|
|
proxies:
|
|
- name: plex
|
|
# One or more hostnames served by this Ingress rule
|
|
hosts:
|
|
- plex.home.ru
|
|
# External IP(s) — multiple IPs get round-robin load balancing via Endpoints
|
|
ips:
|
|
- 192.168.1.50
|
|
# External service port
|
|
port: 32400
|
|
# Per-proxy overrides — any defaults.* key can be set here
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
|
|
- name: router
|
|
hosts:
|
|
- router.home.ru
|
|
ips:
|
|
- 192.168.1.1
|
|
port: 8080
|
|
websocket: false
|
|
|
|
- name: grafana
|
|
hosts:
|
|
- grafana.home.local
|
|
ips:
|
|
- 192.168.1.60
|
|
port: 3000
|
|
websocket: true
|
|
|
|
# Full example with all options:
|
|
# - name: myservice
|
|
# hosts:
|
|
# - myservice.home.ru
|
|
# - myservice.internal
|
|
# ips:
|
|
# - 192.168.1.100
|
|
# - 192.168.1.101 # failover / round-robin
|
|
# port: 8080
|
|
# path: /myservice
|
|
# pathType: Prefix
|
|
# websocket: true
|
|
# tls:
|
|
# enabled: true
|
|
# secretName: wildcard-cert
|
|
# certManager:
|
|
# enabled: false
|
|
# auth:
|
|
# enabled: true
|
|
# credentials: "admin:$apr1$xyz..." # htpasswd -nb admin password
|
|
# annotations:
|
|
# nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
# nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
|