taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kubernetes: move jellyfin to private ingress

Browse Source
This commit is contained in:
Taqi Tahmid
2025-07-02 18:40:54 +03:00
parent 79e4a02657
commit 523c190c7a
2 changed files with 53 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/terraform/kubernetes/backend.tf
View File

@ -1,7 +1,7 @@
terraform { terraform {
backend "s3" { backend "s3" {
bucket = "terraform-state" # Name of the MinIO bucket bucket = "terraform-state" # Name of the MinIO bucket
key = "proxmox/terraform.tfstate" # Path to the state file in the bucket key = "kubernetes/terraform.tfstate" # Path to the state file in the bucket
endpoint = var.minio_endpoint # MinIO API endpoint endpoint = var.minio_endpoint # MinIO API endpoint
access_key = var.minio_access_key # MinIO access key access_key = var.minio_access_key # MinIO access key
secret_key = var.minio_secret_key # MinIO secret key secret_key = var.minio_secret_key # MinIO secret key

76
kubernetes/media/jellyfin-deploy.yaml
View File

@ -71,36 +71,64 @@ spec:
targetPort: 8096 targetPort: 8096
type: ClusterIP type: ClusterIP
# ---
# apiVersion: traefik.io/v1alpha1
# kind: IngressRoute
# metadata:
# name: jellyfin-ingress
# annotations:
# traefik.ingress.kubernetes.io/router.middlewares: jellyfin-headers@kubernetescrd
# spec:
# entryPoints:
# - websecure
# routes:
# - match: Host(`${JELLYFIN_HOST}`)
# kind: Rule
# services:
# - name: jellyfin-service
# port: 8096
# tls:
# secretName: jellyfin-tls-secret
# ---
# apiVersion: traefik.io/v1alpha1
# kind: Middleware
# metadata:
# name: jellyfin-headers
# spec:
# headers:
# customRequestHeaders:
# X-Forwarded-Proto: "https"
# customResponseHeaders:
# X-Frame-Options: "SAMEORIGIN"
--- ---
apiVersion: traefik.io/v1alpha1 apiVersion: networking.k8s.io/v1
kind: IngressRoute kind: Ingress
metadata: metadata:
name: jellyfin-ingress name: jellyfin-ingress
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: jellyfin-headers@kubernetescrd nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
nginx.ingress.kubernetes.io/server-header: "X-Frame-Options SAMEORIGIN"
nginx.ingress.kubernetes.io/proxy-set-header: "X-Forwarded-Proto https"
spec: spec:
entryPoints: ingressClassName: nginx
- websecure rules:
routes: - host: ${JELLYFIN_HOST}
- match: Host(`${JELLYFIN_HOST}`) http:
kind: Rule paths:
services: - path: /
- name: jellyfin-service pathType: Prefix
port: 8096 backend:
service:
name: jellyfin-service
port:
number: 8096
tls: tls:
secretName: jellyfin-tls-secret - hosts:
- ${JELLYFIN_HOST}
--- secretName: jellyfin-tls-secret
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: jellyfin-headers
spec:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
customResponseHeaders:
X-Frame-Options: "SAMEORIGIN"
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1