kubernetes: move jellyfin to private ingress

2025-07-02 18:40:54 +03:00
parent 79e4a02657
commit 523c190c7a
2 changed files with 53 additions and 25 deletions
--- a/infra/terraform/kubernetes/backend.tf
+++ b/infra/terraform/kubernetes/backend.tf
@ -1,7 +1,7 @@
 terraform {
  backend "s3" {
    bucket                      = "terraform-state" # Name of the MinIO bucket
-    key                         = "proxmox/terraform.tfstate" # Path to the state file in the bucket
+    key                         = "kubernetes/terraform.tfstate" # Path to the state file in the bucket
    endpoint                    = var.minio_endpoint # MinIO API endpoint
    access_key                  = var.minio_access_key # MinIO access key
    secret_key                  = var.minio_secret_key # MinIO secret key
--- a/kubernetes/media/jellyfin-deploy.yaml
+++ b/kubernetes/media/jellyfin-deploy.yaml
@ -71,37 +71,65 @@ spec:
      targetPort: 8096
  type: ClusterIP

+# ---
+# apiVersion: traefik.io/v1alpha1
+# kind: IngressRoute
+# metadata:
+#   name: jellyfin-ingress
+#   annotations:
+#     traefik.ingress.kubernetes.io/router.middlewares: jellyfin-headers@kubernetescrd
+# spec:
+#   entryPoints:
+#     - websecure
+#   routes:
+#     - match: Host(`${JELLYFIN_HOST}`)
+#       kind: Rule
+#       services:
+#         - name: jellyfin-service
+#           port: 8096
+#   tls:
+#     secretName: jellyfin-tls-secret
+
+# ---
+# apiVersion: traefik.io/v1alpha1
+# kind: Middleware
+# metadata:
+#   name: jellyfin-headers
+# spec:
+#   headers:
+#     customRequestHeaders:
+#       X-Forwarded-Proto: "https"
+#     customResponseHeaders:
+#       X-Frame-Options: "SAMEORIGIN"
+
 ---
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
+apiVersion: networking.k8s.io/v1
+kind: Ingress
 metadata:
  name: jellyfin-ingress
  annotations:
-    traefik.ingress.kubernetes.io/router.middlewares: jellyfin-headers@kubernetescrd
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/proxy-http-version: "1.1"
+    nginx.ingress.kubernetes.io/server-header: "X-Frame-Options SAMEORIGIN"
+    nginx.ingress.kubernetes.io/proxy-set-header: "X-Forwarded-Proto https"
 spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`${JELLYFIN_HOST}`)
-      kind: Rule
-      services:
-        - name: jellyfin-service
-          port: 8096
+  ingressClassName: nginx
+  rules:
+    - host: ${JELLYFIN_HOST}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: jellyfin-service
+                port:
+                  number: 8096
  tls:
+    - hosts:
+        - ${JELLYFIN_HOST}
      secretName: jellyfin-tls-secret

---
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: jellyfin-headers
-spec:
-  headers:
-    customRequestHeaders:
-      X-Forwarded-Proto: "https"
-    customResponseHeaders:
-      X-Frame-Options: "SAMEORIGIN"
-
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate