extraccion de DNS/ revision de ACLs

2025-08-22 18:01:14 +02:00
parent bf44ad9c1d
commit 663d6422fc
28 changed files with 755 additions and 154 deletions
--- a/external/ingress/firewall.yaml
+++ b/external/ingress/firewall.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: firewall-ingress
+  namespace: external
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.200.0/24,192.168.0.0/24,10.244.0.0/16,192.168.4.0/24"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - admin.firewall.c2et.net
+      secretName: firewall-tls
+  rules:
+    - host: admin.firewall.c2et.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: external-router-svc
+                port:
+                  number: 80
--- a/external/ingress/powervault1.yaml
+++ b/external/ingress/powervault1.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: powervault1-ingress
+  namespace: external
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.200.0/24,192.168.0.0/24,10.244.0.0/16,192.168.4.0/24"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - admin.powervault1.c2et.net
+      secretName: powervault1-tls
+  rules:
+    - host: admin.powervault1.c2et.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: external-router-svc
+                port:
+                  number: 80
--- a/external/ingress/powervault2.yaml
+++ b/external/ingress/powervault2.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: powervault2-ingress
+  namespace: external
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.200.0/24,192.168.0.0/24,10.244.0.0/16,192.168.4.0/24"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - admin.powervault2.c2et.net
+      secretName: powervault2-tls
+  rules:
+    - host: admin.powervault2.c2et.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: external-router-svc
+                port:
+                  number: 80
--- a/external/ingress/router.yaml.save
+++ b/external/ingress/router.yaml.save
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: router-ingress
+  namespace: external
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - firewall.c2et.net
+      secretName: router-tls
+  rules:
+    - host: firewall.c2et.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: external-router-svc
+                port:
+                  number: 80