From 47532cba385d12afe62702be44b96552e23bcc1e Mon Sep 17 00:00:00 2001 From: Angel Nunez Mencias Date: Sun, 19 May 2024 11:32:01 +0000 Subject: [PATCH] limit access --- apps/default/music-assistant/release.yaml | 12 ++++++------ settings/settings.yaml | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/apps/default/music-assistant/release.yaml b/apps/default/music-assistant/release.yaml index 3b4dcb5c3..a982d277a 100644 --- a/apps/default/music-assistant/release.yaml +++ b/apps/default/music-assistant/release.yaml @@ -43,22 +43,22 @@ spec: hajimari.io/info: Music Assistant for Home Assistant hajimari.io/group: media hosts: - - host: "ma.pub.${CLUSTER_DOMAIN}" + - host: "mm.pub.${CLUSTER_DOMAIN}" paths: - path: / pathType: Prefix tls: - hosts: - - "ma.pub.${CLUSTER_DOMAIN}" + - "mm.pub.${CLUSTER_DOMAIN}" home: enabled: true annotations: hajimari.io/enable: "false" nginx.ingress.kubernetes.io/enable-global-auth: "false" - ingress.kubernetes.io/denylist-source-range: "192.168.2.0/30" #router doing nat - ingress.kubernetes.io/whitelist-source-range: "192.168.2.0/16,10.0.0.0/8" + #ingress.kubernetes.io/denylist-source-range: "192.168.2.0/30" #router doing nat + nginx.ingress.kubernetes.io/whitelist-source-range: "${INGRESS_WHITELIST_SOURCE_RANGE}" hosts: - - host: "ma.home.${CLUSTER_DOMAIN}" + - host: "mm.home.${CLUSTER_DOMAIN}" paths: - path: / pathType: Prefix @@ -66,7 +66,7 @@ spec: identifier: main tls: - hosts: - - "ma.home.${CLUSTER_DOMAIN}" + - "mm.home.${CLUSTER_DOMAIN}" persistence: data: diff --git a/settings/settings.yaml b/settings/settings.yaml index e79e17d06..1868741fa 100644 --- a/settings/settings.yaml +++ b/settings/settings.yaml @@ -32,6 +32,7 @@ data: CLUSTER_LB_UNIFI: "143" NETWORK_K8S_CLUSTER_CIDR: "10.0.0.0/8" + INGRESS_WHITELIST_SOURCE_RANGE: "10.0.0.0/8,192.168.0.0/19,192.168.128.0/17" CEPH_MONITOR_HOST_1: 192.168.4.11:6789 CEPH_MONITOR_HOST_2: 192.168.4.12:6789