Thank you for sharing, looks great. I wonder how you configured access to the Kubernetes services. You mentioned you leverage WIreguard VPN but is it possible to configure SSL certificates for the VPN services?
I have added an edit but before you posted this so let me answer here (you can check the edit also if you feel like it)
Basically I use traefik and cert manager to retreieve star SSL certs (*.domain.com) for all the domains I own, as those are done via DNS-01 challenges you don't need your server to be accessible via internet.
The VPN is then pointing at adguard for its DNS and adguard points my star domains to traefik which then redirect to each services with the star certificate
EDIT: external services such as the VPN itself is also redirected via Traefik using external services objects so my VPN can sit outside the cluster (in my trueNAS machine) but still have an SSL cert
Thanks, indeed you are right using DNS 01 challenge can be appropriate for this.
Btw do you use a VPN for transmission. I mean, for egress traffic, I have been trying to figure out how to set it up without any luck.
Thanks for including descriptions. Too often I have to search for an unfamiliar app name and wonder: is it hosted on git? Is it this one with a .ai domain? Pretty sure this one is a pharma company website...
Yea seriously. Somebody is like “I run Cumface mostly it solves all my problems” and I’m like ‘great… now I have to wade through all these google results and lots of tissues until I find something related to my lab environment.’ Turns out it was a tool I didn’t even need and now everything is sticky and I’m confused.
At one point I was trying to setup keycloak and then authentik. What do you use for your ingress? The biggest issue I had (aside from not getting authentik to work) was finding the correct way to setup ingress-nginx to actually work properly with authentik.
You have any example yaml files that would help get started on this?
I am also doing this. So far only setup portainer. Would love to talk to you. I work with oauth2 but I am trying to learn more abd the authentik terms are different from my normal use case. There are many flows etc
Oh yeah it is a nightmare to get started (IMO) due to their own wording for most of the stuff I have added an edit if you want to check a bit more of how I have setup stuff maybe some questions will be answered there...