Heimdall
Heimdall Application Dashboard
Manifiesto
Namespace "heimdall" + PVC en StorageClass "ceph-rbd" + Deployment + Servicio + TLS Ingress con Certificado
# 0. Namespace
apiVersion: v1
kind: Namespace
metadata:
name: heimdall
---
# 1. PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: heimdall-config
namespace: heimdall
spec:
accessModes:
- ReadWriteOnce
storageClassName: ceph-rbd
resources:
requests:
storage: 1Gi
---
# 2. Deployment de heimdall
apiVersion: apps/v1
kind: Deployment
metadata:
name: heimdall
namespace: heimdall
spec:
replicas: 1
selector:
matchLabels:
app: heimdall
template:
metadata:
labels:
app: heimdall
spec:
containers:
- name: heimdall
image: lscr.io/linuxserver/heimdall:latest
ports:
- containerPort: 80
name: http
- containerPort: 443
name: https
volumeMounts:
- name: config
mountPath: /config
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Europe/Madrid"
volumes:
- name: config
persistentVolumeClaim:
claimName: heimdall-config
---
# 3. Service (ClusterIP)
apiVersion: v1
kind: Service
metadata:
name: heimdall
namespace: heimdall
spec:
selector:
app: heimdall
ports:
- name: http
port: 80
targetPort: 80
- name: https
port: 443
targetPort: 443
type: ClusterIP
---
# 4. Ingress con TLS
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: heimdall
namespace: heimdall
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: "letsencrypt-staging" # Cambia a letsencrypt-prod si es necesario
spec:
tls:
- hosts:
- heimdall.k8s.dominio.com # Cámbialo por tu dominio
secretName: heimdall-tls
rules:
- host: heimdall.k8s.dominio.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: heimdall
port:
number: 80