temp

k8s/xiongxiao.me/ingress/apps-ingressroute.yaml

@@ -310,3 +310,36 @@ spec:
           port: 3000
   tls:
     certResolver: letsencrypt
+---
+# RBAC 配置
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: default
+  name: traefik-ingressroute-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups: ["traefik.io"]
+    resources: ["ingressroutes"]
+    verbs: ["get", "list", "watch", "create", "update", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: traefik-ingressroute-rolebinding
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: traefik-ingressroute-sa
+    namespace: kube-system
+roleRef:
+  kind: Role
+  name: traefik-ingressroute-role
+  apiGroup: rbac.authorization.k8s.io

k8s/xiongxiao.me/ingress/home-ingress.yaml

@@ -0,0 +1,39 @@
+---
+# Traefik IngressRoute 配置 - Home Assistant
+# tags: traefik, ingressroute, https, ssl, home-assistant, websocket, ipv6
+# description: Home Assistant 服务的 Traefik IngressRoute 配置，支持 IPv6、HTTPS、WebSocket
+# title: Home Assistant IngressRoute 配置
+# createdAt: 2025-11-26
+---
+# Home Assistant HTTPS 入口
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: home-https
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`home.mz.xiongxiao.me`)
+      kind: Rule
+      services:
+        - name: home-external
+          port: 8123
+          scheme: http
+  tls:
+    certResolver: letsencrypt
+---
+# Home Assistant 外部服务 (通过域名解析 IPv6)
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-external
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: xionmi.mz.zxj.im
+---
+
+# kubectl run test-ipv6 --image=curlimages/curl:latest -it --rm -- sh
+# curl -6 http://home.mz.xiongxiao.me:8123

k8s/xiongxiao.me/ingress/rancher-ingress.yaml

@@ -1,27 +1,19 @@
 ---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
+# Rancher - rancher.xiongxiao.me
+# 使用 IngressRoute 以便正确使用 Let's Encrypt 证书
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
 metadata:
-  name: rancher
+  name: rancher-https
   namespace: cattle-system
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-    traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt  # 使用 Let's Encrypt
 spec:
-  ingressClassName: traefik
-  rules:
-  - host: rancher.xiongxiao.me
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: rancher
-            port:
-              number: 80
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`rancher.xiongxiao.me`)
+      kind: Rule
+      services:
+        - name: rancher
+          port: 80
   tls:
-  - hosts:
-    - rancher.xiongxiao.me
-    # secretName: tls-rancher-ingress  # 使用自动证书,不需要手动指定 secret
+    certResolver: letsencrypt