add external device for dev

helm/external-devices/dev/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: external-devices
+description: Chart pour exposer les équipements externes via Traefik reverse proxy
+type: application
+version: 0.1.0
+appVersion: "1.0"
+

helm/external-devices/dev/templates/ingressroutes.yaml

@@ -0,0 +1,52 @@
+{{- range $name, $device := .Values.externalDevices }}
+{{- if $device.enabled }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ $name }}
+  namespace: {{ $device.namespace | default $.Values.global.namespace }}
+  labels:
+    app: external-device
+    device: {{ $name }}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`{{ $device.domain }}`)
+      kind: Rule
+      services:
+        - name: {{ $name }}-backend
+          port: {{ $device.port }}
+      {{- if $device.basicAuth.enabled }}
+      middlewares:
+        - name: {{ $name }}-auth
+      {{- end }}
+  tls:
+    secretName: {{ $device.tlsSecret | default $.Values.global.tlsSecret }}
+{{- if $.Values.global.redirectHttpToHttps }}
+---
+# Redirection HTTP vers HTTPS
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ $name }}-http-redirect
+  namespace: {{ $device.namespace | default $.Values.global.namespace }}
+  labels:
+    app: external-device
+    device: {{ $name }}
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`{{ $device.domain }}`)
+      kind: Rule
+      middlewares:
+        - name: redirect-https
+      services:
+        - name: {{ $name }}-backend
+          port: {{ $device.port }}
+{{- end }}
+{{- end }}
+{{- end }}
+

helm/external-devices/dev/templates/middlewares.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.global.redirectHttpToHttps }}
+---
+# Middleware pour rediriger HTTP vers HTTPS
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-https
+  namespace: {{ .Values.global.namespace }}
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+{{- end }}
+
+{{- range $name, $device := .Values.externalDevices }}
+{{- if and $device.enabled $device.basicAuth.enabled }}
+---
+# Middleware d'authentification basique pour {{ $name }}
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ $name }}-auth
+  namespace: {{ $device.namespace | default $.Values.global.namespace }}
+spec:
+  basicAuth:
+    secret: {{ $device.basicAuth.secretName }}
+{{- end }}
+{{- end }}
+

helm/external-devices/dev/templates/services.yaml

@@ -0,0 +1,21 @@
+{{- range $name, $device := .Values.externalDevices }}
+{{- if $device.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $name }}-backend
+  namespace: {{ $device.namespace | default $.Values.global.namespace }}
+  labels:
+    app: external-device
+    device: {{ $name }}
+spec:
+  type: ExternalName
+  externalName: {{ $device.ip }}
+  ports:
+    - port: {{ $device.port }}
+      targetPort: {{ $device.port }}
+      protocol: TCP
+{{- end }}
+{{- end }}
+

helm/external-devices/dev/values.yaml

@@ -0,0 +1,33 @@
+# Configuration pour les équipements externes exposés via Traefik (dev)
+# Les certificats TLS sont gérés par cert-manager dans le cluster OPS
+# ⚠️ Pour le moment, seuls les services externes en production sont configurés
+
+externalDevices:  
+  # OpenMediaVault
+  omv:
+    enabled: true
+    domain: "nas.dev.gkdomaine.fr"
+    ip: "10.78.20.107"  # ⚠️ À configurer avec l'IP réelle d'OpenMediaVault
+    port: 80
+    tlsSecret: "wildcard-dev-tls"
+    namespace: "traefik-dev"
+    basicAuth:
+      enabled: false
+      secretName: "omv-basic-auth"
+    
+  # Ajoutez d'autres équipements ici
+  # exemple:
+  # autre-equipement:
+  #   enabled: true
+  #   domain: "autre.dev.gkdomaine.fr"
+  #   ip: "192.168.1.30"
+  #   port: 80
+  #   tlsSecret: "wildcard-dev-tls"
+  #   namespace: "traefik-dev"
+
+# Configuration globale
+global:
+  namespace: "traefik-dev"
+  tlsSecret: "wildcard-dev-tls"
+  redirectHttpToHttps: true
+