Update .gitignore to include generated noble-lab-ui-urls.md and enhance README.md with new role documentation. Refactor noble.yml to incorporate noble_landing_urls role for improved URL management. Add ingress configurations for alertmanager, prometheus, longhorn, and vault to support TLS termination via Traefik. Update network policies and values.yaml for vault to allow traffic from Traefik. These changes aim to streamline deployment and enhance service accessibility.

clusters/noble/apps/kube-prometheus-stack/values.yaml

@@ -35,6 +35,20 @@ alertmanager:
           resources:
             requests:
               storage: 5Gi
+  ingress:
+    enabled: true
+    ingressClassName: traefik
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    hosts:
+      - alertmanager.apps.noble.lab.pcenicni.dev
+    paths:
+      - /
+    pathType: Prefix
+    tls:
+      - secretName: alertmanager-apps-noble-tls
+        hosts:
+          - alertmanager.apps.noble.lab.pcenicni.dev
 
 prometheus:
   prometheusSpec:
@@ -48,6 +62,20 @@ prometheus:
           resources:
             requests:
               storage: 30Gi
+  ingress:
+    enabled: true
+    ingressClassName: traefik
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    hosts:
+      - prometheus.apps.noble.lab.pcenicni.dev
+    paths:
+      - /
+    pathType: Prefix
+    tls:
+      - secretName: prometheus-apps-noble-tls
+        hosts:
+          - prometheus.apps.noble.lab.pcenicni.dev
 
 grafana:
   persistence:
@@ -78,5 +106,7 @@ grafana:
     server:
       domain: grafana.apps.noble.lab.pcenicni.dev
       root_url: https://grafana.apps.noble.lab.pcenicni.dev/
+      # Traefik sets X-Forwarded-*; required for correct redirects and cookies behind the ingress.
+      use_proxy_headers: true
 
   # Loki datasource: apply `clusters/noble/apps/grafana-loki-datasource/loki-datasource.yaml` (sidecar ConfigMap) instead of additionalDataSources here.