feat(certificates): add TLS certificate and ingress configuration for sinceai.com

apps/apps/sinceai/certificate-sinceai-com.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: sinceai-com-crt
+  namespace: apps
+spec:
+  secretName: sinceai-com-crt
+  issuerRef:
+    name: dnspod
+    kind: ClusterIssuer
+    group: cert-manager.io
+  dnsNames:
+    - "sinceai.com"
+    - "*.sinceai.com"

apps/apps/sinceai/ingress-shop.yaml

@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: sinceai-shop
+  namespace: apps
+  annotations:
+    # 302 跳转到https://sinceai.taobao.com/
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      rewrite ^/(.*)$ https://sinceai.taobao.com/$1? permanent;
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: shop.sinceai.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: halo
+                port:
+                  number: 80
+  tls:
+    - hosts:
+        - shop.sinceai.com
+      secretName: sinceai-com-crt
+

apps/infra/net/tailscale/helmchart-hk.yaml

@@ -11,6 +11,8 @@ spec:
   valuesContent: |-
     nodeSelector:
       kubernetes.io/hostname: tchk
+    image:
+      tag: v1.90.6
     hostNetwork: true
     extraVolumes:
       - name: cert-volume

apps/infra/net/tailscale/helmchart-sh.yaml

@@ -11,6 +11,8 @@ spec:
   valuesContent: |-
     nodeSelector:
       kubernetes.io/hostname: tcd
+    image:
+      tag: v1.90.6
     hostNetwork: true
     extraVolumes:
       - name: cert-volume

install/README.md

@@ -126,13 +126,9 @@ kubectl taint nodes tca node-role.kubernetes.io/master:NoSchedule
 
 ### 节点网络优化
 
-可以在需要加速的节点屏蔽目标ip 比如85.113.71.11 让tailscale强制走drep服务器进行加速.
+可以在需要加速的节点屏蔽目标ip 比如47.79.16.80 让tailscale强制走drep服务器进行加速.
 
 ```shell
-iptables -A OUTPUT -p udp --dport 41641 -d 85.113.71.11 -j DROP && \
-iptables -A OUTPUT -p udp --dport 41641 -d 217.142.185.185 -j DROP && \
-iptables -A OUTPUT -p udp --dport 41641 -d 152.70.103.166 -j DROP && \
 iptables -A OUTPUT -p udp --dport 41641 -d 47.79.16.80 -j DROP && \
-ip6tables -A OUTPUT -p udp --dport 41641 -d 2001:df1:801:a020::2a0:a59e -j DROP && \
 ip6tables -A OUTPUT -p udp --dport 41641 -d 240b:4001:278:8402:0:3a3d:b8a5:3975 -j DROP
 ```