From 4e1f015a49d6fb5823500adaf50ecc3bc18d3dc9 Mon Sep 17 00:00:00 2001
From: Nick Adam <hi@nixk.de>
Date: Mon, 19 Jan 2026 00:05:20 +0100
Subject: [PATCH] added k3s planning md changes

---
 K3S_PLANNING.md                               | 11 ++---
 infrastructure/apps/traefik-edge/.gitignore   |  2 -
 .../config/dynamic/00-middlewares.yaml        |  0
 .../traefik-edge/config/dynamic/10-k3s.yaml   | 16 -------
 .../config/dynamic/20-legacy-vm.yaml          | 18 --------
 .../config/dynamic/90-edge-system.yaml        |  0
 .../apps/traefik-edge/config/traefik.yml      | 42 -------------------
 .../apps/traefik-edge/docker-compose.yml      | 30 -------------
 .../vm-docker-traefik-302.stabify.de.yml      |  4 --
 9 files changed, 6 insertions(+), 117 deletions(-)
 delete mode 100644 infrastructure/apps/traefik-edge/.gitignore
 delete mode 100644 infrastructure/apps/traefik-edge/config/dynamic/00-middlewares.yaml
 delete mode 100644 infrastructure/apps/traefik-edge/config/dynamic/10-k3s.yaml
 delete mode 100644 infrastructure/apps/traefik-edge/config/dynamic/20-legacy-vm.yaml
 delete mode 100644 infrastructure/apps/traefik-edge/config/dynamic/90-edge-system.yaml
 delete mode 100644 infrastructure/apps/traefik-edge/config/traefik.yml
 delete mode 100644 infrastructure/apps/traefik-edge/docker-compose.yml
 delete mode 100644 infrastructure/deployments/vm-docker-traefik-302.stabify.de.yml

diff --git a/K3S_PLANNING.md b/K3S_PLANNING.md
index c8c5dd0..728bad7 100644
--- a/K3S_PLANNING.md
+++ b/K3S_PLANNING.md
@@ -10,7 +10,7 @@ We will deploy a High-Availability (HA) K3s cluster consisting of 3 Control Plan
     *   VLAN 40 (IP Range: `10.100.40.0/24`).
     *   **VIP (Virtual IP):** A floating IP managed by `kube-vip` for the API Server and Ingress Controller.
 *   **Ingress Flow:**
-    *   `Internet` -> `Traefik Edge (VM 302)` -> `K3s VIP (LoadBalancer)` -> `Traefik Ingress (K3s)` -> `Pod`.
+    *   `Internet` -> `Traefik im k3s Cluster (VIP 10.100.40.6)` -> `Traefik Ingress (K3s)` -> `Pod`.
 *   **GitOps:**
     *   **Tool:** FluxCD.
     *   **Repository Structure:**
@@ -61,10 +61,11 @@ We will create a new role `k3s` and a corresponding playbook.
     *   `k3s-api.stabify.de` -> `10.100.40.5` (VIP).
     *   `*.k3s.stabify.de` -> `10.100.40.6` (Ingress VIP).
 
-*   **Traefik Edge Config (`vm-docker-traefik-302`):**
-    *   New Router/Service in `config/dynamic/30-k3s.yaml`.
-    *   Rule: `HostRegexp('^.+\.k3s\.stabify\.de$')`
-    *   Target: `https://10.100.40.6:443` (PassHostHeader=true).
+*   **Traefik Edge Config (im k3s Cluster):**
+    *   File Provider für TLS Passthrough zu k3s Services.
+    *   ConfigMap: `traefik-edge-dynamic-k3s`
+    *   Rule: `HostSNIRegexp('^.+\.k3s\.stabify\.de$')`
+    *   Target: `10.100.40.6:443` (TLS Passthrough).
 
 ## 5. Next Steps for Implementation
 
diff --git a/infrastructure/apps/traefik-edge/.gitignore b/infrastructure/apps/traefik-edge/.gitignore
deleted file mode 100644
index 69a494d..0000000
--- a/infrastructure/apps/traefik-edge/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-.env
-certs/
\ No newline at end of file
diff --git a/infrastructure/apps/traefik-edge/config/dynamic/00-middlewares.yaml b/infrastructure/apps/traefik-edge/config/dynamic/00-middlewares.yaml
deleted file mode 100644
index e69de29..0000000
diff --git a/infrastructure/apps/traefik-edge/config/dynamic/10-k3s.yaml b/infrastructure/apps/traefik-edge/config/dynamic/10-k3s.yaml
deleted file mode 100644
index 36408ce..0000000
--- a/infrastructure/apps/traefik-edge/config/dynamic/10-k3s.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-tcp:
-  routers:
-    # Alle k3s Domains (inkl. *.apps.internal.*) über TLS Passthrough
-    k3s-passthrough:
-      rule: "HostSNIRegexp(`^.+\\.k3s\\.stabify\\.de$`)"
-      entryPoints:
-        - websecure
-      service: k3s-cluster
-      tls:
-        passthrough: true
-
-  services:
-    k3s-cluster:
-      loadBalancer:
-        servers:
-          - address: "10.100.40.6:443"
diff --git a/infrastructure/apps/traefik-edge/config/dynamic/20-legacy-vm.yaml b/infrastructure/apps/traefik-edge/config/dynamic/20-legacy-vm.yaml
deleted file mode 100644
index 2ee64e0..0000000
--- a/infrastructure/apps/traefik-edge/config/dynamic/20-legacy-vm.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-http:
-  routers:
-    # Route für Apps auf VM 301
-    to-apps-vm:
-      rule: HostRegexp(`^[a-z0-9-]+\.apps\.stabify\.de$`)
-      service: apps-vm-service
-      entryPoints: [ websecure ]
-      tls:
-        certResolver: le
-        domains:
-          - main: "*.apps.stabify.de"
-
-  services:
-    apps-vm-service:
-      loadBalancer:
-        servers:
-          - url: "http://vm-docker-apps-301.stabify.de:80"
-        passHostHeader: true
\ No newline at end of file
diff --git a/infrastructure/apps/traefik-edge/config/dynamic/90-edge-system.yaml b/infrastructure/apps/traefik-edge/config/dynamic/90-edge-system.yaml
deleted file mode 100644
index e69de29..0000000
diff --git a/infrastructure/apps/traefik-edge/config/traefik.yml b/infrastructure/apps/traefik-edge/config/traefik.yml
deleted file mode 100644
index d4ae5ec..0000000
--- a/infrastructure/apps/traefik-edge/config/traefik.yml
+++ /dev/null
@@ -1,42 +0,0 @@
-api:
-  dashboard: false
-
-entryPoints:
-  web:
-    address: ":80"
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-
-  websecure:
-    address: ":443"
-    http:
-      tls:
-        certResolver: le
-        domains:
-          - main: "stabify.de"
-            sans:
-              - "*.stabify.de"
-              - "*.k3s.stabify.de"
-              - "*.sys.stabify.de"
-              - "*.apps.stabify.de"
-
-providers:
-  docker:
-    endpoint: "unix:///var/run/docker.sock"
-    exposedByDefault: false
-  file:
-    directory: "/etc/traefik/dynamic"
-    watch: true
-
-certificatesResolvers:
-  le:
-    acme:
-      email: acme@infrastructure.stabify.de
-      storage: /certs/acme.json
-      caServer: https://acme-v02.api.letsencrypt.org/directory
-      dnsChallenge:
-        provider: cloudflare
-        delayBeforeCheck: 10 
\ No newline at end of file
diff --git a/infrastructure/apps/traefik-edge/docker-compose.yml b/infrastructure/apps/traefik-edge/docker-compose.yml
deleted file mode 100644
index f938b20..0000000
--- a/infrastructure/apps/traefik-edge/docker-compose.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-services:
-  traefik:
-    image: traefik:v3.6
-    container_name: traefik-edge
-    restart: unless-stopped
-    security_opt:
-      - no-new-privileges:true
-    environment:
-      - TZ=Europe/Berlin
-      - CF_API_EMAIL=${CLOUDFLARE_EMAIL}
-      - CF_DNS_API_TOKEN=${CLOUDFLARE_API_KEY}
-    command:
-      # --- DEBUGGING AKTIVIEREN ---
-      - "--log.level=DEBUG"        # Setzt das Log-Level auf DEBUG (Fehlersuche)
-      - "--accesslog=true"
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./config/traefik.yml:/etc/traefik/traefik.yml:ro
-      - ./config/dynamic:/etc/traefik/dynamic:ro
-      - ./certs:/certs
-    networks:
-      - proxy
-networks:
-  proxy:
-    name: proxy-edge
\ No newline at end of file
diff --git a/infrastructure/deployments/vm-docker-traefik-302.stabify.de.yml b/infrastructure/deployments/vm-docker-traefik-302.stabify.de.yml
deleted file mode 100644
index 6c8c122..0000000
--- a/infrastructure/deployments/vm-docker-traefik-302.stabify.de.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-apps:
-  - name: traefik-edge
-    has_secrets: true # Benötigt Cloudflare Token
-    restart_on_config_change: true # Container neu starten wenn Config-Dateien geändert wurden
\ No newline at end of file