use ingress factory for all hosted ingresses [ci skip]

This commit is contained in:
Viktor Barzin 2025-01-14 22:53:04 +00:00
parent 3b9baa9f47
commit 13abb70576
36 changed files with 352 additions and 1448 deletions

View file

@ -62,7 +62,7 @@ resource "kubernetes_deployment" "actualbudget" {
resource "kubernetes_service" "actualbudget" { resource "kubernetes_service" "actualbudget" {
metadata { metadata {
name = "actualbudget-${var.name}" name = "budget-${var.name}"
namespace = "actualbudget" namespace = "actualbudget"
labels = { labels = {
app = "actualbudget-${var.name}" app = "actualbudget-${var.name}"
@ -81,43 +81,13 @@ resource "kubernetes_service" "actualbudget" {
} }
} }
resource "kubernetes_ingress_v1" "actualbudget" { module "ingress" {
metadata { source = "../../ingress_factory"
name = "actualbudget-ingress-${var.name}" namespace = "actualbudget"
namespace = "actualbudget" name = "budget-${var.name}"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" extra_annotations = {
"nginx.ingress.kubernetes.io/client-max-body-size" : "0" "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
"nginx.ingress.kubernetes.io/proxy-body-size" : "0", "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
# "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri"
# "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid"
# "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;"
}
}
spec {
tls {
hosts = ["budget-${var.name}.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "budget-${var.name}.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "actualbudget-${var.name}"
port {
number = 80
}
}
}
}
}
}
} }
} }

View file

@ -122,37 +122,14 @@ resource "kubernetes_service" "audiobookshelf" {
} }
} }
resource "kubernetes_ingress_v1" "audiobookshelf" { module "ingress" {
metadata { source = "../ingress_factory"
name = "audiobookshelf" namespace = "audiobookshelf"
namespace = "audiobookshelf" name = "audiobookshelf"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" extra_annotations = {
"nginx.ingress.kubernetes.io/proxy-body-size" : "20000m" "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
} "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
}
spec {
tls {
hosts = ["audiobookshelf.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "audiobookshelf.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "audiobookshelf"
port {
number = 80
}
}
}
}
}
}
} }
} }

View file

@ -113,66 +113,26 @@ resource "kubernetes_service" "calibre" {
} }
} }
} }
resource "kubernetes_ingress_v1" "calibre" {
metadata {
name = "calibre"
namespace = "calibre"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"
"gethomepage.dev/enabled" = "true" module "ingress" {
"gethomepage.dev/description" = "Book library" source = "../ingress_factory"
# gethomepage.dev/group: Media namespace = "calibre"
"gethomepage.dev/icon" : "calibre-web.png" name = "calibre"
"gethomepage.dev/name" = "Calibre" tls_secret_name = var.tls_secret_name
"gethomepage.dev/widget.type" = "calibreweb" extra_annotations = {
"gethomepage.dev/widget.url" = "https://calibre.viktorbarzin.me" "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"
"gethomepage.dev/widget.username" = var.homepage_username
"gethomepage.dev/widget.password" = var.homepage_password
"gethomepage.dev/pod-selector" = ""
# gethomepage.dev/weight: 10 # optional
# gethomepage.dev/instance: "public" # optional
}
}
spec { "gethomepage.dev/enabled" = "true"
tls { "gethomepage.dev/description" = "Book library"
hosts = ["calibre.viktorbarzin.me"] # gethomepage.dev/group: Media
secret_name = var.tls_secret_name "gethomepage.dev/icon" : "calibre-web.png"
} "gethomepage.dev/name" = "Calibre"
rule { "gethomepage.dev/widget.type" = "calibreweb"
host = "calibre.viktorbarzin.me" "gethomepage.dev/widget.url" = "https://calibre.viktorbarzin.me"
http { "gethomepage.dev/widget.username" = var.homepage_username
path { "gethomepage.dev/widget.password" = var.homepage_password
path = "/" "gethomepage.dev/pod-selector" = ""
backend { # gethomepage.dev/weight: 10 # optional
service { # gethomepage.dev/instance: "public" # optional
name = "calibre"
port {
number = 80
}
}
}
}
}
}
rule {
host = "books.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "calibre"
port {
number = 80
}
}
}
}
}
}
} }
} }

View file

@ -120,40 +120,10 @@ resource "kubernetes_service" "changedetection" {
} }
} }
resource "kubernetes_ingress_v1" "changedetection" { module "ingress" {
metadata { source = "../ingress_factory"
name = "changedetection-ingress" namespace = "changedetection"
namespace = "changedetection" name = "changedetection"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" protected = true
"nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx"
"nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri"
"nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid"
"nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;"
}
}
spec {
tls {
hosts = ["changedetection.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "changedetection.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "changedetection"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -83,37 +83,3 @@ resource "kubernetes_service" "cloudflared" {
} }
} }
resource "kubernetes_ingress_v1" "cloudflared" {
metadata {
name = "cloudflared"
namespace = "cloudflared"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
"nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
}
}
spec {
tls {
hosts = ["cloudflared.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "cloudflared.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "cloudflared"
port {
number = 80
}
}
}
}
}
}
}
}

View file

@ -54,7 +54,7 @@ resource "kubernetes_deployment" "cyberchef" {
resource "kubernetes_service" "cyberchef" { resource "kubernetes_service" "cyberchef" {
metadata { metadata {
name = "cyberchef" name = "cc"
namespace = "cyberchef" namespace = "cyberchef"
labels = { labels = {
"app" = "cyberchef" "app" = "cyberchef"
@ -73,36 +73,10 @@ resource "kubernetes_service" "cyberchef" {
} }
} }
resource "kubernetes_ingress_v1" "cyberchef" {
metadata {
name = "cyberchef"
namespace = "cyberchef"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
}
}
spec { module "ingress" {
tls { source = "../ingress_factory"
hosts = ["cc.viktorbarzin.me"] namespace = "cyberchef"
secret_name = var.tls_secret_name name = "cc"
} tls_secret_name = var.tls_secret_name
rule {
host = "cc.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "cyberchef"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -103,38 +103,11 @@ resource "kubernetes_service" "dashy" {
} }
} }
resource "kubernetes_ingress_v1" "dashy" { module "ingress" {
metadata { source = "../ingress_factory"
name = "dashy-ingress" namespace = "dashy"
namespace = "dashy" name = "dashy"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" protected = true # hidden as we use homepage now
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
}
}
spec {
tls {
hosts = ["dashy.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "dashy.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "dashy"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -216,39 +216,9 @@ resource "kubernetes_service" "dawarich" {
} }
} }
} }
module "ingress" {
resource "kubernetes_ingress_v1" "dawarich" { source = "../ingress_factory"
metadata { namespace = "dawarich"
name = "dawarich" name = "dawarich"
namespace = "dawarich" tls_secret_name = var.tls_secret_name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/auth-type" = "basic" # support only basic auth; can't use authentik
# "nginx.ingress.kubernetes.io/auth-secret" = kubernetes_secret.basic_auth.metadata[0].name
# "nginx.ingress.kubernetes.io/auth-realm" = "Authentication Required"
}
}
spec {
tls {
hosts = ["dawarich.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "dawarich.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "dawarich"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -153,41 +153,15 @@ resource "kubernetes_service" "drone" {
} }
} }
resource "kubernetes_ingress_v1" "drone" { module "ingress" {
metadata { source = "../ingress_factory"
name = "drone-ingress" namespace = "drone"
namespace = "drone" name = "drone"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" protected = true
//"nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
//"nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret"
}
}
spec {
tls {
hosts = ["drone.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "drone.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "drone"
port {
number = 80
}
}
}
}
}
}
}
} }
# Setup drone runner # Setup drone runner
resource "kubernetes_cluster_role" "drone" { resource "kubernetes_cluster_role" "drone" {
metadata { metadata {

View file

@ -51,9 +51,9 @@ resource "kubernetes_deployment" "excalidraw" {
} }
} }
resource "kubernetes_service" "finance_app" { resource "kubernetes_service" "draw" {
metadata { metadata {
name = "excalidraw" name = "draw"
namespace = "excalidraw" namespace = "excalidraw"
labels = { labels = {
app = "excalidraw" app = "excalidraw"
@ -71,52 +71,10 @@ resource "kubernetes_service" "finance_app" {
} }
} }
module "ingress" {
resource "kubernetes_ingress_v1" "finance_app" { source = "../ingress_factory"
metadata { namespace = "excalidraw"
name = "excalidraw" name = "draw"
namespace = "excalidraw" tls_secret_name = var.tls_secret_name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
}
}
spec {
tls {
hosts = ["excalidraw.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "excalidraw.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "excalidraw"
port {
number = 80
}
}
}
}
}
}
rule {
host = "draw.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "excalidraw"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -56,7 +56,7 @@ resource "kubernetes_deployment" "f1-stream" {
resource "kubernetes_service" "f1-stream" { resource "kubernetes_service" "f1-stream" {
metadata { metadata {
name = "f1-stream" name = "f1"
namespace = "f1-stream" namespace = "f1-stream"
labels = { labels = {
"app" = "f1-stream" "app" = "f1-stream"
@ -80,38 +80,13 @@ module "tls_secret" {
} }
resource "kubernetes_ingress_v1" "f1-stream" { module "ingress" {
metadata { source = "../ingress_factory"
name = "f1-ingress" namespace = "f1-stream"
namespace = "f1-stream" name = "f1"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" extra_annotations = {
"nginx.ingress.kubernetes.io/force-ssl-redirect" : "false" "nginx.ingress.kubernetes.io/force-ssl-redirect" : "false"
"nginx.ingress.kubernetes.io/ssl-redirect" : "false" "nginx.ingress.kubernetes.io/ssl-redirect" : "false"
# "nginx.ingress.kubernetes.io/temporal-redirect" : "http://f1.viktorbarzin.me"
}
}
spec {
tls {
hosts = ["f1.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "f1.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "f1-stream"
port {
number = 80
}
}
}
}
}
}
} }
} }

View file

@ -236,39 +236,13 @@ resource "kubernetes_service" "frigate" {
} }
} }
resource "kubernetes_ingress_v1" "frigate" { module "ingress" {
metadata { source = "../ingress_factory"
name = "frigate" namespace = "frigate"
namespace = "frigate" name = "frigate"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" protected = true
"nginx.ingress.kubernetes.io/proxy-body-size" : "20000m" extra_annotations = {
"nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" "nginx.ingress.kubernetes.io/proxy-body-size" : "20000m"
"nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
}
}
spec {
tls {
hosts = ["frigate.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "frigate.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "frigate"
port {
number = 80
}
}
}
}
}
}
} }
} }

View file

@ -143,39 +143,12 @@ resource "kubernetes_service" "hackmd" {
} }
} }
} }
module "ingress" {
resource "kubernetes_ingress_v1" "hackmd" { source = "../ingress_factory"
metadata { namespace = "hackmd"
name = "hackmd-ingress" name = "hackmd"
namespace = "hackmd" tls_secret_name = var.tls_secret_name
annotations = { extra_annotations = {
"kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/proxy-body-size" : "20000m"
"nginx.ingress.kubernetes.io/affinity" = "cookie"
"nginx.ingress.kubernetes.io/affinity-mode" = "persistent"
"nginx.ingress.kubernetes.io/session-cookie-name" = "_sa_nginx"
}
}
spec {
tls {
hosts = ["hackmd.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "hackmd.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "hackmd"
port {
number = 80
}
}
}
}
}
}
} }
} }

View file

@ -102,125 +102,63 @@ resource "helm_release" "immich" {
values = [templatefile("${path.module}/chart_values.tpl", { postgresql_password = var.postgresql_password })] values = [templatefile("${path.module}/chart_values.tpl", { postgresql_password = var.postgresql_password })]
} }
resource "kubernetes_ingress_v1" "immich" { module "ingress" {
metadata { source = "../ingress_factory"
name = "immich" namespace = "immich"
namespace = "immich" name = "immich"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" port = 2283
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" service_name = "immich-server"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" extra_annotations = {
"kubernetes.io/ingress.class" = "nginx"
# WARNING: When changing any of the below settings, ensure that large file uploads continue working # WARNING: When changing any of the below settings, ensure that large file uploads continue working
"nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000", "nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000",
"nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000", "nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000",
"nginx.ingress.kubernetes.io/proxy-connect-timeout" : "6000" "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "6000"
"nginx.ingress.kubernetes.io/client-max-body-size" : "0" "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
# "nginx.ingress.kubernetes.io/proxy-body-size" : "5G", # "nginx.ingress.kubernetes.io/proxy-body-size" : "5G",
"nginx.ingress.kubernetes.io/proxy-body-size" : "0", "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
# "nginx.ingress.kubernetes.io/proxy-buffering" : "on" # "nginx.ingress.kubernetes.io/proxy-buffering" : "on"
# "nginx.ingress.kubernetes.io/proxy-max-temp-file-size" : "4096m" # "nginx.ingress.kubernetes.io/proxy-max-temp-file-size" : "4096m"
# "nginx.ingress.kubernetes.io/proxy-request-buffering" : "off" # "nginx.ingress.kubernetes.io/proxy-request-buffering" : "off"
# "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5G" # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5G"
# "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k" # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k"
# "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8" # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8"
# "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5000m" # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5000m"
# "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8" # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8"
# "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k" # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k"
# "nginx.ingress.kubernetes.io/proxy-body-size" : "0", # "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
# "nginx.ingress.kubernetes.io/affinity" : "cookie" # "nginx.ingress.kubernetes.io/affinity" : "cookie"
# "nginx.ingress.kubernetes.io/affinity-mode" : "persistent" # "nginx.ingress.kubernetes.io/affinity-mode" : "persistent"
# "nginx.ingress.kubernetes.io/session-cookie-change-on-failure" : true # "nginx.ingress.kubernetes.io/session-cookie-change-on-failure" : true
# "nginx.ingress.kubernetes.io/session-cookie-expires" : 172800 # "nginx.ingress.kubernetes.io/session-cookie-expires" : 172800
# "nginx.ingress.kubernetes.io/session-cookie-max-age" : 172800 # "nginx.ingress.kubernetes.io/session-cookie-max-age" : 172800
# "nginx.ingress.kubernetes.io/session-cookie-name" : "STICKY_SESSION" # "nginx.ingress.kubernetes.io/session-cookie-name" : "STICKY_SESSION"
# "nginx.ingress.kubernetes.io/use-regex" : false # "nginx.ingress.kubernetes.io/use-regex" : false
"nginx.org/websocket-services" : "immich-server" "nginx.org/websocket-services" : "immich-server"
"gethomepage.dev/enabled" = "true" "gethomepage.dev/enabled" = "true"
"gethomepage.dev/description" = "Photos library" "gethomepage.dev/description" = "Photos library"
"gethomepage.dev/icon" = "immich.png" "gethomepage.dev/icon" = "immich.png"
"gethomepage.dev/name" = "Immich" "gethomepage.dev/name" = "Immich"
"gethomepage.dev/widget.type" = "immich" "gethomepage.dev/widget.type" = "immich"
"gethomepage.dev/widget.url" = "https://immich.viktorbarzin.me" "gethomepage.dev/widget.url" = "https://immich.viktorbarzin.me"
"gethomepage.dev/pod-selector" = "" "gethomepage.dev/pod-selector" = ""
"gethomepage.dev/widget.key" = var.homepage_token "gethomepage.dev/widget.key" = var.homepage_token
# location ~* \.(png|jpg|jpeg|gif|webp|svg)$ { # location ~* \.(png|jpg|jpeg|gif|webp|svg)$ {
# expires 1M; # expires 1M;
# add_header Cache-Control "public, max-age=31536000, immutable"; # add_header Cache-Control "public, max-age=31536000, immutable";
# } # }
"nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
proxy_cache static-cache; proxy_cache static-cache;
proxy_cache_valid 404 1m; proxy_cache_valid 404 1m;
proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504; proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504;
proxy_cache_bypass $http_x_purge; proxy_cache_bypass $http_x_purge;
add_header X-Cache-Status $upstream_cache_status; add_header X-Cache-Status $upstream_cache_status;
EOF EOF
}
}
spec {
tls {
hosts = ["immich.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "immich.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
# name = "immich-proxy"
name = "immich-server" # after v1.88
port {
# number = 8080
# number = 3001
number = 2283
}
}
}
}
}
}
}
}
resource "kubernetes_ingress_v1" "photos" {
metadata {
name = "photos"
namespace = "immich"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"
}
}
spec {
tls {
hosts = ["photos.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "photos.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
# name = "immich-proxy"
name = "immich-server" # after v1.88
port {
# number = 8080
number = 3001
}
}
}
}
}
}
} }
} }

View file

@ -1,5 +1,13 @@
variable "name" { type = string } // must match service name; translates to host variable "name" { type = string }
variable "service_name" {
type = string
default = null # defaults to name
}
variable "host" {
type = string
default = null
}
variable "namespace" { type = string } variable "namespace" { type = string }
variable "external_name" { variable "external_name" {
type = string type = string
@ -87,7 +95,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
secret_name = var.tls_secret_name secret_name = var.tls_secret_name
} }
rule { rule {
host = "${var.name}.viktorbarzin.me" host = "${var.host != null ? var.host : var.name}.viktorbarzin.me"
http { http {
dynamic "path" { dynamic "path" {
# for_each = { for pr in var.ingress_path : pr => pr } # for_each = { for pr in var.ingress_path : pr => pr }
@ -98,7 +106,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
backend { backend {
service { service {
name = var.name name = var.service_name != null ? var.service_name : var.name
port { port {
number = var.port number = var.port
} }

View file

@ -50,7 +50,7 @@ resource "kubernetes_deployment" "jsoncrack" {
resource "kubernetes_service" "jsoncrack" { resource "kubernetes_service" "jsoncrack" {
metadata { metadata {
name = "jsoncrack" name = "json"
namespace = "jsoncrack" namespace = "jsoncrack"
labels = { labels = {
"app" = "jsoncrack" "app" = "jsoncrack"
@ -70,37 +70,9 @@ resource "kubernetes_service" "jsoncrack" {
} }
} }
module "ingress" {
resource "kubernetes_ingress_v1" "jsoncrack" { source = "../ingress_factory"
metadata { namespace = "jsoncrack"
name = "jsoncrack" name = "json"
namespace = "jsoncrack" tls_secret_name = var.tls_secret_name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/proxy-body-size" : "100000m"
}
}
spec {
tls {
hosts = ["json.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "json.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "jsoncrack"
port {
number = 8080
}
}
}
}
}
}
}
} }

View file

@ -76,50 +76,17 @@ resource "helm_release" "kubernetes-dashboard" {
# type = "kubernetes.io/service-account-token" # type = "kubernetes.io/service-account-token"
# } # }
resource "kubernetes_ingress_v1" "kubernetes-dashboard" {
metadata {
name = "kubernetes-dashboard"
namespace = "kubernetes-dashboard"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/backend-protocol" = "HTTPS"
# "nginx.ingress.kubernetes.io/force-ssl-redirect" = "true"
# "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
# "nginx.ingress.kubernetes.io/auth-tls-secret" = var.client_certificate_secret_name
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" module "ingress" {
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" source = "../ingress_factory"
"nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" namespace = "kubernetes-dashboard"
"nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" name = "kubernetes-dashboard"
service_name = "kubernetes-dashboard-kong-proxy"
"nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" host = "k8s"
"nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" tls_secret_name = var.tls_secret_name
} protected = true
} backend_protocol = "HTTPS"
port = 443
spec {
tls {
hosts = ["k8s.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "k8s.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "kubernetes-dashboard-kong-proxy"
port {
number = 443
}
}
}
}
}
}
}
# depends_on = [module.dashboard]
} }
# create token with # create token with

View file

@ -91,7 +91,7 @@ resource "kubernetes_deployment" "kms-web-page" {
resource "kubernetes_service" "kms-web-page" { resource "kubernetes_service" "kms-web-page" {
metadata { metadata {
name = "kms-web-page" name = "kms"
namespace = "kms" namespace = "kms"
labels = { labels = {
"app" = "kms-web-page" "app" = "kms-web-page"
@ -109,37 +109,11 @@ resource "kubernetes_service" "kms-web-page" {
} }
} }
resource "kubernetes_ingress_v1" "kms-web-page" { module "ingress" {
metadata { source = "../ingress_factory"
name = "kms-web-page" namespace = "kms"
namespace = "kms" name = "kms"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx"
}
}
spec {
tls {
hosts = ["kms.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "kms.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "kms-web-page"
port {
number = 80
}
}
}
}
}
}
}
} }
resource "kubernetes_deployment" "windows_kms" { resource "kubernetes_deployment" "windows_kms" {

View file

@ -110,43 +110,10 @@ resource "kubernetes_service" "linkwarden" {
} }
} }
} }
resource "kubernetes_ingress_v1" "linkwarden" {
metadata {
name = "linkwarden"
namespace = "linkwarden"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
# "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri"
# "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" module "ingress" {
# "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" source = "../ingress_factory"
"nginx.ingress.kubernetes.io/ssl-passthrough" : true namespace = "linkwarden"
} name = "linkwarden"
} tls_secret_name = var.tls_secret_name
spec {
tls {
hosts = ["linkwarden.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "linkwarden.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "linkwarden"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -482,43 +482,12 @@ resource "kubernetes_service" "mailserver" {
} }
} }
module "ingress" {
resource "kubernetes_ingress_v1" "roundcube" { source = "../ingress_factory"
metadata { namespace = "mailserver"
name = "roundcube" name = "mail"
namespace = "mailserver" service_name = "mailserver"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" protected = true
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
"nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx"
"nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri"
"nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid"
"nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;"
}
}
spec {
tls {
hosts = ["mail.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "mail.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "mailserver"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -89,36 +89,9 @@ resource "kubernetes_service" "matrix" {
} }
} }
resource "kubernetes_ingress_v1" "matrix" { module "ingress" {
metadata { source = "../ingress_factory"
name = "matrix" namespace = "matrix"
namespace = "matrix" name = "matrix"
tls_secret_name = var.tls_secret_name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
}
}
spec {
tls {
hosts = ["matrix.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "matrix.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "matrix"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -132,46 +132,16 @@ resource "kubernetes_service" "meshcentral" {
} }
port { port {
name = "https" name = "https"
port = "443" port = 443
protocol = "TCP" protocol = "TCP"
} }
} }
} }
resource "kubernetes_ingress_v1" "meshcentral" { module "ingress" {
metadata { source = "../ingress_factory"
name = "meshcentral" namespace = "meshcentral"
namespace = "meshcentral" name = "meshcentral"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" port = 443
"nginx.ingress.kubernetes.io/affinity" = "cookie"
"nginx.ingress.kubernetes.io/proxy-read-timeout" : "600s",
"nginx.ingress.kubernetes.io/proxy-send-timeout" : "600s",
"nginx.ingress.kubernetes.io/proxy-connect-timeout" : "600s"
# "nginx.ingress.kubernetes.io/backend-protocol" = "HTTPS"
}
}
spec {
tls {
hosts = ["meshcentral.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "meshcentral.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "meshcentral"
port {
number = 443
}
}
}
}
}
}
}
} }

View file

@ -136,55 +136,10 @@ resource "kubernetes_service" "netbox" {
} }
} }
} }
resource "kubernetes_ingress_v1" "netbox" { module "ingress" {
metadata { source = "../ingress_factory"
name = "netbox" namespace = "netbox"
namespace = "netbox" name = "netbox"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" protected = true
# "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"
"nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
"nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
}
}
spec {
tls {
hosts = ["netbox.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "netbox.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "netbox"
port {
number = 80
}
}
}
}
}
}
rule {
host = "books.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "netbox"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -150,40 +150,14 @@ resource "kubernetes_persistent_volume_claim" "nextcloud-data-pvc" {
} }
} }
resource "kubernetes_ingress_v1" "nextcloud" { module "ingress" {
metadata { source = "../ingress_factory"
name = "nextcloud-ingress" namespace = "nextcloud"
namespace = "nextcloud" name = "nextcloud"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" port = 8080
"nginx.ingress.kubernetes.io/client-max-body-size" : "0" extra_annotations = {
"nginx.ingress.kubernetes.io/proxy-body-size" : "0", "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
}
}
spec {
tls {
hosts = ["nextcloud.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "nextcloud.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "nextcloud"
port {
number = 8080
}
}
}
}
}
}
} }
} }

View file

@ -119,38 +119,10 @@ resource "kubernetes_service" "ntfy" {
} }
} }
resource "kubernetes_ingress_v1" "ntfy" { module "ingress" {
metadata { source = "../ingress_factory"
name = "ntfy" namespace = "ntfy"
namespace = "ntfy" name = "ntfy"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
}
}
spec {
tls {
hosts = ["ntfy.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "ntfy.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "ntfy"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -128,36 +128,10 @@ resource "kubernetes_service" "ollama-ui" {
} }
} }
module "ingress" {
resource "kubernetes_ingress_v1" "ollama-ui" { source = "../ingress_factory"
metadata { namespace = "ollama"
name = "ollama" name = "ollama"
namespace = "ollama" tls_secret_name = var.tls_secret_name
annotations = { port = 8080
"kubernetes.io/ingress.class" = "nginx"
}
}
spec {
tls {
hosts = ["ollama.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "ollama.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "ollama-ui"
port {
number = 8080
}
}
}
}
}
}
}
} }

View file

@ -131,38 +131,15 @@ resource "kubernetes_service" "owntracks" {
} }
} }
resource "kubernetes_ingress_v1" "owntracks" { module "ingress" {
metadata { source = "../ingress_factory"
name = "owntracks" namespace = "owntracks"
namespace = "owntracks" name = "owntracks"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" port = 443
"nginx.ingress.kubernetes.io/auth-type" = "basic" # support only basic auth; can't use authentik extra_annotations = {
"nginx.ingress.kubernetes.io/auth-secret" = kubernetes_secret.basic_auth.metadata[0].name "nginx.ingress.kubernetes.io/auth-type" = "basic" # support only basic auth; can't use authentik
"nginx.ingress.kubernetes.io/auth-realm" = "Authentication Required" "nginx.ingress.kubernetes.io/auth-secret" = kubernetes_secret.basic_auth.metadata[0].name
} "nginx.ingress.kubernetes.io/auth-realm" = "Authentication Required"
}
spec {
tls {
hosts = ["owntracks.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "owntracks.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "owntracks"
port {
number = 443
}
}
}
}
}
}
} }
} }

View file

@ -142,70 +142,33 @@ resource "kubernetes_service" "paperless-ngx" {
} }
} }
module "ingress" {
source = "../ingress_factory"
namespace = "paperless-ngx"
name = "paperless-ngx"
service_name = "paperless-ngx"
host = "pdf"
tls_secret_name = var.tls_secret_name
port = 8000
extra_annotations = {
"nginx.ingress.kubernetes.io/proxy-body-size" : "0"
# see https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rate-limiting for all annotations
# "nginx.ingress.kubernetes.io/limit-rpm": "5"
resource "kubernetes_ingress_v1" "paperless-ngx" { "gethomepage.dev/enabled" = "true"
metadata { "gethomepage.dev/description" = "Document library"
name = "paperless-ngx" # gethomepage.dev/group: Media
namespace = "paperless-ngx" "gethomepage.dev/icon" : "paperless-ngx.png"
annotations = { "gethomepage.dev/name" = "Paperless-ngx"
"kubernetes.io/ingress.class" = "nginx" "gethomepage.dev/widget.type" = "paperlessngx"
"nginx.ingress.kubernetes.io/proxy-body-size" : "100000m" "gethomepage.dev/widget.url" = "https://pdf.viktorbarzin.me"
# see https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rate-limiting for all annotations # "gethomepage.dev/widget.token" = var.homepage_token
# "nginx.ingress.kubernetes.io/limit-rpm": "5" "gethomepage.dev/widget.username" = var.homepage_username
"gethomepage.dev/widget.password" = var.homepage_password
"gethomepage.dev/enabled" = "true" "gethomepage.dev/widget.fields" = "[\"total\"]"
"gethomepage.dev/description" = "Document library" "gethomepage.dev/pod-selector" = ""
# gethomepage.dev/group: Media # gethomepage.dev/weight: 10 # optional
"gethomepage.dev/icon" : "paperless-ngx.png" # gethomepage.dev/instance: "public" # optional
"gethomepage.dev/name" = "Paperless-ngx"
"gethomepage.dev/widget.type" = "paperlessngx"
"gethomepage.dev/widget.url" = "https://pdf.viktorbarzin.me"
# "gethomepage.dev/widget.token" = var.homepage_token
"gethomepage.dev/widget.username" = var.homepage_username
"gethomepage.dev/widget.password" = var.homepage_password
"gethomepage.dev/widget.fields" = "[\"total\"]"
"gethomepage.dev/pod-selector" = ""
# gethomepage.dev/weight: 10 # optional
# gethomepage.dev/instance: "public" # optional
}
}
spec {
tls {
hosts = ["paperless-ngx.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "paperless-ngx.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "paperless-ngx"
port {
number = 8000
}
}
}
}
}
}
rule {
host = "pdf.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "paperless-ngx"
port {
number = 8000
}
}
}
}
}
}
} }
} }

View file

@ -88,51 +88,10 @@ resource "kubernetes_service" "privatebin" {
} }
} }
resource "kubernetes_ingress_v1" "privatebin" { module "ingress" {
metadata { source = "../ingress_factory"
name = "privatebin-ingress" namespace = "privatebin"
namespace = "privatebin" name = "privatebin"
annotations = { host = "pb"
"kubernetes.io/ingress.class" = "nginx" tls_secret_name = var.tls_secret_name
}
}
spec {
tls {
hosts = ["privatebin.viktorbarzin.me", "pb.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "privatebin.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "privatebin"
port {
number = 80
}
}
}
}
}
}
rule {
host = "pb.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "privatebin"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -86,43 +86,11 @@ resource "kubernetes_service" "redis" {
} }
} }
} }
resource "kubernetes_ingress_v1" "redis" { module "ingress" {
metadata { source = "../ingress_factory"
name = "redis" namespace = "redis"
namespace = "redis" name = "redis"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" protected = true
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" port = 8001
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
"nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx"
"nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri"
"nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid"
"nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;"
"nginx.ingress.kubernetes.io/ssl-passthrough" : true
}
}
spec {
tls {
hosts = ["redis.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "redis.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "redis"
port {
number = 8001
}
}
}
}
}
}
}
} }

View file

@ -106,35 +106,14 @@ resource "kubernetes_service" "send" {
} }
} }
} }
resource "kubernetes_ingress_v1" "send" { module "ingress" {
metadata { source = "../ingress_factory"
name = "send" namespace = "send"
namespace = "send" name = "send"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" port = 1443
} extra_annotations = {
} "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
"nginx.ingress.kubernetes.io/proxy-body-size" : "0",
spec {
tls {
hosts = ["send.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "send.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "send"
port {
number = 1443
}
}
}
}
}
}
} }
} }

View file

@ -39,7 +39,7 @@ resource "kubernetes_deployment" "technitium" {
template { template {
metadata { metadata {
annotations = { annotations = {
"diun.enable" = "true" "diun.enable" = "true"
# "diun.include_tags" = "^\\d+(?:\\.\\d+)?(?:\\.\\d+)?$" # "diun.include_tags" = "^\\d+(?:\\.\\d+)?(?:\\.\\d+)?$"
"diun.include_tags" = "latest" "diun.include_tags" = "latest"
} }
@ -159,93 +159,35 @@ resource "kubernetes_service" "technitium-dns" {
} }
} }
} }
module "ingress" {
source = "../ingress_factory"
namespace = "technitium"
name = "technitium"
tls_secret_name = var.tls_secret_name
port = 5380
service_name = "technitium-web"
extra_annotations = {
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/description" = "Internal DNS Server and Recursive Resolver"
# gethomepage.dev/group: Media
"gethomepage.dev/icon" : "technitium.png"
"gethomepage.dev/name" = "Technitium"
"gethomepage.dev/widget.type" = "technitium"
"gethomepage.dev/widget.url" = "http://technitium-web.technitium.svc.cluster.local:5380"
"gethomepage.dev/widget.key" = var.homepage_token
resource "kubernetes_ingress_v1" "technitium" { "gethomepage.dev/widget.range" = "LastWeek"
metadata { "gethomepage.dev/widget.fields" = "[\"totalQueries\", \"totalCached\", \"totalBlocked\", \"totalRecursive\"]"
name = "technitium-ingress" "gethomepage.dev/pod-selector" = ""
namespace = "technitium"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/affinity" = "cookie"
# "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
# "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
"nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx"
"nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri"
"nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid"
"nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;"
"gethomepage.dev/enabled" = "true"
"gethomepage.dev/description" = "Internal DNS Server and Recursive Resolver"
# gethomepage.dev/group: Media
"gethomepage.dev/icon" : "technitium.png"
"gethomepage.dev/name" = "Technitium"
"gethomepage.dev/widget.type" = "technitium"
"gethomepage.dev/widget.url" = "http://technitium-web.technitium.svc.cluster.local:5380"
"gethomepage.dev/widget.key" = var.homepage_token
"gethomepage.dev/widget.range" = "LastWeek"
"gethomepage.dev/widget.fields" = "[\"totalQueries\", \"totalCached\", \"totalBlocked\", \"totalRecursive\"]"
"gethomepage.dev/pod-selector" = ""
}
}
spec {
tls {
hosts = ["technitium.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "technitium.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "technitium-web"
port {
number = 5380
}
}
}
}
}
}
} }
} }
resource "kubernetes_ingress_v1" "technitium-doh" { module "ingress-doh" {
metadata { source = "../ingress_factory"
name = "technitium-doh-ingress" namespace = "technitium"
namespace = "technitium" name = "technitium-doh"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" host = "dns"
} service_name = "technitium-web"
}
spec {
tls {
hosts = ["dns.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "dns.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "technitium-web"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -105,35 +105,10 @@ resource "kubernetes_service" "travel-blog" {
} }
} }
resource "kubernetes_ingress_v1" "travel-blog" { module "ingress" {
metadata { source = "../ingress_factory"
name = "travel-blog-ingress" namespace = "travel-blog"
namespace = "travel-blog" name = "travel"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" service_name = "travel-blog"
}
}
spec {
tls {
hosts = ["travel.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "travel.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "travel-blog"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -89,49 +89,22 @@ resource "kubernetes_service" "uptime-kuma" {
} }
} }
} }
resource "kubernetes_ingress_v1" "uptime-kuma" { module "ingress" {
metadata { source = "../ingress_factory"
name = "uptime-kuma" namespace = "uptime-kuma"
namespace = "uptime-kuma" name = "uptime"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" service_name = "uptime-kuma"
"nginx.ingress.kubernetes.io/affinity" = "cookie" extra_annotations = {
"nginx.ingress.kubernetes.io/affinity-mode" = "persistent" "nginx.org/websocket-services" = "uptime-kuma"
"nginx.ingress.kubernetes.io/session-cookie-name" = "_sa_nginx" "gethomepage.dev/enabled" = "true"
"nginx.org/websocket-services" = "uptime-kuma" "gethomepage.dev/description" = "Uptime monitor"
# gethomepage.dev/group: Media
"gethomepage.dev/enabled" = "true" "gethomepage.dev/icon" : "uptime-kuma.png"
"gethomepage.dev/description" = "Uptime monitor" "gethomepage.dev/name" = "Uptime Kuma"
# gethomepage.dev/group: Media "gethomepage.dev/widget.type" = "uptimekuma"
"gethomepage.dev/icon" : "uptime-kuma.png" "gethomepage.dev/widget.url" = "https://uptime.viktorbarzin.me"
"gethomepage.dev/name" = "Uptime Kuma" "gethomepage.dev/widget.slug" = "cluster-internal"
"gethomepage.dev/widget.type" = "uptimekuma" "gethomepage.dev/pod-selector" = ""
"gethomepage.dev/widget.url" = "https://uptime.viktorbarzin.me"
"gethomepage.dev/widget.slug" = "cluster-internal"
"gethomepage.dev/pod-selector" = ""
}
}
spec {
tls {
hosts = ["uptime.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "uptime.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "uptime-kuma"
port {
number = 80
}
}
}
}
}
}
} }
} }

View file

@ -122,40 +122,9 @@ resource "kubernetes_service" "vaultwarden" {
} }
} }
resource "kubernetes_ingress_v1" "vaultwarden" { module "ingress" {
metadata { source = "../ingress_factory"
name = "vaultwarden" namespace = "vaultwarden"
namespace = "vaultwarden" name = "vaultwarden"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/affinity" = "cookie"
# "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
# "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
}
}
spec {
tls {
hosts = ["vaultwarden.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "vaultwarden.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "vaultwarden"
port {
number = 80
}
}
}
}
}
}
}
} }

View file

@ -115,42 +115,14 @@ resource "kubernetes_service" "ytdlp" {
} }
} }
} }
resource "kubernetes_ingress_v1" "ytdlp" { module "ingress" {
metadata { source = "../ingress_factory"
name = "ytdlp-ingress" namespace = "ytdlp"
namespace = "ytdlp" name = "ytdlp"
annotations = { tls_secret_name = var.tls_secret_name
"kubernetes.io/ingress.class" = "nginx" host = "yt"
"nginx.ingress.kubernetes.io/affinity" = "cookie" extra_annotations = {
"nginx.ingress.kubernetes.io/client-max-body-size" : "0" "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
"nginx.ingress.kubernetes.io/proxy-body-size" : "0", "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
# "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
# "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
}
}
spec {
tls {
hosts = ["yt.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "yt.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "ytdlp"
port {
number = 80
}
}
}
}
}
}
} }
} }