use registry.viktorbarzin.me hostname for private images + protect ingress

- Switch priority-pass images from 10.0.20.10:5050 to registry.viktorbarzin.me - Add containerd hosts.toml for registry.viktorbarzin.me on all nodes + template (redirects to 10.0.20.10:5050 LAN direct, avoids Traefik round-trip) - Enable Authentik protection on priority-pass ingress
2026-03-23 01:02:27 +02:00 · 2026-03-23 01:02:27 +02:00 · 1f4e8cb278
commit 1f4e8cb278
parent e9919d8fc9
2 changed files with 8 additions and 4 deletions
--- a/stacks/priority-pass/main.tf
+++ b/stacks/priority-pass/main.tf
@ -47,7 +47,7 @@ resource "kubernetes_deployment" "priority-pass" {
        }
        container {
          name  = "frontend"
-          image = "10.0.20.10:5050/priority-pass-frontend:v4"
+          image = "registry.viktorbarzin.me/priority-pass-frontend:v4"
          port {
            container_port = 3000
          }
@ -71,7 +71,7 @@ resource "kubernetes_deployment" "priority-pass" {
        }
        container {
          name  = "backend"
-          image = "10.0.20.10:5050/priority-pass-backend:v1"
+          image = "registry.viktorbarzin.me/priority-pass-backend:v1"
          port {
            container_port = 8000
          }
@ -118,6 +118,6 @@ module "ingress" {
  namespace       = "priority-pass"
  name            = "priority-pass"
  tls_secret_name = var.tls_secret_name
-  protected       = false
+  protected       = true
  max_body_size   = "10m"
 }