viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

set techniitum to nodeport to get source ip clients and remove bind [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2023-09-15 13:57:53 +00:00
parent 63b0fbdcff
commit 28107b7328
No known key found for this signature in database
GPG key ID: 4056458DBDBF8863
4 changed files with 23 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/kubernetes/main.tf
View file

@ -52,7 +52,7 @@ variable "finance_app_gocardless_secret_key" {}
resource "null_resource" "core_services" { resource "null_resource" "core_services" {
# List all the core modules that must be provisioned first # List all the core modules that must be provisioned first
depends_on = [module.metallb, module.bind] depends_on = [module.metallb]
} }
module "blog" { module "blog" {
@ -63,12 +63,12 @@ module "blog" {
depends_on = [null_resource.core_services] depends_on = [null_resource.core_services]
} }
module "bind" { # module "bind" {
source = "./bind" # source = "./bind"
db_viktorbarzin_me = var.bind_db_viktorbarzin_me # db_viktorbarzin_me = var.bind_db_viktorbarzin_me
db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan # db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan
named_conf_options = var.bind_named_conf_options # named_conf_options = var.bind_named_conf_options
} # }
module "dbaas" { module "dbaas" {
source = "./dbaas" source = "./dbaas"

29
modules/kubernetes/technitium/main.tf
View file

@ -12,7 +12,8 @@ module "tls_secret" {
tls_secret_name = var.tls_secret_name tls_secret_name = var.tls_secret_name
} }
resource "kubernetes_deployment" "technitium" { # resource "kubernetes_deployment" "technitium" {
resource "kubernetes_daemonset" "technitium" {
metadata { metadata {
name = "technitium" name = "technitium"
namespace = "technitium" namespace = "technitium"
@ -21,7 +22,7 @@ resource "kubernetes_deployment" "technitium" {
} }
} }
spec { spec {
replicas = 1 # replicas = 1
selector { selector {
match_labels = { match_labels = {
app = "technitium" app = "technitium"
@ -38,14 +39,14 @@ resource "kubernetes_deployment" "technitium" {
image = "technitium/dns-server:latest" image = "technitium/dns-server:latest"
name = "technitium" name = "technitium"
resources { resources {
limits = { # limits = {
cpu = "1" # cpu = "1"
memory = "1Gi" # memory = "1Gi"
} # }
requests = { # requests = {
cpu = "1" # cpu = "1"
memory = "1Gi" # memory = "1Gi"
} # }
} }
port { port {
container_port = 5380 container_port = 5380
@ -110,8 +111,9 @@ resource "kubernetes_service" "technitium-dns" {
} }
spec { spec {
type = "LoadBalancer" type = "LoadBalancer"
external_traffic_policy = "Cluster" # external_traffic_policy = "Cluster"
external_traffic_policy = "Local"
selector = { selector = {
app = "technitium" app = "technitium"
@ -129,7 +131,8 @@ resource "kubernetes_ingress_v1" "technitium" {
name = "technitium-ingress" name = "technitium-ingress"
namespace = "technitium" namespace = "technitium"
annotations = { annotations = {
"kubernetes.io/ingress.class" = "nginx" "kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/affinity" = "cookie"
"nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
"nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret"
} }

BIN
terraform.tfstate
View file

Binary file not shown.

BIN
terraform.tfvars
View file

Binary file not shown.