diff --git a/modules/kubernetes/dashy/conf.yml b/modules/kubernetes/dashy/conf.yml index bd54d4c3..fd89089c 100644 --- a/modules/kubernetes/dashy/conf.yml +++ b/modules/kubernetes/dashy/conf.yml @@ -61,39 +61,39 @@ sections: title: ESXi R730 (Server) description: R730 esxi UI icon: si-vmware - url: https://r730.viktorbarzin.lan/ui/#/login + url: https://esxi.viktorbarzin.me/ui/#/login target: newtab id: 0_496_esxirserver - &ref_1 title: PFsense (Firewall) description: Firewall icon: si-pfsense - url: https://pfsense.viktorbarzin.lan + url: https://pfsense.viktorbarzin.me target: newtab id: 1_496_pfsensefirewall - &ref_2 title: iDRAC description: "" icon: si-dell - url: https://idrac.viktorbarzin.lan/ + url: https://idrac.viktorbarzin.me/ target: newtab id: 2_496_idrac - &ref_3 title: TP-Link Gateway Router icon: hl-asus-router - url: https://192.168.1.1/webpages/login.html + url: https://gw.viktorbarzin.me/webpages/login.html id: 3_496_tplinkgatewayrouter - &ref_4 title: Truenas description: Network Storage VM icon: si-truenas - url: http://truenas.viktorbarzin.lan/ui/dashboard + url: http://truenas.viktorbarzin.me/ui/dashboard id: 4_496_truenas - &ref_5 title: NAS description: "" icon: si-synology - url: https://nas.viktorbarzin.lan:5001/ + url: https://nas.viktorbarzin.me/ id: 5_496_nas - &ref_6 title: Server Switch @@ -121,19 +121,19 @@ sections: - &ref_7 title: Valchedrym OpenWRT icon: si-openwrt - url: https://valchedrym.viktorbarzin.lan/ + url: https://valchedrym.viktorbarzin.me/ target: newtab id: 0_1567_valchedrymopenwrt - &ref_8 title: Valchedram Alarm IP150 icon: 📷 - url: http://valchedrym.ddns.net:8080/login_page.html + url: https://ip150.viktorbarzin.me/ target: newtab id: 1_1567_valchedramalarmip - &ref_9 title: Mladost 3 Router icon: si-ghostery - url: http://mladost3.ddns.net:8080/ + url: https://mladost3.viktorbarzin.me/ target: newtab id: 2_1567_mladostrouter filteredItems: diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 0ce0adb4..acad8247 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -307,3 +307,8 @@ module "vaultwarden" { source = "./vaultwarden" tls_secret_name = var.tls_secret_name } + +module "reverse-proxy" { + source = "./reverse_proxy" + tls_secret_name = var.tls_secret_name +} diff --git a/modules/kubernetes/reverse_proxy/factory/main.tf b/modules/kubernetes/reverse_proxy/factory/main.tf new file mode 100644 index 00000000..c1c265eb --- /dev/null +++ b/modules/kubernetes/reverse_proxy/factory/main.tf @@ -0,0 +1,72 @@ +variable "name" {} +variable "namespace" { + default = "reverse-proxy" +} +variable "external_name" {} +variable "port" { + default = "80" +} +variable "tls_secret_name" {} +variable "backend_protocol" { + default = "HTTP" +} + + +resource "kubernetes_service" "proxied-service" { + metadata { + name = var.name + namespace = var.namespace + labels = { + "app" = var.name + } + } + + spec { + type = "ExternalName" + external_name = var.external_name + + port { + name = "${var.name}-web" + port = var.port + protocol = "TCP" + target_port = var.port + } + } +} + +resource "kubernetes_ingress_v1" "proxied-ingress" { + metadata { + name = var.name + namespace = var.namespace + annotations = { + "nginx.ingress.kubernetes.io/backend-protocol" = "${var.backend_protocol}" + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + } + } + + spec { + tls { + hosts = ["${var.name}.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "${var.name}.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + + name = var.name + port { + number = var.port + } + } + } + } + } + } + } +} diff --git a/modules/kubernetes/reverse_proxy/main.tf b/modules/kubernetes/reverse_proxy/main.tf new file mode 100644 index 00000000..815d7081 --- /dev/null +++ b/modules/kubernetes/reverse_proxy/main.tf @@ -0,0 +1,123 @@ +# Reverse proxy for things in my infra that are +# outside of K8S but would be nice to use the Nginx-ingress + +variable "tls_secret_name" {} + +resource "kubernetes_namespace" "reverse-proxy" { + metadata { + name = "reverse-proxy" + } +} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "reverse-proxy" + tls_secret_name = var.tls_secret_name +} + +# https://pfsense.viktorbarzin.me/ +module "pfsense" { + source = "./factory" + name = "pfsense" + external_name = "pfsense.viktorbarzin.lan" + tls_secret_name = var.tls_secret_name + port = 443 + backend_protocol = "HTTPS" +} + +# https://nas.viktorbarzin.me/ +module "nas" { + source = "./factory" + name = "nas" + external_name = "nas.viktorbarzin.lan" + port = 5001 + tls_secret_name = var.tls_secret_name + backend_protocol = "HTTPS" +} + +# https://idrac.viktorbarzin.me/ +module "idrac" { + source = "./factory" + name = "idrac" + external_name = "idrac.viktorbarzin.lan" + port = 80 + tls_secret_name = var.tls_secret_name +} + +# Can either listen on https or http; can't do both :/ +# TODO: Not working yet +module "tp-link-gateway" { + source = "./factory" + name = "gw" + external_name = "gw.viktorbarzin.lan" + port = 443 + tls_secret_name = var.tls_secret_name + backend_protocol = "HTTPS" +} + +# https://truenas.viktorbarzin.me/ +module "truenas" { + source = "./factory" + name = "truenas" + external_name = "truenas.viktorbarzin.lan" + port = 80 + tls_secret_name = var.tls_secret_name +} + +# https://r730.viktorbarzin.me/ +module "r730" { + source = "./factory" + name = "r730" + external_name = "r730.viktorbarzin.lan" + port = 443 + tls_secret_name = var.tls_secret_name + backend_protocol = "HTTPS" +} + +# https://esxi.viktorbarzin.me/ +module "esxi" { + source = "./factory" + name = "esxi" + external_name = "esxi.viktorbarzin.lan" + port = 443 + tls_secret_name = var.tls_secret_name + backend_protocol = "HTTPS" +} + +# https://valchedrym.viktorbarzin.me/ +module "valchedrym" { + source = "./factory" + name = "valchedrym" + external_name = "valchedrym.viktorbarzin.lan" + port = 20123 + tls_secret_name = var.tls_secret_name + backend_protocol = "HTTPS" +} + +# https://ip150.viktorbarzin.me/ +# Does not seem to load? - works when auth is down +module "valchedrym-ip150" { + source = "./factory" + name = "ip150" + external_name = "valchedrym.ddns.net" + port = 8080 + tls_secret_name = var.tls_secret_name +} + +# https://mladost3.viktorbarzin.me/ +module "mladost3" { + source = "./factory" + name = "mladost3" + external_name = "mladost3.ddns.net" + port = 8080 + tls_secret_name = var.tls_secret_name +} + +# https://server-switch.viktorbarzin.me/ +module "server-switch" { + source = "./factory" + name = "server-switch" + external_name = "server-switch.viktorbarzin.lan" + port = 80 + tls_secret_name = var.tls_secret_name +}