add reverse proxy with a bunch of internal sites exposed behind oauth; also update dashy [ci skip]

2023-11-01 13:27:23 +00:00 · 2023-11-01 13:27:23 +00:00 · 4e7752306d
commit 4e7752306d
parent c817655e00
4 changed files with 209 additions and 9 deletions
--- a/modules/kubernetes/reverse_proxy/factory/main.tf
+++ b/modules/kubernetes/reverse_proxy/factory/main.tf
@ -0,0 +1,72 @@
+variable "name" {}
+variable "namespace" {
+  default = "reverse-proxy"
+}
+variable "external_name" {}
+variable "port" {
+  default = "80"
+}
+variable "tls_secret_name" {}
+variable "backend_protocol" {
+  default = "HTTP"
+}
+
+
+resource "kubernetes_service" "proxied-service" {
+  metadata {
+    name      = var.name
+    namespace = var.namespace
+    labels = {
+      "app" = var.name
+    }
+  }
+
+  spec {
+    type          = "ExternalName"
+    external_name = var.external_name
+
+    port {
+      name        = "${var.name}-web"
+      port        = var.port
+      protocol    = "TCP"
+      target_port = var.port
+    }
+  }
+}
+
+resource "kubernetes_ingress_v1" "proxied-ingress" {
+  metadata {
+    name      = var.name
+    namespace = var.namespace
+    annotations = {
+      "nginx.ingress.kubernetes.io/backend-protocol" = "${var.backend_protocol}"
+      "kubernetes.io/ingress.class"                  = "nginx"
+      "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
+      "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["${var.name}.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "${var.name}.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service {
+
+              name = var.name
+              port {
+                number = var.port
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}