From 554699e712ab99170ddae316b9b0d66d8207b646 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sun, 14 Dec 2025 09:47:52 +0000
Subject: [PATCH] refactor ingress to add more params [ci skip]

---
 modules/kubernetes/ingress_factory/main.tf | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/modules/kubernetes/ingress_factory/main.tf b/modules/kubernetes/ingress_factory/main.tf
index 5729e469..7e935a52 100644
--- a/modules/kubernetes/ingress_factory/main.tf
+++ b/modules/kubernetes/ingress_factory/main.tf
@@ -43,6 +43,18 @@ variable "proxy_timeout" {
 variable "extra_annotations" {
   default = {}
 }
+variable "ssl_redirect" {
+  default = true
+  type    = bool
+}
+variable "allow_local_access_only" {
+  default = false
+  type    = bool
+}
+variable "root_domain" {
+  default = "viktorbarzin.me"
+  type    = string
+}
 
 
 resource "kubernetes_service" "proxied-service" {
@@ -87,6 +99,9 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
       "nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout
       "nginx.ingress.kubernetes.io/proxy-buffering" : "on"
 
+      "nginx.ingress.kubernetes.io/whitelist-source-range" : var.allow_local_access_only ? "192.168.1.0/24, 10.0.0.0/8" : "0.0.0.0/0"
+      "nginx.ingress.kubernetes.io/ssl-redirect" : "${var.ssl_redirect}"
+
       # DDOS protection
       "nginx.ingress.kubernetes.io/limit-connections" : 100
       "nginx.ingress.kubernetes.io/limit-rps" : 5
@@ -103,11 +118,11 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
 
   spec {
     tls {
-      hosts       = ["${var.name}.viktorbarzin.me"]
+      hosts       = ["${var.name}.${var.root_domain}"]
       secret_name = var.tls_secret_name
     }
     rule {
-      host = "${var.host != null ? var.host : var.name}.viktorbarzin.me"
+      host = "${var.host != null ? var.host : var.name}.${var.root_domain}"
       http {
         dynamic "path" {
           # for_each = { for pr in var.ingress_path : pr => pr }