add flaresolverr and prowlar; also move all services in a single namespace [ci skip]

2025-09-06 21:41:02 +00:00 · 2025-09-06 21:41:02 +00:00 · 615d0549e8
commit 615d0549e8
parent 7eacc9d6c8
5 changed files with 160 additions and 139 deletions
--- a/modules/kubernetes/servarr/prowlarr/main.tf
+++ b/modules/kubernetes/servarr/prowlarr/main.tf
@ -1,24 +1,10 @@
 variable "tls_secret_name" {}
-resource "kubernetes_namespace" "prowlarr" {
-  metadata {
-    name = "prowlarr"
-    # labels = {
-    #   "istio-injection" : "enabled"
-    # }
-  }
-}


-module "tls_secret" {
-  source          = "../../setup_tls_secret"
-  namespace       = "prowlarr"
-  tls_secret_name = var.tls_secret_name
-}
-
 resource "kubernetes_deployment" "prowlarr" {
  metadata {
    name      = "prowlarr"
-    namespace = "prowlarr"
+    namespace = "servarr"
    labels = {
      app = "prowlarr"
    }
@ -87,7 +73,7 @@ resource "kubernetes_deployment" "prowlarr" {
 resource "kubernetes_service" "prowlarr" {
  metadata {
    name      = "prowlarr"
-    namespace = "prowlarr"
+    namespace = "servarr"
    labels = {
      app = "prowlarr"
    }
@ -98,48 +84,18 @@ resource "kubernetes_service" "prowlarr" {
      app = "prowlarr"
    }
    port {
-      name = "http"
-      port = 9696
+      name        = "http"
+      port        = 80
+      target_port = 9696
    }
  }
 }

-resource "kubernetes_ingress_v1" "prowlarr" {
-  metadata {
-    name      = "prowlarr"
-    namespace = "prowlarr"
-    annotations = {
-      "kubernetes.io/ingress.class" = "nginx"
-      # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
-      # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
-      "nginx.ingress.kubernetes.io/auth-url"    = "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx"
-      "nginx.ingress.kubernetes.io/auth-signin" = "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri"

-      "nginx.ingress.kubernetes.io/auth-response-headers" = "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid"
-      "nginx.ingress.kubernetes.io/auth-snippet"          = "proxy_set_header X-Forwarded-Host $http_host;"
-    }
-  }
-
-  spec {
-    tls {
-      hosts       = ["prowlarr.viktorbarzin.me"]
-      secret_name = var.tls_secret_name
-    }
-    rule {
-      host = "prowlarr.viktorbarzin.me"
-      http {
-        path {
-          path = "/"
-          backend {
-            service {
-              name = "prowlarr"
-              port {
-                number = 9696
-              }
-            }
-          }
-        }
-      }
-    }
-  }
+module "ingress" {
+  source          = "../../ingress_factory"
+  namespace       = "servarr"
+  name            = "prowlarr"
+  tls_secret_name = var.tls_secret_name
+  protected       = true
 }