add rybbit monitoring to ingresses [ci skip]

2025-12-18 08:53:16 +00:00 · 2025-12-18 08:53:16 +00:00 · 7afd3e758e
commit 7afd3e758e
parent ca19b6b05b
26 changed files with 210 additions and 50 deletions
--- a/modules/kubernetes/reverse_proxy/factory/main.tf
+++ b/modules/kubernetes/reverse_proxy/factory/main.tf
@ -33,6 +33,10 @@ variable "proxy_timeout" {
 variable "extra_annotations" {
  default = {}
 }
+variable "rybbit_site_id" {
+  default = null
+  type    = string
+}


 resource "kubernetes_service" "proxied-service" {
@ -81,39 +85,62 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
      "nginx.ingress.kubernetes.io/proxy-send-timeout" : var.proxy_timeout
      "nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout

-    }, var.extra_annotations)
+      "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
+        limit_req_status 429;
+        limit_conn_status 429;
+        ${var.rybbit_site_id != null ? <<-JS
+          # Rybbit Analytics
+          # Only modify HTML
+          sub_filter_types text/html;
+          sub_filter_once off;
+
+          # Disable compression so sub_filter works
+          proxy_set_header Accept-Encoding "";
+
+          # Inject analytics before </head>
+          sub_filter '</head>' '
+          <script src="https://rybbit.viktorbarzin.me/api/script.js"
+                data-site-id="${var.rybbit_site_id}"
+                defer></script> 
+          </head>';
+        JS
+      : ""
+      }
+      EOF
+
+  }, var.extra_annotations)
+}
+
+spec {
+  tls {
+    hosts       = ["${var.name}.viktorbarzin.me"]
+    secret_name = var.tls_secret_name
  }
+  rule {
+    host = "${var.name}.viktorbarzin.me"
+    http {
+      dynamic "path" {
+        # for_each = { for pr in var.ingress_path : pr => pr }
+        for_each = var.ingress_path

-  spec {
-    tls {
-      hosts       = ["${var.name}.viktorbarzin.me"]
-      secret_name = var.tls_secret_name
-    }
-    rule {
-      host = "${var.name}.viktorbarzin.me"
-      http {
-        dynamic "path" {
-          # for_each = { for pr in var.ingress_path : pr => pr }
-          for_each = var.ingress_path
+        content {
+          path = path.value
+          backend {
+            service {

-          content {
-            path = path.value
-            backend {
-              service {
-
-                name = var.name
-                port {
-                  number = var.port
-                }
+              name = var.name
+              port {
+                number = var.port
              }
            }
          }
        }
-        # path {
-        #   # path = var.ingress_path
-        #   path = each.value
-        # }
      }
+      # path {
+      #   # path = var.ingress_path
+      #   path = each.value
+      # }
    }
  }
 }
+}