viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

setup boilerplat for tcp passtrhough in nginx ingress [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2025-08-22 21:42:51 +00:00
parent e5e813afb5
commit 9258076d3b
1 changed files with 22 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

24
modules/kubernetes/nginx-ingress/main.tf
View file

@ -365,6 +365,15 @@ resource "kubernetes_config_map" "udp_services" {
53 : "technitium/technitium-dns:53" 53 : "technitium/technitium-dns:53"
} }
} }
resource "kubernetes_config_map" "tcp_services" {
metadata {
name = "tcp-services"
namespace = "ingress-nginx"
}
data = {
# 9443 : "wireguard/xray:7443" // reality
}
}
resource "kubernetes_service" "ingress_nginx_controller" { resource "kubernetes_service" "ingress_nginx_controller" {
metadata { metadata {
name = "ingress-nginx-controller" name = "ingress-nginx-controller"
@ -396,6 +405,12 @@ resource "kubernetes_service" "ingress_nginx_controller" {
port = 53 port = 53
target_port = "dns" target_port = "dns"
} }
# port {
# name = "xray-reality"
# protocol = "TCP"
# port = 9443 # expose tcp port here
# target_port = "9443"
# }
selector = { selector = {
"app.kubernetes.io/component" = "controller" "app.kubernetes.io/component" = "controller"
"app.kubernetes.io/instance" = "ingress-nginx" "app.kubernetes.io/instance" = "ingress-nginx"
@ -448,7 +463,7 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
} }
} }
spec { spec {
replicas = 1 replicas = 3
selector { selector {
match_labels = { match_labels = {
@ -559,7 +574,7 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
name = "controller" name = "controller"
# https://github.com/kubernetes/ingress-nginx # https://github.com/kubernetes/ingress-nginx
image = "registry.k8s.io/ingress-nginx/controller:v1.11.8" image = "registry.k8s.io/ingress-nginx/controller:v1.11.8"
args = ["/nginx-ingress-controller", "--election-id=ingress-nginx-leader", "--controller-class=k8s.io/ingress-nginx", "--ingress-class=nginx", "--configmap=$(POD_NAMESPACE)/ingress-nginx-controller", "--validating-webhook=:8443", "--validating-webhook-certificate=/usr/local/certificates/cert", "--validating-webhook-key=/usr/local/certificates/key", "--udp-services-configmap", "ingress-nginx/udp-services"] args = ["/nginx-ingress-controller", "--election-id=ingress-nginx-leader", "--controller-class=k8s.io/ingress-nginx", "--ingress-class=nginx", "--configmap=$(POD_NAMESPACE)/ingress-nginx-controller", "--validating-webhook=:8443", "--validating-webhook-certificate=/usr/local/certificates/cert", "--validating-webhook-key=/usr/local/certificates/key", "--udp-services-configmap", "ingress-nginx/udp-services", "--tcp-services-configmap", "ingress-nginx/tcp-services"]
volume_mount { volume_mount {
name = "crowdsec" name = "crowdsec"
mount_path = "/etc/nginx/lua/plugins/crowdsec" mount_path = "/etc/nginx/lua/plugins/crowdsec"
@ -580,6 +595,11 @@ resource "kubernetes_deployment" "ingress_nginx_controller" {
container_port = 53 container_port = 53
protocol = "UDP" protocol = "UDP"
} }
# port {
# name = "xray-reality"
# container_port = 9443 # expose port here
# protocol = "TCP"
# }
port { port {
name = "webhook" name = "webhook"
container_port = 8443 container_port = 8443