viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

replace bind-pihole-dnscrypt with technitium [ci skip]

Browse source
This commit is contained in:
Viktor Barzin 2023-09-14 09:20:16 +00:00
parent c02ad0e9ca
commit 96e43d4510
No known key found for this signature in database
GPG key ID: 4056458DBDBF8863
5 changed files with 167 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/kubernetes/main.tf
View file

@ -295,6 +295,11 @@ module "travel_blog" {
tls_secret_name = var.tls_secret_name
}
module "technitium" {
source = "./technitium"
tls_secret_name = var.tls_secret_name
}
# module "metrics_api" {
# source = "./metrics_api"
# tls_secret_name = var.tls_secret_name

4
modules/kubernetes/pihole/main.tf
View file

@ -128,8 +128,8 @@ resource "kubernetes_service" "pihole-dns" {
}
spec {
type = "LoadBalancer"
external_traffic_policy = "Cluster"
# type = "LoadBalancer"
# external_traffic_policy = "Cluster"
selector = {
app = "pihole"
}

160
modules/kubernetes/technitium/main.tf Normal file
View file

@ -0,0 +1,160 @@
variable "tls_secret_name" {}
resource "kubernetes_namespace" "technitium" {
metadata {
name = "technitium"
}
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "technitium"
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "technitium" {
metadata {
name = "technitium"
namespace = "technitium"
labels = {
app = "technitium"
}
}
spec {
replicas = 1
selector {
match_labels = {
app = "technitium"
}
}
template {
metadata {
labels = {
app = "technitium"
}
}
spec {
container {
image = "technitium/dns-server:latest"
name = "technitium"
resources {
limits = {
cpu = "1"
memory = "1Gi"
}
requests = {
cpu = "1"
memory = "1Gi"
}
}
port {
container_port = 5380
}
port {
container_port = 53
}
volume_mount {
mount_path = "/etc/dns"
name = "nfs-config"
}
}
volume {
name = "nfs-config"
nfs {
path = "/mnt/main/technitium"
server = "10.0.10.15"
}
}
}
}
}
}
resource "kubernetes_service" "technitium-web" {
metadata {
name = "technitium-web"
namespace = "technitium"
labels = {
"app" = "technitium"
}
# annotations = {
# "metallb.universe.tf/allow-shared-ip" : "shared"
# }
}
spec {
# type = "LoadBalancer"
# external_traffic_policy = "Cluster"
selector = {
app = "technitium"
}
port {
name = "technitium-dns"
port = "5380"
protocol = "TCP"
}
}
}
resource "kubernetes_service" "technitium-dns" {
metadata {
name = "technitium-dns"
namespace = "technitium"
labels = {
"app" = "technitium"
}
annotations = {
"metallb.universe.tf/allow-shared-ip" : "shared"
}
}
spec {
type = "LoadBalancer"
external_traffic_policy = "Cluster"
selector = {
app = "technitium"
}
port {
name = "technitium-dns"
port = "53"
protocol = "UDP"
}
}
}
resource "kubernetes_ingress_v1" "technitium" {
metadata {
name = "technitium-ingress"
namespace = "technitium"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
"nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret"
}
}
spec {
tls {
hosts = ["technitium.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "technitium.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "technitium-web"
port {
number = 5380
}
}
}
}
}
}
}
}

BIN
terraform.tfstate
View file

Binary file not shown.

BIN
terraform.tfvars
View file

Binary file not shown.