diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 6a903487..b7f233bc 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -295,6 +295,11 @@ module "travel_blog" { tls_secret_name = var.tls_secret_name } +module "technitium" { + source = "./technitium" + tls_secret_name = var.tls_secret_name +} + # module "metrics_api" { # source = "./metrics_api" # tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/pihole/main.tf b/modules/kubernetes/pihole/main.tf index bdeb4b50..c7254648 100644 --- a/modules/kubernetes/pihole/main.tf +++ b/modules/kubernetes/pihole/main.tf @@ -128,8 +128,8 @@ resource "kubernetes_service" "pihole-dns" { } spec { - type = "LoadBalancer" - external_traffic_policy = "Cluster" + # type = "LoadBalancer" + # external_traffic_policy = "Cluster" selector = { app = "pihole" } diff --git a/modules/kubernetes/technitium/main.tf b/modules/kubernetes/technitium/main.tf new file mode 100644 index 00000000..7ef1f3f7 --- /dev/null +++ b/modules/kubernetes/technitium/main.tf @@ -0,0 +1,160 @@ +variable "tls_secret_name" {} + +resource "kubernetes_namespace" "technitium" { + metadata { + name = "technitium" + } +} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "technitium" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_deployment" "technitium" { + metadata { + name = "technitium" + namespace = "technitium" + labels = { + app = "technitium" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "technitium" + } + } + template { + metadata { + labels = { + app = "technitium" + } + } + spec { + container { + image = "technitium/dns-server:latest" + name = "technitium" + resources { + limits = { + cpu = "1" + memory = "1Gi" + } + requests = { + cpu = "1" + memory = "1Gi" + } + } + port { + container_port = 5380 + } + port { + container_port = 53 + } + volume_mount { + mount_path = "/etc/dns" + name = "nfs-config" + } + } + volume { + name = "nfs-config" + nfs { + path = "/mnt/main/technitium" + server = "10.0.10.15" + } + } + } + } + } +} + + +resource "kubernetes_service" "technitium-web" { + metadata { + name = "technitium-web" + namespace = "technitium" + labels = { + "app" = "technitium" + } + # annotations = { + # "metallb.universe.tf/allow-shared-ip" : "shared" + # } + } + + spec { + # type = "LoadBalancer" + # external_traffic_policy = "Cluster" + selector = { + app = "technitium" + } + port { + name = "technitium-dns" + port = "5380" + protocol = "TCP" + } + } +} + +resource "kubernetes_service" "technitium-dns" { + metadata { + name = "technitium-dns" + namespace = "technitium" + labels = { + "app" = "technitium" + } + annotations = { + "metallb.universe.tf/allow-shared-ip" : "shared" + } + } + + spec { + type = "LoadBalancer" + external_traffic_policy = "Cluster" + selector = { + app = "technitium" + + } + port { + name = "technitium-dns" + port = "53" + protocol = "UDP" + } + } +} + +resource "kubernetes_ingress_v1" "technitium" { + metadata { + name = "technitium-ingress" + namespace = "technitium" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" + "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" + } + } + + spec { + tls { + hosts = ["technitium.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "technitium.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "technitium-web" + port { + number = 5380 + } + } + } + } + } + } + } +} diff --git a/terraform.tfstate b/terraform.tfstate index c1aee457..01fa947d 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ diff --git a/terraform.tfvars b/terraform.tfvars index 81c7ac1a..7af40884 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ