Migrate all service modules from nginx-ingress to Traefik
- Remove nginx-specific ingress variables (use_proxy_protocol, proxy_timeout, additional_configuration_snippet) - Update ingress annotations to use Traefik middleware CRDs - Delete nginx-ingress module (replaced by traefik) - Add new traefik middleware.tf for shared middleware definitions - Update service modules to work with new ingress_factory interface
This commit is contained in:
parent
43cdebe791
commit
b36932f9a3
50 changed files with 516 additions and 1681 deletions
|
|
@ -211,38 +211,13 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
|
|||
name = "realestate-crawler"
|
||||
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
|
||||
annotations = {
|
||||
"kubernetes.io/ingress.class" = "nginx"
|
||||
"nginx.ingress.kubernetes.io/backend-protocol" = "http"
|
||||
|
||||
# "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" : null
|
||||
# "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" : null
|
||||
# "nginx.ingress.kubernetes.io/auth-snippet" : var.protected ? "proxy_set_header X-Forwarded-Host $http_host;" : null
|
||||
|
||||
"nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
|
||||
limit_req_status 429;
|
||||
limit_conn_status 429;
|
||||
|
||||
# Rybbit Analytics
|
||||
# Only modify HTML
|
||||
sub_filter_types text/html;
|
||||
sub_filter_once off;
|
||||
|
||||
# Disable compression so sub_filter works
|
||||
proxy_set_header Accept-Encoding "";
|
||||
|
||||
# Inject analytics before </head>
|
||||
sub_filter '</head>' '
|
||||
<script src="https://rybbit.viktorbarzin.me/api/script.js"
|
||||
data-site-id="edee05de453d"
|
||||
defer></script>
|
||||
</head>';
|
||||
EOF
|
||||
"traefik.ingress.kubernetes.io/router.middlewares" = "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,realestate-crawler-rybbit-analytics@kubernetescrd"
|
||||
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
spec {
|
||||
ingress_class_name = "traefik"
|
||||
tls {
|
||||
hosts = ["wrongmove.viktorbarzin.me"]
|
||||
secret_name = var.tls_secret_name
|
||||
|
|
@ -473,3 +448,25 @@ resource "kubernetes_cron_job_v1" "scrape-rightmove" {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Rybbit analytics middleware for real-estate-crawler
|
||||
resource "kubernetes_manifest" "rybbit_analytics" {
|
||||
manifest = {
|
||||
apiVersion = "traefik.io/v1alpha1"
|
||||
kind = "Middleware"
|
||||
metadata = {
|
||||
name = "rybbit-analytics"
|
||||
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
|
||||
}
|
||||
spec = {
|
||||
plugin = {
|
||||
rewritebody = {
|
||||
rewrites = [{
|
||||
regex = "</head>"
|
||||
replacement = "<script src=\"https://rybbit.viktorbarzin.me/api/script.js\" data-site-id=\"edee05de453d\" defer></script></head>"
|
||||
}]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue