Migrate all service modules from nginx-ingress to Traefik

- Remove nginx-specific ingress variables (use_proxy_protocol, proxy_timeout, additional_configuration_snippet)
- Update ingress annotations to use Traefik middleware CRDs
- Delete nginx-ingress module (replaced by traefik)
- Add new traefik middleware.tf for shared middleware definitions
- Update service modules to work with new ingress_factory interface
This commit is contained in:
Viktor Barzin 2026-02-07 13:25:49 +00:00
parent 43cdebe791
commit b36932f9a3
50 changed files with 516 additions and 1681 deletions

View file

@ -211,38 +211,13 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
name = "realestate-crawler"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/backend-protocol" = "http"
# "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" : null
# "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" : null
# "nginx.ingress.kubernetes.io/auth-snippet" : var.protected ? "proxy_set_header X-Forwarded-Host $http_host;" : null
"nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
limit_req_status 429;
limit_conn_status 429;
# Rybbit Analytics
# Only modify HTML
sub_filter_types text/html;
sub_filter_once off;
# Disable compression so sub_filter works
proxy_set_header Accept-Encoding "";
# Inject analytics before </head>
sub_filter '</head>' '
<script src="https://rybbit.viktorbarzin.me/api/script.js"
data-site-id="edee05de453d"
defer></script>
</head>';
EOF
"traefik.ingress.kubernetes.io/router.middlewares" = "traefik-rate-limit@kubernetescrd,traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd,realestate-crawler-rybbit-analytics@kubernetescrd"
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
}
}
spec {
ingress_class_name = "traefik"
tls {
hosts = ["wrongmove.viktorbarzin.me"]
secret_name = var.tls_secret_name
@ -473,3 +448,25 @@ resource "kubernetes_cron_job_v1" "scrape-rightmove" {
}
}
}
# Rybbit analytics middleware for real-estate-crawler
resource "kubernetes_manifest" "rybbit_analytics" {
manifest = {
apiVersion = "traefik.io/v1alpha1"
kind = "Middleware"
metadata = {
name = "rybbit-analytics"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
}
spec = {
plugin = {
rewritebody = {
rewrites = [{
regex = "</head>"
replacement = "<script src=\"https://rybbit.viktorbarzin.me/api/script.js\" data-site-id=\"edee05de453d\" defer></script></head>"
}]
}
}
}
}
}