add metabase secured ingress [ci skip]

This commit is contained in:
Viktor Barzin 2023-11-24 19:04:44 +00:00
parent 284a3c5969
commit b628c92aee
2 changed files with 45 additions and 56 deletions

View file

@ -69,37 +69,37 @@ resource "helm_release" "crowdsec" {
# values = [templatefile("${path.module}/rowdsec-ingress-bouncer.yaml", {})] # values = [templatefile("${path.module}/rowdsec-ingress-bouncer.yaml", {})]
} }
resource "kubernetes_ingress_v1" "metabase" { # resource "kubernetes_ingress_v1" "metabase" {
metadata { # metadata {
name = "metabase" # name = "metabase"
namespace = "crowdsec" # namespace = "crowdsec"
annotations = { # annotations = {
"kubernetes.io/ingress.class" = "nginx" # "kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
} # }
} # }
spec { # spec {
tls { # tls {
hosts = ["metabase.viktorbarzin.me"] # hosts = ["metabase.viktorbarzin.me"]
secret_name = var.tls_secret_name # secret_name = var.tls_secret_name
} # }
rule { # rule {
host = "metabase.viktorbarzin.me" # host = "metabase.viktorbarzin.me"
http { # http {
path { # path {
path = "/" # path = "/"
backend { # backend {
service { # service {
name = "crowdsec-service" # name = "crowdsec-service"
port { # port {
number = 3000 # number = 3000
} # }
} # }
} # }
} # }
} # }
} # }
} # }
} # }

View file

@ -22,27 +22,16 @@ lapi:
# As it's a test, we don't want to share signals with CrowdSec, so disable the Online API. # As it's a test, we don't want to share signals with CrowdSec, so disable the Online API.
- name: DISABLE_ONLINE_API - name: DISABLE_ONLINE_API
value: "true" value: "true"
dashboard:
enabled: true
ingress: ingress:
enabled: true enabled: true
annotations: annotations:
# we only want http to the backend so we need this annotation
nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
# labels: {} nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth"
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
ingressClassName: "nginx" ingressClassName: "nginx"
host: "crowdsec.viktorbarzin.me" # crowdsec-api.example.com host: "crowdsec.viktorbarzin.me"
tls:
- hosts:
- crowdsec.viktorbarzin.me
secretName: "tls-secret"
dashboard:
# -- Enable Metabase Dashboard (by default disabled)
enabled: true
annotations:
# metabase only supports http so we need this annotation
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
# labels: {}
ingressClassName: "nginx" # nginx
host: "crowdsec.viktorbarzin.me" # crowdsec-api.example.com
tls: tls:
- hosts: - hosts:
- crowdsec.viktorbarzin.me - crowdsec.viktorbarzin.me