Migrate all service modules from nginx-ingress to Traefik

- Remove nginx-specific ingress variables (use_proxy_protocol, proxy_timeout, additional_configuration_snippet) - Update ingress annotations to use Traefik middleware CRDs - Delete nginx-ingress module (replaced by traefik) - Add new traefik middleware.tf for shared middleware definitions - Update service modules to work with new ingress_factory interface
2026-02-07 13:25:49 +00:00 · 2026-02-07 13:25:49 +00:00 · c32acc70e6
commit c32acc70e6
parent 0315dd4044
53 changed files with 534 additions and 1714 deletions
--- a/modules/kubernetes/reverse_proxy/main.tf
+++ b/modules/kubernetes/reverse_proxy/main.tf
@ -76,34 +76,28 @@ module "nas-files" {

 # https://idrac.viktorbarzin.me/
 module "idrac" {
-  source           = "./factory"
-  name             = "idrac"
-  external_name    = "idrac.viktorbarzin.lan"
-  port             = 443
-  tls_secret_name  = var.tls_secret_name
-  backend_protocol = "HTTPS"
-  extra_annotations = {
-    # authentik causes 413; we don't need the header below
-    "nginx.ingress.kubernetes.io/auth-response-headers" : null
-  }
-  depends_on = [kubernetes_namespace.reverse-proxy]
+  source            = "./factory"
+  name              = "idrac"
+  external_name     = "idrac.viktorbarzin.lan"
+  port              = 443
+  tls_secret_name   = var.tls_secret_name
+  backend_protocol  = "HTTPS"
+  extra_annotations = {}
+  depends_on        = [kubernetes_namespace.reverse-proxy]
 }

 # Can either listen on https or http; can't do both :/
 # TODO: Not working yet
 module "tp-link-gateway" {
-  source           = "./factory"
-  name             = "gw"
-  external_name    = "gw.viktorbarzin.lan"
-  port             = 443
-  tls_secret_name  = var.tls_secret_name
-  backend_protocol = "HTTPS"
-  depends_on       = [kubernetes_namespace.reverse-proxy]
-  protected        = true
-  extra_annotations = {
-    # authentik causes 413; we don't need the header below
-    "nginx.ingress.kubernetes.io/auth-response-headers" : null
-  }
+  source            = "./factory"
+  name              = "gw"
+  external_name     = "gw.viktorbarzin.lan"
+  port              = 443
+  tls_secret_name   = var.tls_secret_name
+  backend_protocol  = "HTTPS"
+  depends_on        = [kubernetes_namespace.reverse-proxy]
+  protected         = true
+  extra_annotations = {}
 }

 # https://truenas.viktorbarzin.me/