viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

consolidate MetalLB IPs: 5 → 1 (10.0.20.200)

Browse source 
Migrate all 11 LoadBalancer services to share 10.0.20.200:
- Update annotations: metallb.universe.tf → metallb.io
- Pin all services to 10.0.20.200 with allow-shared-ip: shared
- Standardize externalTrafficPolicy to Cluster (required for IP sharing)
- Remove redundant port 80 (roundcube) from mailserver LB
- Update CoreDNS forward: 10.0.20.204 → 10.0.20.200
- Update cloudflared tunnel target: 10.0.20.202 → 10.0.20.200

Services consolidated: coturn, headscale, kms, qbittorrent, shadowsocks,
torrserver, wireguard, mailserver, traefik, xray, technitium
This commit is contained in:
Viktor Barzin 2026-03-24 18:35:43 +02:00
parent fc432197aa
commit c49e4561a3
18 changed files with 49 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

12
stacks/platform/modules/mailserver/main.tf
View file

@ -460,14 +460,14 @@ resource "kubernetes_service" "mailserver" {
}
annotations = {
"metallb.universe.tf/allow-shared-ip" = "shared"
"metallb.io/loadBalancerIPs" = "10.0.20.200"
"metallb.io/allow-shared-ip" = "shared"
}
}
spec {
type = "LoadBalancer"
# external_traffic_policy = "Cluster"
external_traffic_policy = "Local"
external_traffic_policy = "Cluster"
selector = {
app = "mailserver"
}
@ -499,12 +499,6 @@ resource "kubernetes_service" "mailserver" {
port = 993
target_port = "imap-secure"
}
port {
name = "roundcube"
protocol = "TCP"
port = 80
}
}
}