diff --git a/modules/kubernetes/actualbudget/factory/main.tf b/modules/kubernetes/actualbudget/factory/main.tf index cd1318b4..4e539171 100644 --- a/modules/kubernetes/actualbudget/factory/main.tf +++ b/modules/kubernetes/actualbudget/factory/main.tf @@ -62,7 +62,7 @@ resource "kubernetes_deployment" "actualbudget" { resource "kubernetes_service" "actualbudget" { metadata { - name = "actualbudget-${var.name}" + name = "budget-${var.name}" namespace = "actualbudget" labels = { app = "actualbudget-${var.name}" @@ -81,43 +81,13 @@ resource "kubernetes_service" "actualbudget" { } } -resource "kubernetes_ingress_v1" "actualbudget" { - metadata { - name = "actualbudget-ingress-${var.name}" - namespace = "actualbudget" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/client-max-body-size" : "0" - "nginx.ingress.kubernetes.io/proxy-body-size" : "0", - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - # "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - # "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - # "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" - } - } - - spec { - tls { - hosts = ["budget-${var.name}.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "budget-${var.name}.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "actualbudget-${var.name}" - port { - number = 80 - } - } - } - } - } - } +module "ingress" { + source = "../../ingress_factory" + namespace = "actualbudget" + name = "budget-${var.name}" + tls_secret_name = var.tls_secret_name + extra_annotations = { + "nginx.ingress.kubernetes.io/proxy-body-size" : "0", + "nginx.ingress.kubernetes.io/client-max-body-size" : "0" } } diff --git a/modules/kubernetes/audiobookshelf/main.tf b/modules/kubernetes/audiobookshelf/main.tf index 54f9eeac..8aecd62a 100644 --- a/modules/kubernetes/audiobookshelf/main.tf +++ b/modules/kubernetes/audiobookshelf/main.tf @@ -122,37 +122,14 @@ resource "kubernetes_service" "audiobookshelf" { } } -resource "kubernetes_ingress_v1" "audiobookshelf" { - metadata { - name = "audiobookshelf" - namespace = "audiobookshelf" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/proxy-body-size" : "20000m" - } - } - - spec { - tls { - hosts = ["audiobookshelf.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "audiobookshelf.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "audiobookshelf" - port { - number = 80 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "audiobookshelf" + name = "audiobookshelf" + tls_secret_name = var.tls_secret_name + extra_annotations = { + "nginx.ingress.kubernetes.io/proxy-body-size" : "0", + "nginx.ingress.kubernetes.io/client-max-body-size" : "0" } } diff --git a/modules/kubernetes/calibre/main.tf b/modules/kubernetes/calibre/main.tf index 2beb5bfc..b59f235c 100644 --- a/modules/kubernetes/calibre/main.tf +++ b/modules/kubernetes/calibre/main.tf @@ -113,66 +113,26 @@ resource "kubernetes_service" "calibre" { } } } -resource "kubernetes_ingress_v1" "calibre" { - metadata { - name = "calibre" - namespace = "calibre" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m" - "gethomepage.dev/enabled" = "true" - "gethomepage.dev/description" = "Book library" - # gethomepage.dev/group: Media - "gethomepage.dev/icon" : "calibre-web.png" - "gethomepage.dev/name" = "Calibre" - "gethomepage.dev/widget.type" = "calibreweb" - "gethomepage.dev/widget.url" = "https://calibre.viktorbarzin.me" - "gethomepage.dev/widget.username" = var.homepage_username - "gethomepage.dev/widget.password" = var.homepage_password - "gethomepage.dev/pod-selector" = "" - # gethomepage.dev/weight: 10 # optional - # gethomepage.dev/instance: "public" # optional - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "calibre" + name = "calibre" + tls_secret_name = var.tls_secret_name + extra_annotations = { + "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m" - spec { - tls { - hosts = ["calibre.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "calibre.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "calibre" - port { - number = 80 - } - } - } - } - } - } - rule { - host = "books.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "calibre" - port { - number = 80 - } - } - } - } - } - } + "gethomepage.dev/enabled" = "true" + "gethomepage.dev/description" = "Book library" + # gethomepage.dev/group: Media + "gethomepage.dev/icon" : "calibre-web.png" + "gethomepage.dev/name" = "Calibre" + "gethomepage.dev/widget.type" = "calibreweb" + "gethomepage.dev/widget.url" = "https://calibre.viktorbarzin.me" + "gethomepage.dev/widget.username" = var.homepage_username + "gethomepage.dev/widget.password" = var.homepage_password + "gethomepage.dev/pod-selector" = "" + # gethomepage.dev/weight: 10 # optional + # gethomepage.dev/instance: "public" # optional } } - diff --git a/modules/kubernetes/changedetection/main.tf b/modules/kubernetes/changedetection/main.tf index ab6fed7f..0a52da3b 100644 --- a/modules/kubernetes/changedetection/main.tf +++ b/modules/kubernetes/changedetection/main.tf @@ -120,40 +120,10 @@ resource "kubernetes_service" "changedetection" { } } -resource "kubernetes_ingress_v1" "changedetection" { - metadata { - name = "changedetection-ingress" - namespace = "changedetection" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - - "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" - } - } - - spec { - tls { - hosts = ["changedetection.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "changedetection.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "changedetection" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "changedetection" + name = "changedetection" + tls_secret_name = var.tls_secret_name + protected = true } diff --git a/modules/kubernetes/city-guesser/main.tf b/modules/kubernetes/city-guesser/main.tf index b5f5a07a..72fbd7e0 100644 --- a/modules/kubernetes/city-guesser/main.tf +++ b/modules/kubernetes/city-guesser/main.tf @@ -107,40 +107,12 @@ resource "kubernetes_service" "city-guesser" { # } # } -resource "kubernetes_ingress_v1" "city-guesser" { - metadata { - name = "city-guesser-ingress" - namespace = "city-guesser" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-url" = "https://$host/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" = "https://$host/oauth2/start?rd=$escaped_request_uri" - # "nginx.ingress.kubernetes.io/auth-response-headers" = "X-Auth-Request-User,X-Auth-Request-Email" - } - } - - spec { - tls { - hosts = ["city-guesser.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "city-guesser.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "city-guesser" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "city-guesser" + name = "city-guesser" + tls_secret_name = var.tls_secret_name + protected = true } # resource "kubernetes_ingress_v1" "city-guesser-oauth" { diff --git a/modules/kubernetes/cloudflared/main.tf b/modules/kubernetes/cloudflared/main.tf index 0b14f48d..5d23dd2e 100644 --- a/modules/kubernetes/cloudflared/main.tf +++ b/modules/kubernetes/cloudflared/main.tf @@ -83,37 +83,3 @@ resource "kubernetes_service" "cloudflared" { } } -resource "kubernetes_ingress_v1" "cloudflared" { - metadata { - name = "cloudflared" - namespace = "cloudflared" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - } - } - - spec { - tls { - hosts = ["cloudflared.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "cloudflared.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "cloudflared" - port { - number = 80 - } - } - } - } - } - } - } -} diff --git a/modules/kubernetes/cyberchef/main.tf b/modules/kubernetes/cyberchef/main.tf index 4403011f..f1320f37 100644 --- a/modules/kubernetes/cyberchef/main.tf +++ b/modules/kubernetes/cyberchef/main.tf @@ -54,7 +54,7 @@ resource "kubernetes_deployment" "cyberchef" { resource "kubernetes_service" "cyberchef" { metadata { - name = "cyberchef" + name = "cc" namespace = "cyberchef" labels = { "app" = "cyberchef" @@ -73,36 +73,10 @@ resource "kubernetes_service" "cyberchef" { } } -resource "kubernetes_ingress_v1" "cyberchef" { - metadata { - name = "cyberchef" - namespace = "cyberchef" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - spec { - tls { - hosts = ["cc.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "cc.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "cyberchef" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "cyberchef" + name = "cc" + tls_secret_name = var.tls_secret_name } - diff --git a/modules/kubernetes/dashy/main.tf b/modules/kubernetes/dashy/main.tf index 4fc282ad..dc946ecf 100644 --- a/modules/kubernetes/dashy/main.tf +++ b/modules/kubernetes/dashy/main.tf @@ -103,38 +103,11 @@ resource "kubernetes_service" "dashy" { } } -resource "kubernetes_ingress_v1" "dashy" { - metadata { - name = "dashy-ingress" - namespace = "dashy" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - } - } - - spec { - tls { - hosts = ["dashy.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "dashy.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "dashy" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "dashy" + name = "dashy" + tls_secret_name = var.tls_secret_name + protected = true # hidden as we use homepage now } diff --git a/modules/kubernetes/dawarich/main.tf b/modules/kubernetes/dawarich/main.tf index c87bdb65..9eefa75d 100644 --- a/modules/kubernetes/dawarich/main.tf +++ b/modules/kubernetes/dawarich/main.tf @@ -216,39 +216,9 @@ resource "kubernetes_service" "dawarich" { } } } - -resource "kubernetes_ingress_v1" "dawarich" { - metadata { - name = "dawarich" - namespace = "dawarich" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-type" = "basic" # support only basic auth; can't use authentik - # "nginx.ingress.kubernetes.io/auth-secret" = kubernetes_secret.basic_auth.metadata[0].name - # "nginx.ingress.kubernetes.io/auth-realm" = "Authentication Required" - } - } - - spec { - tls { - hosts = ["dawarich.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "dawarich.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "dawarich" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "dawarich" + name = "dawarich" + tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/dbaas/main.tf b/modules/kubernetes/dbaas/main.tf index 047827ad..5055adb3 100644 --- a/modules/kubernetes/dbaas/main.tf +++ b/modules/kubernetes/dbaas/main.tf @@ -410,7 +410,7 @@ resource "kubernetes_deployment" "phpmyadmin" { resource "kubernetes_service" "phpmyadmin" { metadata { - name = "phpmyadmin" + name = "pma" namespace = "dbaas" } spec { @@ -423,46 +423,14 @@ resource "kubernetes_service" "phpmyadmin" { } } } - -resource "kubernetes_ingress_v1" "phpmyadmin" { - metadata { - name = "phpmyadmin-ingress" - namespace = "dbaas" - - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" - # "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" - "nginx.ingress.kubernetes.io/proxy-body-size" : "50m" - } - } - spec { - tls { - hosts = ["pma.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "pma.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "phpmyadmin" - port { - number = 80 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "dbaas" + name = "pma" + tls_secret_name = var.tls_secret_name + protected = true + extra_annotations = { + "nginx.ingress.kubernetes.io/proxy-body-size" : "50m" } } @@ -866,48 +834,18 @@ resource "kubernetes_service" "pgadmin" { } } } -resource "kubernetes_ingress_v1" "pgadmin" { - metadata { - name = "pgadmin" - namespace = "dbaas" - - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" - # "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" - "nginx.ingress.kubernetes.io/proxy-body-size" : "50m" - } - } - spec { - tls { - hosts = ["pgadmin.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "pgadmin.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "pgadmin" - port { - number = 80 - } - } - } - } - } - } +module "ingress-pgadmin" { + source = "../ingress_factory" + namespace = "dbaas" + name = "pgadmin" + tls_secret_name = var.tls_secret_name + protected = true + extra_annotations = { + "nginx.ingress.kubernetes.io/proxy-body-size" : "50m" } } + resource "kubernetes_cron_job_v1" "postgresql-backup" { metadata { name = "postgresql-backup" diff --git a/modules/kubernetes/drone/main.tf b/modules/kubernetes/drone/main.tf index b8ecede9..2762a6c7 100644 --- a/modules/kubernetes/drone/main.tf +++ b/modules/kubernetes/drone/main.tf @@ -153,41 +153,15 @@ resource "kubernetes_service" "drone" { } } -resource "kubernetes_ingress_v1" "drone" { - metadata { - name = "drone-ingress" - namespace = "drone" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - //"nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" - //"nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" - } - } - - spec { - tls { - hosts = ["drone.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "drone.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "drone" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "drone" + name = "drone" + tls_secret_name = var.tls_secret_name + protected = true } + # Setup drone runner resource "kubernetes_cluster_role" "drone" { metadata { diff --git a/modules/kubernetes/excalidraw/main.tf b/modules/kubernetes/excalidraw/main.tf index c48f2373..f3959c43 100644 --- a/modules/kubernetes/excalidraw/main.tf +++ b/modules/kubernetes/excalidraw/main.tf @@ -51,9 +51,9 @@ resource "kubernetes_deployment" "excalidraw" { } } -resource "kubernetes_service" "finance_app" { +resource "kubernetes_service" "draw" { metadata { - name = "excalidraw" + name = "draw" namespace = "excalidraw" labels = { app = "excalidraw" @@ -71,52 +71,10 @@ resource "kubernetes_service" "finance_app" { } } - -resource "kubernetes_ingress_v1" "finance_app" { - metadata { - name = "excalidraw" - namespace = "excalidraw" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - - spec { - tls { - hosts = ["excalidraw.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "excalidraw.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "excalidraw" - port { - number = 80 - } - } - } - } - } - } - rule { - host = "draw.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "excalidraw" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "excalidraw" + name = "draw" + tls_secret_name = var.tls_secret_name } + diff --git a/modules/kubernetes/f1-stream/main.tf b/modules/kubernetes/f1-stream/main.tf index 773c37e7..fbd300e3 100644 --- a/modules/kubernetes/f1-stream/main.tf +++ b/modules/kubernetes/f1-stream/main.tf @@ -56,7 +56,7 @@ resource "kubernetes_deployment" "f1-stream" { resource "kubernetes_service" "f1-stream" { metadata { - name = "f1-stream" + name = "f1" namespace = "f1-stream" labels = { "app" = "f1-stream" @@ -80,38 +80,13 @@ module "tls_secret" { } -resource "kubernetes_ingress_v1" "f1-stream" { - metadata { - name = "f1-ingress" - namespace = "f1-stream" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/force-ssl-redirect" : "false" - "nginx.ingress.kubernetes.io/ssl-redirect" : "false" - # "nginx.ingress.kubernetes.io/temporal-redirect" : "http://f1.viktorbarzin.me" - } - } - - spec { - tls { - hosts = ["f1.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "f1.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "f1-stream" - port { - number = 80 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "f1-stream" + name = "f1" + tls_secret_name = var.tls_secret_name + extra_annotations = { + "nginx.ingress.kubernetes.io/force-ssl-redirect" : "false" + "nginx.ingress.kubernetes.io/ssl-redirect" : "false" } } diff --git a/modules/kubernetes/frigate/main.tf b/modules/kubernetes/frigate/main.tf index 48d7ad67..58371f44 100644 --- a/modules/kubernetes/frigate/main.tf +++ b/modules/kubernetes/frigate/main.tf @@ -236,39 +236,13 @@ resource "kubernetes_service" "frigate" { } } -resource "kubernetes_ingress_v1" "frigate" { - metadata { - name = "frigate" - namespace = "frigate" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/proxy-body-size" : "20000m" - "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - } - } - - spec { - tls { - hosts = ["frigate.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "frigate.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "frigate" - port { - number = 80 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "frigate" + name = "frigate" + tls_secret_name = var.tls_secret_name + protected = true + extra_annotations = { + "nginx.ingress.kubernetes.io/proxy-body-size" : "20000m" } } - diff --git a/modules/kubernetes/hackmd/main.tf b/modules/kubernetes/hackmd/main.tf index 6a3cb9c7..a845483c 100644 --- a/modules/kubernetes/hackmd/main.tf +++ b/modules/kubernetes/hackmd/main.tf @@ -143,39 +143,12 @@ resource "kubernetes_service" "hackmd" { } } } - -resource "kubernetes_ingress_v1" "hackmd" { - metadata { - name = "hackmd-ingress" - namespace = "hackmd" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/affinity" = "cookie" - "nginx.ingress.kubernetes.io/affinity-mode" = "persistent" - "nginx.ingress.kubernetes.io/session-cookie-name" = "_sa_nginx" - } - } - - spec { - tls { - hosts = ["hackmd.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "hackmd.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "hackmd" - port { - number = 80 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "hackmd" + name = "hackmd" + tls_secret_name = var.tls_secret_name + extra_annotations = { + "nginx.ingress.kubernetes.io/proxy-body-size" : "20000m" } } diff --git a/modules/kubernetes/immich/main.tf b/modules/kubernetes/immich/main.tf index 2b229268..301bbf1d 100644 --- a/modules/kubernetes/immich/main.tf +++ b/modules/kubernetes/immich/main.tf @@ -102,125 +102,63 @@ resource "helm_release" "immich" { values = [templatefile("${path.module}/chart_values.tpl", { postgresql_password = var.postgresql_password })] } -resource "kubernetes_ingress_v1" "immich" { - metadata { - name = "immich" - namespace = "immich" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - - # WARNING: When changing any of the below settings, ensure that large file uploads continue working - "nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000", - "nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000", - "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "6000" - "nginx.ingress.kubernetes.io/client-max-body-size" : "0" - # "nginx.ingress.kubernetes.io/proxy-body-size" : "5G", - "nginx.ingress.kubernetes.io/proxy-body-size" : "0", - # "nginx.ingress.kubernetes.io/proxy-buffering" : "on" - # "nginx.ingress.kubernetes.io/proxy-max-temp-file-size" : "4096m" - # "nginx.ingress.kubernetes.io/proxy-request-buffering" : "off" - # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5G" - # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k" - # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8" +module "ingress" { + source = "../ingress_factory" + namespace = "immich" + name = "immich" + tls_secret_name = var.tls_secret_name + port = 2283 + service_name = "immich-server" + extra_annotations = { + "kubernetes.io/ingress.class" = "nginx" + # WARNING: When changing any of the below settings, ensure that large file uploads continue working + "nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000", + "nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000", + "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "6000" + "nginx.ingress.kubernetes.io/client-max-body-size" : "0" + # "nginx.ingress.kubernetes.io/proxy-body-size" : "5G", + "nginx.ingress.kubernetes.io/proxy-body-size" : "0", + # "nginx.ingress.kubernetes.io/proxy-buffering" : "on" + # "nginx.ingress.kubernetes.io/proxy-max-temp-file-size" : "4096m" + # "nginx.ingress.kubernetes.io/proxy-request-buffering" : "off" + # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5G" + # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k" + # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8" - # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5000m" - # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8" - # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k" - # "nginx.ingress.kubernetes.io/proxy-body-size" : "0", - # "nginx.ingress.kubernetes.io/affinity" : "cookie" - # "nginx.ingress.kubernetes.io/affinity-mode" : "persistent" - # "nginx.ingress.kubernetes.io/session-cookie-change-on-failure" : true - # "nginx.ingress.kubernetes.io/session-cookie-expires" : 172800 - # "nginx.ingress.kubernetes.io/session-cookie-max-age" : 172800 - # "nginx.ingress.kubernetes.io/session-cookie-name" : "STICKY_SESSION" - # "nginx.ingress.kubernetes.io/use-regex" : false - "nginx.org/websocket-services" : "immich-server" + # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5000m" + # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8" + # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k" + # "nginx.ingress.kubernetes.io/proxy-body-size" : "0", + # "nginx.ingress.kubernetes.io/affinity" : "cookie" + # "nginx.ingress.kubernetes.io/affinity-mode" : "persistent" + # "nginx.ingress.kubernetes.io/session-cookie-change-on-failure" : true + # "nginx.ingress.kubernetes.io/session-cookie-expires" : 172800 + # "nginx.ingress.kubernetes.io/session-cookie-max-age" : 172800 + # "nginx.ingress.kubernetes.io/session-cookie-name" : "STICKY_SESSION" + # "nginx.ingress.kubernetes.io/use-regex" : false + "nginx.org/websocket-services" : "immich-server" - "gethomepage.dev/enabled" = "true" - "gethomepage.dev/description" = "Photos library" - "gethomepage.dev/icon" = "immich.png" - "gethomepage.dev/name" = "Immich" - "gethomepage.dev/widget.type" = "immich" - "gethomepage.dev/widget.url" = "https://immich.viktorbarzin.me" - "gethomepage.dev/pod-selector" = "" - "gethomepage.dev/widget.key" = var.homepage_token + "gethomepage.dev/enabled" = "true" + "gethomepage.dev/description" = "Photos library" + "gethomepage.dev/icon" = "immich.png" + "gethomepage.dev/name" = "Immich" + "gethomepage.dev/widget.type" = "immich" + "gethomepage.dev/widget.url" = "https://immich.viktorbarzin.me" + "gethomepage.dev/pod-selector" = "" + "gethomepage.dev/widget.key" = var.homepage_token - # location ~* \.(png|jpg|jpeg|gif|webp|svg)$ { - # expires 1M; - # add_header Cache-Control "public, max-age=31536000, immutable"; - # } - "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF + # location ~* \.(png|jpg|jpeg|gif|webp|svg)$ { + # expires 1M; + # add_header Cache-Control "public, max-age=31536000, immutable"; + # } + "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF proxy_cache static-cache; proxy_cache_valid 404 1m; proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504; proxy_cache_bypass $http_x_purge; add_header X-Cache-Status $upstream_cache_status; EOF - } - } - - spec { - tls { - hosts = ["immich.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "immich.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - # name = "immich-proxy" - name = "immich-server" # after v1.88 - port { - # number = 8080 - # number = 3001 - number = 2283 - } - } - } - } - } - } - } -} -resource "kubernetes_ingress_v1" "photos" { - metadata { - name = "photos" - namespace = "immich" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m" - } - } - - spec { - tls { - hosts = ["photos.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "photos.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - # name = "immich-proxy" - name = "immich-server" # after v1.88 - port { - # number = 8080 - number = 3001 - } - } - } - } - } - } } } diff --git a/modules/kubernetes/ingress_factory/main.tf b/modules/kubernetes/ingress_factory/main.tf index f629611a..c205a02d 100644 --- a/modules/kubernetes/ingress_factory/main.tf +++ b/modules/kubernetes/ingress_factory/main.tf @@ -1,5 +1,13 @@ -variable "name" { type = string } // must match service name; translates to host +variable "name" { type = string } +variable "service_name" { + type = string + default = null # defaults to name +} +variable "host" { + type = string + default = null +} variable "namespace" { type = string } variable "external_name" { type = string @@ -87,7 +95,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { secret_name = var.tls_secret_name } rule { - host = "${var.name}.viktorbarzin.me" + host = "${var.host != null ? var.host : var.name}.viktorbarzin.me" http { dynamic "path" { # for_each = { for pr in var.ingress_path : pr => pr } @@ -98,7 +106,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { backend { service { - name = var.name + name = var.service_name != null ? var.service_name : var.name port { number = var.port } diff --git a/modules/kubernetes/jsoncrack/main.tf b/modules/kubernetes/jsoncrack/main.tf index 805811da..ee08b9f2 100644 --- a/modules/kubernetes/jsoncrack/main.tf +++ b/modules/kubernetes/jsoncrack/main.tf @@ -50,7 +50,7 @@ resource "kubernetes_deployment" "jsoncrack" { resource "kubernetes_service" "jsoncrack" { metadata { - name = "jsoncrack" + name = "json" namespace = "jsoncrack" labels = { "app" = "jsoncrack" @@ -70,37 +70,9 @@ resource "kubernetes_service" "jsoncrack" { } } - -resource "kubernetes_ingress_v1" "jsoncrack" { - metadata { - name = "jsoncrack" - namespace = "jsoncrack" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/proxy-body-size" : "100000m" - } - } - - spec { - tls { - hosts = ["json.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "json.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "jsoncrack" - port { - number = 8080 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "jsoncrack" + name = "json" + tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/k8s-dashboard/main.tf b/modules/kubernetes/k8s-dashboard/main.tf index ca98f94c..2aea1288 100644 --- a/modules/kubernetes/k8s-dashboard/main.tf +++ b/modules/kubernetes/k8s-dashboard/main.tf @@ -76,50 +76,17 @@ resource "helm_release" "kubernetes-dashboard" { # type = "kubernetes.io/service-account-token" # } -resource "kubernetes_ingress_v1" "kubernetes-dashboard" { - metadata { - name = "kubernetes-dashboard" - namespace = "kubernetes-dashboard" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/backend-protocol" = "HTTPS" - # "nginx.ingress.kubernetes.io/force-ssl-redirect" = "true" - # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" - # "nginx.ingress.kubernetes.io/auth-tls-secret" = var.client_certificate_secret_name - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - - "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" - } - } - - spec { - tls { - hosts = ["k8s.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "k8s.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "kubernetes-dashboard-kong-proxy" - port { - number = 443 - } - } - } - } - } - } - } - # depends_on = [module.dashboard] +module "ingress" { + source = "../ingress_factory" + namespace = "kubernetes-dashboard" + name = "kubernetes-dashboard" + service_name = "kubernetes-dashboard-kong-proxy" + host = "k8s" + tls_secret_name = var.tls_secret_name + protected = true + backend_protocol = "HTTPS" + port = 443 } # create token with diff --git a/modules/kubernetes/kms/main.tf b/modules/kubernetes/kms/main.tf index a71543ed..ebecd53d 100644 --- a/modules/kubernetes/kms/main.tf +++ b/modules/kubernetes/kms/main.tf @@ -91,7 +91,7 @@ resource "kubernetes_deployment" "kms-web-page" { resource "kubernetes_service" "kms-web-page" { metadata { - name = "kms-web-page" + name = "kms" namespace = "kms" labels = { "app" = "kms-web-page" @@ -109,37 +109,11 @@ resource "kubernetes_service" "kms-web-page" { } } -resource "kubernetes_ingress_v1" "kms-web-page" { - metadata { - name = "kms-web-page" - namespace = "kms" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - - spec { - tls { - hosts = ["kms.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "kms.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "kms-web-page" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "kms" + name = "kms" + tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "windows_kms" { diff --git a/modules/kubernetes/linkwarden/main.tf b/modules/kubernetes/linkwarden/main.tf index 8bda9174..b3dff47d 100644 --- a/modules/kubernetes/linkwarden/main.tf +++ b/modules/kubernetes/linkwarden/main.tf @@ -110,43 +110,10 @@ resource "kubernetes_service" "linkwarden" { } } } -resource "kubernetes_ingress_v1" "linkwarden" { - metadata { - name = "linkwarden" - namespace = "linkwarden" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - # "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - # "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - # "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" - "nginx.ingress.kubernetes.io/ssl-passthrough" : true - } - } - - spec { - tls { - hosts = ["linkwarden.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "linkwarden.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "linkwarden" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "linkwarden" + name = "linkwarden" + tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/mailserver/main.tf b/modules/kubernetes/mailserver/main.tf index ea8e4420..de9dd557 100644 --- a/modules/kubernetes/mailserver/main.tf +++ b/modules/kubernetes/mailserver/main.tf @@ -482,43 +482,12 @@ resource "kubernetes_service" "mailserver" { } } - -resource "kubernetes_ingress_v1" "roundcube" { - metadata { - name = "roundcube" - namespace = "mailserver" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" - } - } - - spec { - tls { - hosts = ["mail.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "mail.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "mailserver" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "mailserver" + name = "mail" + service_name = "mailserver" + tls_secret_name = var.tls_secret_name + protected = true } diff --git a/modules/kubernetes/matrix/main.tf b/modules/kubernetes/matrix/main.tf index 2e490b08..d7031ea3 100644 --- a/modules/kubernetes/matrix/main.tf +++ b/modules/kubernetes/matrix/main.tf @@ -89,36 +89,9 @@ resource "kubernetes_service" "matrix" { } } -resource "kubernetes_ingress_v1" "matrix" { - metadata { - name = "matrix" - namespace = "matrix" - - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - - spec { - tls { - hosts = ["matrix.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "matrix.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "matrix" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "matrix" + name = "matrix" + tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/meshcentral/main.tf b/modules/kubernetes/meshcentral/main.tf index afe77ea7..37bce988 100644 --- a/modules/kubernetes/meshcentral/main.tf +++ b/modules/kubernetes/meshcentral/main.tf @@ -132,46 +132,16 @@ resource "kubernetes_service" "meshcentral" { } port { name = "https" - port = "443" + port = 443 protocol = "TCP" } } } -resource "kubernetes_ingress_v1" "meshcentral" { - metadata { - name = "meshcentral" - namespace = "meshcentral" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/affinity" = "cookie" - "nginx.ingress.kubernetes.io/proxy-read-timeout" : "600s", - "nginx.ingress.kubernetes.io/proxy-send-timeout" : "600s", - "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "600s" - # "nginx.ingress.kubernetes.io/backend-protocol" = "HTTPS" - } - } - - spec { - tls { - hosts = ["meshcentral.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "meshcentral.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "meshcentral" - port { - number = 443 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "meshcentral" + name = "meshcentral" + tls_secret_name = var.tls_secret_name + port = 443 } diff --git a/modules/kubernetes/netbox/main.tf b/modules/kubernetes/netbox/main.tf index 0eef1fc4..4be28ee8 100644 --- a/modules/kubernetes/netbox/main.tf +++ b/modules/kubernetes/netbox/main.tf @@ -136,55 +136,10 @@ resource "kubernetes_service" "netbox" { } } } -resource "kubernetes_ingress_v1" "netbox" { - metadata { - name = "netbox" - namespace = "netbox" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m" - "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - } - } - - spec { - tls { - hosts = ["netbox.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "netbox.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "netbox" - port { - number = 80 - } - } - } - } - } - } - rule { - host = "books.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "netbox" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "netbox" + name = "netbox" + tls_secret_name = var.tls_secret_name + protected = true } - diff --git a/modules/kubernetes/nextcloud/main.tf b/modules/kubernetes/nextcloud/main.tf index 49bee1a6..5aa442b9 100644 --- a/modules/kubernetes/nextcloud/main.tf +++ b/modules/kubernetes/nextcloud/main.tf @@ -150,40 +150,14 @@ resource "kubernetes_persistent_volume_claim" "nextcloud-data-pvc" { } } -resource "kubernetes_ingress_v1" "nextcloud" { - metadata { - name = "nextcloud-ingress" - namespace = "nextcloud" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/client-max-body-size" : "0" - "nginx.ingress.kubernetes.io/proxy-body-size" : "0", - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - } - } - - spec { - tls { - hosts = ["nextcloud.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "nextcloud.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "nextcloud" - port { - number = 8080 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "nextcloud" + name = "nextcloud" + tls_secret_name = var.tls_secret_name + port = 8080 + extra_annotations = { + "nginx.ingress.kubernetes.io/client-max-body-size" : "0" + "nginx.ingress.kubernetes.io/proxy-body-size" : "0", } } - diff --git a/modules/kubernetes/ntfy/main.tf b/modules/kubernetes/ntfy/main.tf index d05a622e..a2e6fb9f 100644 --- a/modules/kubernetes/ntfy/main.tf +++ b/modules/kubernetes/ntfy/main.tf @@ -119,38 +119,10 @@ resource "kubernetes_service" "ntfy" { } } -resource "kubernetes_ingress_v1" "ntfy" { - metadata { - name = "ntfy" - namespace = "ntfy" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - } - } - - spec { - tls { - hosts = ["ntfy.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "ntfy.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "ntfy" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "ntfy" + name = "ntfy" + tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/ollama/main.tf b/modules/kubernetes/ollama/main.tf index 4feb2356..0d754e28 100644 --- a/modules/kubernetes/ollama/main.tf +++ b/modules/kubernetes/ollama/main.tf @@ -128,36 +128,10 @@ resource "kubernetes_service" "ollama-ui" { } } - -resource "kubernetes_ingress_v1" "ollama-ui" { - metadata { - name = "ollama" - namespace = "ollama" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - - spec { - tls { - hosts = ["ollama.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "ollama.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "ollama-ui" - port { - number = 8080 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "ollama" + name = "ollama" + tls_secret_name = var.tls_secret_name + port = 8080 } diff --git a/modules/kubernetes/owntracks/main.tf b/modules/kubernetes/owntracks/main.tf index e4bcba31..d589c75d 100644 --- a/modules/kubernetes/owntracks/main.tf +++ b/modules/kubernetes/owntracks/main.tf @@ -131,38 +131,15 @@ resource "kubernetes_service" "owntracks" { } } -resource "kubernetes_ingress_v1" "owntracks" { - metadata { - name = "owntracks" - namespace = "owntracks" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/auth-type" = "basic" # support only basic auth; can't use authentik - "nginx.ingress.kubernetes.io/auth-secret" = kubernetes_secret.basic_auth.metadata[0].name - "nginx.ingress.kubernetes.io/auth-realm" = "Authentication Required" - } - } - - spec { - tls { - hosts = ["owntracks.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "owntracks.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "owntracks" - port { - number = 443 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "owntracks" + name = "owntracks" + tls_secret_name = var.tls_secret_name + port = 443 + extra_annotations = { + "nginx.ingress.kubernetes.io/auth-type" = "basic" # support only basic auth; can't use authentik + "nginx.ingress.kubernetes.io/auth-secret" = kubernetes_secret.basic_auth.metadata[0].name + "nginx.ingress.kubernetes.io/auth-realm" = "Authentication Required" } } diff --git a/modules/kubernetes/paperless-ngx/main.tf b/modules/kubernetes/paperless-ngx/main.tf index 9259460c..40d91dc0 100644 --- a/modules/kubernetes/paperless-ngx/main.tf +++ b/modules/kubernetes/paperless-ngx/main.tf @@ -142,70 +142,33 @@ resource "kubernetes_service" "paperless-ngx" { } } +module "ingress" { + source = "../ingress_factory" + namespace = "paperless-ngx" + name = "paperless-ngx" + service_name = "paperless-ngx" + host = "pdf" + tls_secret_name = var.tls_secret_name + port = 8000 + extra_annotations = { + "nginx.ingress.kubernetes.io/proxy-body-size" : "0" + # see https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rate-limiting for all annotations + # "nginx.ingress.kubernetes.io/limit-rpm": "5" -resource "kubernetes_ingress_v1" "paperless-ngx" { - metadata { - name = "paperless-ngx" - namespace = "paperless-ngx" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/proxy-body-size" : "100000m" - # see https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rate-limiting for all annotations - # "nginx.ingress.kubernetes.io/limit-rpm": "5" - - "gethomepage.dev/enabled" = "true" - "gethomepage.dev/description" = "Document library" - # gethomepage.dev/group: Media - "gethomepage.dev/icon" : "paperless-ngx.png" - "gethomepage.dev/name" = "Paperless-ngx" - "gethomepage.dev/widget.type" = "paperlessngx" - "gethomepage.dev/widget.url" = "https://pdf.viktorbarzin.me" - # "gethomepage.dev/widget.token" = var.homepage_token - "gethomepage.dev/widget.username" = var.homepage_username - "gethomepage.dev/widget.password" = var.homepage_password - "gethomepage.dev/widget.fields" = "[\"total\"]" - "gethomepage.dev/pod-selector" = "" - # gethomepage.dev/weight: 10 # optional - # gethomepage.dev/instance: "public" # optional - } - } - - spec { - tls { - hosts = ["paperless-ngx.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "paperless-ngx.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "paperless-ngx" - port { - number = 8000 - } - } - } - } - } - } - rule { - host = "pdf.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "paperless-ngx" - port { - number = 8000 - } - } - } - } - } - } + "gethomepage.dev/enabled" = "true" + "gethomepage.dev/description" = "Document library" + # gethomepage.dev/group: Media + "gethomepage.dev/icon" : "paperless-ngx.png" + "gethomepage.dev/name" = "Paperless-ngx" + "gethomepage.dev/widget.type" = "paperlessngx" + "gethomepage.dev/widget.url" = "https://pdf.viktorbarzin.me" + # "gethomepage.dev/widget.token" = var.homepage_token + "gethomepage.dev/widget.username" = var.homepage_username + "gethomepage.dev/widget.password" = var.homepage_password + "gethomepage.dev/widget.fields" = "[\"total\"]" + "gethomepage.dev/pod-selector" = "" + # gethomepage.dev/weight: 10 # optional + # gethomepage.dev/instance: "public" # optional } } + diff --git a/modules/kubernetes/privatebin/main.tf b/modules/kubernetes/privatebin/main.tf index a21569fa..524c4d28 100644 --- a/modules/kubernetes/privatebin/main.tf +++ b/modules/kubernetes/privatebin/main.tf @@ -88,51 +88,10 @@ resource "kubernetes_service" "privatebin" { } } -resource "kubernetes_ingress_v1" "privatebin" { - metadata { - name = "privatebin-ingress" - namespace = "privatebin" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - - spec { - tls { - hosts = ["privatebin.viktorbarzin.me", "pb.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "privatebin.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "privatebin" - port { - number = 80 - } - } - } - } - } - } - rule { - host = "pb.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "privatebin" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "privatebin" + name = "privatebin" + host = "pb" + tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/redis/main.tf b/modules/kubernetes/redis/main.tf index c9a128ec..4cdd0982 100644 --- a/modules/kubernetes/redis/main.tf +++ b/modules/kubernetes/redis/main.tf @@ -86,43 +86,11 @@ resource "kubernetes_service" "redis" { } } } -resource "kubernetes_ingress_v1" "redis" { - metadata { - name = "redis" - namespace = "redis" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - - "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" - "nginx.ingress.kubernetes.io/ssl-passthrough" : true - } - } - - spec { - tls { - hosts = ["redis.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "redis.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "redis" - port { - number = 8001 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "redis" + name = "redis" + tls_secret_name = var.tls_secret_name + protected = true + port = 8001 } diff --git a/modules/kubernetes/send/main.tf b/modules/kubernetes/send/main.tf index 5f38d886..7a53004d 100644 --- a/modules/kubernetes/send/main.tf +++ b/modules/kubernetes/send/main.tf @@ -106,35 +106,14 @@ resource "kubernetes_service" "send" { } } } -resource "kubernetes_ingress_v1" "send" { - metadata { - name = "send" - namespace = "send" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - - spec { - tls { - hosts = ["send.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "send.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "send" - port { - number = 1443 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "send" + name = "send" + tls_secret_name = var.tls_secret_name + port = 1443 + extra_annotations = { + "nginx.ingress.kubernetes.io/client-max-body-size" : "0" + "nginx.ingress.kubernetes.io/proxy-body-size" : "0", } } diff --git a/modules/kubernetes/technitium/main.tf b/modules/kubernetes/technitium/main.tf index 82a4ab17..42453e20 100644 --- a/modules/kubernetes/technitium/main.tf +++ b/modules/kubernetes/technitium/main.tf @@ -39,7 +39,7 @@ resource "kubernetes_deployment" "technitium" { template { metadata { annotations = { - "diun.enable" = "true" + "diun.enable" = "true" # "diun.include_tags" = "^\\d+(?:\\.\\d+)?(?:\\.\\d+)?$" "diun.include_tags" = "latest" } @@ -159,93 +159,35 @@ resource "kubernetes_service" "technitium-dns" { } } } +module "ingress" { + source = "../ingress_factory" + namespace = "technitium" + name = "technitium" + tls_secret_name = var.tls_secret_name + port = 5380 + service_name = "technitium-web" + extra_annotations = { + "gethomepage.dev/enabled" = "true" + "gethomepage.dev/description" = "Internal DNS Server and Recursive Resolver" + # gethomepage.dev/group: Media + "gethomepage.dev/icon" : "technitium.png" + "gethomepage.dev/name" = "Technitium" + "gethomepage.dev/widget.type" = "technitium" + "gethomepage.dev/widget.url" = "http://technitium-web.technitium.svc.cluster.local:5380" + "gethomepage.dev/widget.key" = var.homepage_token -resource "kubernetes_ingress_v1" "technitium" { - metadata { - name = "technitium-ingress" - namespace = "technitium" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/affinity" = "cookie" - # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" - # "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" - - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - - "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" - - "gethomepage.dev/enabled" = "true" - "gethomepage.dev/description" = "Internal DNS Server and Recursive Resolver" - # gethomepage.dev/group: Media - "gethomepage.dev/icon" : "technitium.png" - "gethomepage.dev/name" = "Technitium" - "gethomepage.dev/widget.type" = "technitium" - "gethomepage.dev/widget.url" = "http://technitium-web.technitium.svc.cluster.local:5380" - "gethomepage.dev/widget.key" = var.homepage_token - - "gethomepage.dev/widget.range" = "LastWeek" - "gethomepage.dev/widget.fields" = "[\"totalQueries\", \"totalCached\", \"totalBlocked\", \"totalRecursive\"]" - "gethomepage.dev/pod-selector" = "" - } - } - - spec { - tls { - hosts = ["technitium.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "technitium.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "technitium-web" - port { - number = 5380 - } - } - } - } - } - } + "gethomepage.dev/widget.range" = "LastWeek" + "gethomepage.dev/widget.fields" = "[\"totalQueries\", \"totalCached\", \"totalBlocked\", \"totalRecursive\"]" + "gethomepage.dev/pod-selector" = "" } } -resource "kubernetes_ingress_v1" "technitium-doh" { - metadata { - name = "technitium-doh-ingress" - namespace = "technitium" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - - spec { - tls { - hosts = ["dns.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "dns.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "technitium-web" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress-doh" { + source = "../ingress_factory" + namespace = "technitium" + name = "technitium-doh" + tls_secret_name = var.tls_secret_name + host = "dns" + service_name = "technitium-web" } + diff --git a/modules/kubernetes/travel_blog/main.tf b/modules/kubernetes/travel_blog/main.tf index c8716105..e70faec1 100644 --- a/modules/kubernetes/travel_blog/main.tf +++ b/modules/kubernetes/travel_blog/main.tf @@ -105,35 +105,10 @@ resource "kubernetes_service" "travel-blog" { } } -resource "kubernetes_ingress_v1" "travel-blog" { - metadata { - name = "travel-blog-ingress" - namespace = "travel-blog" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - } - } - - spec { - tls { - hosts = ["travel.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "travel.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "travel-blog" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "travel-blog" + name = "travel" + tls_secret_name = var.tls_secret_name + service_name = "travel-blog" } diff --git a/modules/kubernetes/uptime-kuma/main.tf b/modules/kubernetes/uptime-kuma/main.tf index 703d17ac..e55e9f1e 100644 --- a/modules/kubernetes/uptime-kuma/main.tf +++ b/modules/kubernetes/uptime-kuma/main.tf @@ -89,49 +89,22 @@ resource "kubernetes_service" "uptime-kuma" { } } } -resource "kubernetes_ingress_v1" "uptime-kuma" { - metadata { - name = "uptime-kuma" - namespace = "uptime-kuma" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/affinity" = "cookie" - "nginx.ingress.kubernetes.io/affinity-mode" = "persistent" - "nginx.ingress.kubernetes.io/session-cookie-name" = "_sa_nginx" - "nginx.org/websocket-services" = "uptime-kuma" - - "gethomepage.dev/enabled" = "true" - "gethomepage.dev/description" = "Uptime monitor" - # gethomepage.dev/group: Media - "gethomepage.dev/icon" : "uptime-kuma.png" - "gethomepage.dev/name" = "Uptime Kuma" - "gethomepage.dev/widget.type" = "uptimekuma" - "gethomepage.dev/widget.url" = "https://uptime.viktorbarzin.me" - "gethomepage.dev/widget.slug" = "cluster-internal" - "gethomepage.dev/pod-selector" = "" - } - } - - spec { - tls { - hosts = ["uptime.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "uptime.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "uptime-kuma" - port { - number = 80 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "uptime-kuma" + name = "uptime" + tls_secret_name = var.tls_secret_name + service_name = "uptime-kuma" + extra_annotations = { + "nginx.org/websocket-services" = "uptime-kuma" + "gethomepage.dev/enabled" = "true" + "gethomepage.dev/description" = "Uptime monitor" + # gethomepage.dev/group: Media + "gethomepage.dev/icon" : "uptime-kuma.png" + "gethomepage.dev/name" = "Uptime Kuma" + "gethomepage.dev/widget.type" = "uptimekuma" + "gethomepage.dev/widget.url" = "https://uptime.viktorbarzin.me" + "gethomepage.dev/widget.slug" = "cluster-internal" + "gethomepage.dev/pod-selector" = "" } } diff --git a/modules/kubernetes/url-shortener/main.tf b/modules/kubernetes/url-shortener/main.tf index 2cb9bb08..d673d80b 100644 --- a/modules/kubernetes/url-shortener/main.tf +++ b/modules/kubernetes/url-shortener/main.tf @@ -170,45 +170,23 @@ resource "kubernetes_service" "shlink" { } } -resource "kubernetes_ingress_v1" "shlink" { - metadata { - name = "shlink-ingress" - namespace = "url" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/configuration-snippet" : <<-EOF +module "ingress" { + source = "../ingress_factory" + namespace = "url" + name = "url" + service_name = "shlink" + tls_secret_name = var.tls_secret_name + extra_annotations = { + "nginx.ingress.kubernetes.io/configuration-snippet" : <<-EOF more_set_headers "Host: $host"; more_set_headers "X-Real-IP: $remote_addr"; more_set_headers "X-Forwarded-For: $proxy_add_x_forwarded_for"; more_set_headers "X-Forwarded-Proto: $scheme"; EOF - } - } - - spec { - tls { - hosts = ["url.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "url.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "shlink" - port { - number = 80 - } - } - } - } - } - } } } + # Shlink web client resource "kubernetes_config_map" "shlink-web" { @@ -309,39 +287,11 @@ resource "kubernetes_service" "shlink-web" { } } -resource "kubernetes_ingress_v1" "shlink-web" { - metadata { - name = "shlink-web-ingress" - namespace = "url" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" - # "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" - "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - } - } - - spec { - tls { - hosts = ["shlink.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "shlink.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "shlink-web" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress-web" { + source = "../ingress_factory" + namespace = "url" + name = "shlink" + service_name = "shlink-web" + tls_secret_name = var.tls_secret_name + protected = true } diff --git a/modules/kubernetes/vaultwarden/main.tf b/modules/kubernetes/vaultwarden/main.tf index 570b241e..bbb9b4cf 100644 --- a/modules/kubernetes/vaultwarden/main.tf +++ b/modules/kubernetes/vaultwarden/main.tf @@ -122,40 +122,9 @@ resource "kubernetes_service" "vaultwarden" { } } -resource "kubernetes_ingress_v1" "vaultwarden" { - metadata { - name = "vaultwarden" - namespace = "vaultwarden" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/affinity" = "cookie" - # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" - # "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - } - } - - spec { - tls { - hosts = ["vaultwarden.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "vaultwarden.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "vaultwarden" - port { - number = 80 - } - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "vaultwarden" + name = "vaultwarden" + tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/youtube_dl/main.tf b/modules/kubernetes/youtube_dl/main.tf index b19834f6..ff84e5d6 100644 --- a/modules/kubernetes/youtube_dl/main.tf +++ b/modules/kubernetes/youtube_dl/main.tf @@ -115,42 +115,14 @@ resource "kubernetes_service" "ytdlp" { } } } -resource "kubernetes_ingress_v1" "ytdlp" { - metadata { - name = "ytdlp-ingress" - namespace = "ytdlp" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - "nginx.ingress.kubernetes.io/affinity" = "cookie" - "nginx.ingress.kubernetes.io/client-max-body-size" : "0" - "nginx.ingress.kubernetes.io/proxy-body-size" : "0", - # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" - # "nginx.ingress.kubernetes.io/auth-tls-secret" = "default/ca-secret" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - } - } - - spec { - tls { - hosts = ["yt.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "yt.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "ytdlp" - port { - number = 80 - } - } - } - } - } - } +module "ingress" { + source = "../ingress_factory" + namespace = "ytdlp" + name = "ytdlp" + tls_secret_name = var.tls_secret_name + host = "yt" + extra_annotations = { + "nginx.ingress.kubernetes.io/client-max-body-size" : "0" + "nginx.ingress.kubernetes.io/proxy-body-size" : "0", } } diff --git a/terraform.tfstate b/terraform.tfstate index dffeacd4..136f477e 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ diff --git a/terraform.tfvars b/terraform.tfvars index fa3fe417..67a629dd 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ