Merge pull request #47 from 3dwardch3ng/infra/ingress-nginx

Infra/ingress nginx

kubernetes/apps/cert-manager/cert-manager.yaml

@@ -35,7 +35,6 @@ spec:
     name: flux-system
   dependsOn:
     - name: cert-manager-secrets
-    - name: flux-system
   postBuild:
     substituteFrom:
       - kind: Secret

kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tcp-services
+  namespace: ingress-nginx
+data:
+  53: "adguard-home/adguard-home:53"
+  853: "adguard-home/adguard-home:853"
+  5443: "adguard-home/adguard-home:5443"
+  6060: "adguard-home/adguard-home:6060"
+  10080: "adguard-home/adguard-home:80"
+  10443: "adguard-home/adguard-home:443"
+  13000: "adguard-home/adguard-home::3000"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: udp-services
+  namespace: ingress-nginx
+data:
+  53: "adguard-home/adguard-home:53"
+  67: "adguard-home/adguard-home:67"
+  68: "adguard-home/adguard-home:68"
+  853: "adguard-home/adguard-home:853"
+  5443: "adguard-home/adguard-home:5443"
+  10443: "adguard-home/adguard-home:443"
+  13000: "adguard-home/adguard-home:3000"

kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml

@@ -0,0 +1,48 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: ingress-nginx-config
+  namespace: ingress-nginx
+spec:
+  interval: 1h
+  targetNamespace: ingress-nginx
+  path: ./kubernetes/infrastructure/ingress-nginx/config
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: ingress-nginx
+  namespace: ingress-nginx
+spec:
+  interval: 1h
+  targetNamespace: ingress-nginx
+  path: ./kubernetes/templates/apps/ingress-nginx
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: ingress-nginx-config
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: app-vars
+      - kind: ConfigMap
+        name: ingress-nginx-values
+  patches:
+    - target:
+        kind: Deployment
+        name: ingress-nginx-controller
+      patch: |
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --udp-services-configmap=$(POD_NAMESPACE)/udp-services

kubernetes/infrastructure/ingress-nginx/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ingress-nginx.yaml

kubernetes/infrastructure/ingress-nginx/values.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ingress-nginx-values
+  namespace: ingress-nginx
+data:
+  load_balancer_ip: "192.168.0.180"
+  use_geoip2: "false"
+  metrics_enabled: "true"

kubernetes/infrastructure/repositories/bitnami.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: bitnami
+  namespace: flux-system
+spec:
+  interval: 1h
+  type: oci
+  url: oci://registry-1.docker.io/bitnamicharts

kubernetes/infrastructure/repositories/bjw-s.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: bjw-s
+  namespace: flux-system
+spec:
+  interval: 1h
+  type: oci
+  url: oci://ghcr.io/bjw-s/helm

kubernetes/infrastructure/repositories/external-dns.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: external-dns
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://kubernetes-sigs.github.io/external-dns/

kubernetes/infrastructure/repositories/gabe565.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: gabe565
+  namespace: flux-system
+spec:
+  interval: 1h
+  type: oci
+  url: oci://ghcr.io/gabe565/charts

kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml

@@ -0,0 +1,13 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: home-cluster-ops-secrets
+  namespace: flux-system
+spec:
+  interval: 5m0s
+  ref:
+    branch: main
+  secretRef:
+    name: flux-system
+  timeout: 60s
+  url: https://github.com/3dwardch3ng/home-cluster-ops-secrets.git

kubernetes/infrastructure/repositories/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - repositories.yaml

kubernetes/infrastructure/repositories/prometheus-community.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: prometheus-community
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://prometheus-community.github.io/helm-charts

kubernetes/infrastructure/repositories/repositories.yaml

@@ -1,22 +1,10 @@
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: GitRepository
-metadata:
-  name: home-cluster-ops-secrets
-  namespace: flux-system
-spec:
-  interval: 10m0s
-  ref:
-    branch: main
-  secretRef:
-    name: flux-system
-  timeout: 60s
-  url: https://github.com/3dwardch3ng/home-cluster-ops-secrets.git
+
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: home-cluster-ops-secrets-repo
+  name: repositories
   namespace: flux-system
 spec:
   interval: 5m

kubernetes/templates/apps/ingress-nginx/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx

kubernetes/templates/apps/ingress-nginx/release.yaml

@@ -0,0 +1,98 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: ingress-nginx
+  namespace: ingress-nginx
+spec:
+  interval: 1h
+  driftDetection:
+    mode: enabled
+  chart:
+    spec:
+      chart: ingress-nginx
+      version: 4.10.1
+      sourceRef:
+        kind: HelmRepository
+        namespace: ingress-nginx
+        name: ingress-nginx
+      interval: 1h
+  values:
+    rbac:
+      create: true
+
+    controller:
+      priorityClassName: system-cluster-critical
+
+      extraArgs:
+        update-status-on-shutdown: "false"
+
+      podLabels:
+        rpi5.cluster.policy/egress-kubeapi: "true"
+        rpi5.cluster.policy/egress-namespace: "true"
+        rpi5.cluster.policy/egress-world-with-lan: "true"
+        rpi5.cluster.policy/ingress-nodes: "true"
+        rpi5.cluster.policy/ingress-prometheus: "true"
+        rpi5.cluster.policy/ingress-world: "true"
+
+      allowSnippetAnnotations: true
+
+      maxmindLicenseKey: ${geoip_license_key}
+
+      config:
+        proxy-buffer-size: 16k
+        use-gzip: ${use_gzip:=true}
+        enable-brotli: ${enable_brotli:=true}
+        hsts-max-age: ${hsts_max_age:=31536000}
+        hsts-preload: ${hsts_preload:=true}
+        disable-ipv6: ${disable_ipv6:=true}
+        disable-ipv6-dns: ${disable_ipv6_dns:=true}
+        keep-alive-requests: ${keep_alive_requests:=1000}
+        use-geoip2: ${use_geoip2:=true}
+        custom-http-errors: 401,403,404,500,501,502,503,504
+
+      extraEnvs:
+        - name: TZ
+          value: Australia/Sydney
+
+      addHeaders:
+        Referrer-Policy: same-origin, strict-origin-when-cross-origin
+        X-Content-Type-Options: nosniff
+        X-Frame-Options: SAMEORIGIN
+        X-XSS-Protection: 1; mode=block
+
+      ingressClassResource:
+        default: true
+
+      service:
+        externalTrafficPolicy: Local
+        loadBalancerIP: ${load_balancer_ip}
+        ipFamilyPolicy: PreferDualStack
+
+      metrics:
+        enabled: ${metrics_enabled:=false}
+        serviceMonitor:
+          enabled: ${metrics_enabled:=false}
+          scrapeInterval: 1m
+
+      admissionWebhooks:
+        labels:
+          rpi5.cluster.policy/egress-kubeapi: "true"
+        patch:
+          labels:
+            rpi5.cluster.policy/egress-kubeapi: "true"
+
+    defaultBackend:
+      enabled: true
+      image:
+        repository: ghcr.io/tarampampam/error-pages
+        tag: 2.27.0@sha256:40e2631173b1a407c18fe7d1ba8104d995cf9e4780d123eeadfa1d57c68eaf4f
+        pullPolicy: IfNotPresent
+      extraEnvs:
+        - name: TEMPLATE_NAME
+          value: connection
+        - name: SHOW_DETAILS
+          value: "true"
+        - name: READ_BUFFER_SIZE
+          value: "8192"
+      podLabels:
+        rpi5.cluster.policy/ingress-namespace: "true"

kubernetes/templates/apps/ingress-nginx/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: ingress-nginx
+  namespace: ingress-nginx
+spec:
+  interval: 1h
+  url: https://kubernetes.github.io/ingress-nginx