K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #47 from 3dwardch3ng/infra/ingress-nginx

Browse Source 
Infra/ingress nginx
This commit is contained in:
Edward Cheng
2024-06-11 02:30:46 +10:00
committed by GitHub
parent 72c86ab07b 2b11a2eec7
commit 096eeb7389
18 changed files with 260 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
kubernetes/apps/cert-manager/cert-manager.yaml
View File

@@ -35,7 +35,6 @@ spec:
name: flux-system name: flux-system
dependsOn: dependsOn:
- name: cert-manager-secrets - name: cert-manager-secrets
- name: flux-system
postBuild: postBuild:
substituteFrom: substituteFrom:
- kind: Secret - kind: Secret

27
kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
53: "adguard-home/adguard-home:53"
853: "adguard-home/adguard-home:853"
5443: "adguard-home/adguard-home:5443"
6060: "adguard-home/adguard-home:6060"
10080: "adguard-home/adguard-home:80"
10443: "adguard-home/adguard-home:443"
13000: "adguard-home/adguard-home::3000"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: udp-services
namespace: ingress-nginx
data:
53: "adguard-home/adguard-home:53"
67: "adguard-home/adguard-home:67"
68: "adguard-home/adguard-home:68"
853: "adguard-home/adguard-home:853"
5443: "adguard-home/adguard-home:5443"
10443: "adguard-home/adguard-home:443"
13000: "adguard-home/adguard-home:3000"

48
kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml Normal file
View File

@@ -0,0 +1,48 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: ingress-nginx-config
namespace: ingress-nginx
spec:
interval: 1h
targetNamespace: ingress-nginx
path: ./kubernetes/infrastructure/ingress-nginx/config
prune: true
sourceRef:
kind: GitRepository
namespace: flux-system
name: flux-system
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
interval: 1h
targetNamespace: ingress-nginx
path: ./kubernetes/templates/apps/ingress-nginx
prune: true
sourceRef:
kind: GitRepository
namespace: flux-system
name: flux-system
dependsOn:
- name: ingress-nginx-config
postBuild:
substituteFrom:
- kind: Secret
name: app-vars
- kind: ConfigMap
name: ingress-nginx-values
patches:
- target:
kind: Deployment
name: ingress-nginx-controller
patch: |
- op: add
path: /spec/template/spec/containers/0/args/-
value: --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- op: add
path: /spec/template/spec/containers/0/args/-
value: --udp-services-configmap=$(POD_NAMESPACE)/udp-services

4
kubernetes/infrastructure/ingress-nginx/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ingress-nginx.yaml

9
kubernetes/infrastructure/ingress-nginx/values.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-nginx-values
namespace: ingress-nginx
data:
load_balancer_ip: "192.168.0.180"
use_geoip2: "false"
metrics_enabled: "true"

9
kubernetes/infrastructure/repositories/bitnami.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: bitnami
namespace: flux-system
spec:
interval: 1h
type: oci
url: oci://registry-1.docker.io/bitnamicharts

9
kubernetes/infrastructure/repositories/bjw-s.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: bjw-s
namespace: flux-system
spec:
interval: 1h
type: oci
url: oci://ghcr.io/bjw-s/helm

8
kubernetes/infrastructure/repositories/external-dns.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: external-dns
namespace: flux-system
spec:
interval: 1h
url: https://kubernetes-sigs.github.io/external-dns/

9
kubernetes/infrastructure/repositories/gabe565.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: gabe565
namespace: flux-system
spec:
interval: 1h
type: oci
url: oci://ghcr.io/gabe565/charts

13
kubernetes/infrastructure/repositories/home-cluster-ops-secrets.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: home-cluster-ops-secrets
namespace: flux-system
spec:
interval: 5m0s
ref:
branch: main
secretRef:
name: flux-system
timeout: 60s
url: https://github.com/3dwardch3ng/home-cluster-ops-secrets.git

4
kubernetes/infrastructure/repositories/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- repositories.yaml

8
kubernetes/infrastructure/repositories/prometheus-community.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: prometheus-community
namespace: flux-system
spec:
interval: 1h
url: https://prometheus-community.github.io/helm-charts

16
kubernetes/infrastructure/repositories/repositories.yaml
View File

@@ -1,22 +1,10 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: home-cluster-ops-secrets
namespace: flux-system
spec:
interval: 10m0s
ref:
branch: main
secretRef:
name: flux-system
timeout: 60s
url: https://github.com/3dwardch3ng/home-cluster-ops-secrets.git
--- ---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/gitrepository_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1 apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization kind: Kustomization
metadata: metadata:
name: home-cluster-ops-secrets-repo name: repositories
namespace: flux-system namespace: flux-system
spec: spec:
interval: 5m interval: 5m

0
kubernetes/templates/apps/cert-manager/app/helmrelease.yaml → kubernetes/templates/apps/cert-manager/app/release.yaml
View File

0
kubernetes/templates/apps/cert-manager/app/helmrepository.yaml → kubernetes/templates/apps/cert-manager/app/repository.yaml
View File

4
kubernetes/templates/apps/ingress-nginx/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx

98
kubernetes/templates/apps/ingress-nginx/release.yaml Normal file
View File

@@ -0,0 +1,98 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
interval: 1h
driftDetection:
mode: enabled
chart:
spec:
chart: ingress-nginx
version: 4.10.1
sourceRef:
kind: HelmRepository
namespace: ingress-nginx
name: ingress-nginx
interval: 1h
values:
rbac:
create: true
controller:
priorityClassName: system-cluster-critical
extraArgs:
update-status-on-shutdown: "false"
podLabels:
rpi5.cluster.policy/egress-kubeapi: "true"
rpi5.cluster.policy/egress-namespace: "true"
rpi5.cluster.policy/egress-world-with-lan: "true"
rpi5.cluster.policy/ingress-nodes: "true"
rpi5.cluster.policy/ingress-prometheus: "true"
rpi5.cluster.policy/ingress-world: "true"
allowSnippetAnnotations: true
maxmindLicenseKey: ${geoip_license_key}
config:
proxy-buffer-size: 16k
use-gzip: ${use_gzip:=true}
enable-brotli: ${enable_brotli:=true}
hsts-max-age: ${hsts_max_age:=31536000}
hsts-preload: ${hsts_preload:=true}
disable-ipv6: ${disable_ipv6:=true}
disable-ipv6-dns: ${disable_ipv6_dns:=true}
keep-alive-requests: ${keep_alive_requests:=1000}
use-geoip2: ${use_geoip2:=true}
custom-http-errors: 401,403,404,500,501,502,503,504
extraEnvs:
- name: TZ
value: Australia/Sydney
addHeaders:
Referrer-Policy: same-origin, strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
ingressClassResource:
default: true
service:
externalTrafficPolicy: Local
loadBalancerIP: ${load_balancer_ip}
ipFamilyPolicy: PreferDualStack
metrics:
enabled: ${metrics_enabled:=false}
serviceMonitor:
enabled: ${metrics_enabled:=false}
scrapeInterval: 1m
admissionWebhooks:
labels:
rpi5.cluster.policy/egress-kubeapi: "true"
patch:
labels:
rpi5.cluster.policy/egress-kubeapi: "true"
defaultBackend:
enabled: true
image:
repository: ghcr.io/tarampampam/error-pages
tag: 2.27.0@sha256:40e2631173b1a407c18fe7d1ba8104d995cf9e4780d123eeadfa1d57c68eaf4f
pullPolicy: IfNotPresent
extraEnvs:
- name: TEMPLATE_NAME
value: connection
- name: SHOW_DETAILS
value: "true"
- name: READ_BUFFER_SIZE
value: "8192"
podLabels:
rpi5.cluster.policy/ingress-namespace: "true"

8
kubernetes/templates/apps/ingress-nginx/repository.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
interval: 1h
url: https://kubernetes.github.io/ingress-nginx