add ingress-nginx app

kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tcp-services
+  namespace: ingress-nginx
+data:
+  53: "adguard-home/adguard-home:53"
+  853: "adguard-home/adguard-home:853"
+  5443: "adguard-home/adguard-home:5443"
+  6060: "adguard-home/adguard-home:6060"
+  10080: "adguard-home/adguard-home:80"
+  10443: "adguard-home/adguard-home:443"
+  13000: "adguard-home/adguard-home::3000"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: udp-services
+  namespace: ingress-nginx
+data:
+  53: "adguard-home/adguard-home:53"
+  67: "adguard-home/adguard-home:67"
+  68: "adguard-home/adguard-home:68"
+  853: "adguard-home/adguard-home:853"
+  5443: "adguard-home/adguard-home:5443"
+  10443: "adguard-home/adguard-home:443"
+  13000: "adguard-home/adguard-home:3000"

kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml

@@ -0,0 +1,48 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: ingress-nginx-config
+  namespace: ingress-nginx
+spec:
+  interval: 1h
+  targetNamespace: ingress-nginx
+  path: ./kubernetes/infrastructure/ingress-nginx/config
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: ingress-nginx
+  namespace: ingress-nginx
+spec:
+  interval: 1h
+  targetNamespace: ingress-nginx
+  path: ./kubernetes/templates/apps/ingress-nginx
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    namespace: flux-system
+    name: flux-system
+  dependsOn:
+    - name: ingress-nginx-config
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: app-vars
+      - kind: ConfigMap
+        name: ingress-nginx-values
+  patches:
+    - target:
+        kind: Deployment
+        name: ingress-nginx-controller
+      patch: |
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
+        - op: add
+          path: /spec/template/spec/containers/0/args/-
+          value: --udp-services-configmap=$(POD_NAMESPACE)/udp-services

kubernetes/infrastructure/ingress-nginx/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ingress-nginx.yaml

kubernetes/infrastructure/ingress-nginx/values.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ingress-nginx-values
+  namespace: ingress-nginx
+data:
+  load_balancer_ip: "192.168.0.180"
+  use_geoip2: "false"
+  metrics_enabled: "true"

kubernetes/templates/apps/ingress-nginx/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx

kubernetes/templates/apps/ingress-nginx/release.yaml

@@ -0,0 +1,98 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: ingress-nginx
+  namespace: ingress-nginx
+spec:
+  interval: 1h
+  driftDetection:
+    mode: enabled
+  chart:
+    spec:
+      chart: ingress-nginx
+      version: 4.10.1
+      sourceRef:
+        kind: HelmRepository
+        namespace: ingress-nginx
+        name: ingress-nginx
+      interval: 1h
+  values:
+    rbac:
+      create: true
+
+    controller:
+      priorityClassName: system-cluster-critical
+
+      extraArgs:
+        update-status-on-shutdown: "false"
+
+      podLabels:
+        rpi5.cluster.policy/egress-kubeapi: "true"
+        rpi5.cluster.policy/egress-namespace: "true"
+        rpi5.cluster.policy/egress-world-with-lan: "true"
+        rpi5.cluster.policy/ingress-nodes: "true"
+        rpi5.cluster.policy/ingress-prometheus: "true"
+        rpi5.cluster.policy/ingress-world: "true"
+
+      allowSnippetAnnotations: true
+
+      maxmindLicenseKey: ${geoip_license_key}
+
+      config:
+        proxy-buffer-size: 16k
+        use-gzip: ${use_gzip:=true}
+        enable-brotli: ${enable_brotli:=true}
+        hsts-max-age: ${hsts_max_age:=31536000}
+        hsts-preload: ${hsts_preload:=true}
+        disable-ipv6: ${disable_ipv6:=true}
+        disable-ipv6-dns: ${disable_ipv6_dns:=true}
+        keep-alive-requests: ${keep_alive_requests:=1000}
+        use-geoip2: ${use_geoip2:=true}
+        custom-http-errors: 401,403,404,500,501,502,503,504
+
+      extraEnvs:
+        - name: TZ
+          value: Australia/Sydney
+
+      addHeaders:
+        Referrer-Policy: same-origin, strict-origin-when-cross-origin
+        X-Content-Type-Options: nosniff
+        X-Frame-Options: SAMEORIGIN
+        X-XSS-Protection: 1; mode=block
+
+      ingressClassResource:
+        default: true
+
+      service:
+        externalTrafficPolicy: Local
+        loadBalancerIP: ${load_balancer_ip}
+        ipFamilyPolicy: PreferDualStack
+
+      metrics:
+        enabled: ${metrics_enabled:=false}
+        serviceMonitor:
+          enabled: ${metrics_enabled:=false}
+          scrapeInterval: 1m
+
+      admissionWebhooks:
+        labels:
+          rpi5.cluster.policy/egress-kubeapi: "true"
+        patch:
+          labels:
+            rpi5.cluster.policy/egress-kubeapi: "true"
+
+    defaultBackend:
+      enabled: true
+      image:
+        repository: ghcr.io/tarampampam/error-pages
+        tag: 2.27.0@sha256:40e2631173b1a407c18fe7d1ba8104d995cf9e4780d123eeadfa1d57c68eaf4f
+        pullPolicy: IfNotPresent
+      extraEnvs:
+        - name: TEMPLATE_NAME
+          value: connection
+        - name: SHOW_DETAILS
+          value: "true"
+        - name: READ_BUFFER_SIZE
+          value: "8192"
+      podLabels:
+        rpi5.cluster.policy/ingress-namespace: "true"

kubernetes/templates/apps/ingress-nginx/repository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: ingress-nginx
+  namespace: ingress-nginx
+spec:
+  interval: 1h
+  url: https://kubernetes.github.io/ingress-nginx