From 8de7bc992034bddc58eb97bfdb9f856b9084c2a1 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Tue, 18 Jun 2024 10:17:44 +1000 Subject: [PATCH] expose TCP and UDP services of adguard home via ingress-nginx --- .../ingress-nginx/app/release.yaml | 4 +- .../config/ingress-configmap.yaml | 50 +++++++-------- .../ingress-nginx/ingress-nginx.yaml | 62 ++++++++++++++++++- 3 files changed, 83 insertions(+), 33 deletions(-) diff --git a/kubernetes/infrastructure/ingress-nginx/app/release.yaml b/kubernetes/infrastructure/ingress-nginx/app/release.yaml index 83ca164..14c2199 100644 --- a/kubernetes/infrastructure/ingress-nginx/app/release.yaml +++ b/kubernetes/infrastructure/ingress-nginx/app/release.yaml @@ -25,8 +25,8 @@ spec: extraArgs: update-status-on-shutdown: "false" -# tcp-services-configmap: "ingress-nginx/tcp-services" -# udp-services-configmap: "ingress-nginx/udp-services" + tcp-services-configmap: "ingress-nginx/tcp-services" + udp-services-configmap: "ingress-nginx/udp-services" podLabels: rpi5.cluster.policy/egress-kubeapi: "true" diff --git a/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml index 2f8238b..cb357f9 100644 --- a/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml +++ b/kubernetes/infrastructure/ingress-nginx/config/ingress-configmap.yaml @@ -1,28 +1,22 @@ -#apiVersion: v1 -#kind: ConfigMap -#metadata: -# name: tcp-services -# namespace: ingress-nginx -#data: -# "53": "adguard-home/adguard-home:53" -# "853": "adguard-home/adguard-home:853" -# "5443": "adguard-home/adguard-home:5443" -# "6060": "adguard-home/adguard-home:6060" -# "9099": "flux-system/capacitor:9000" -# "10080": "adguard-home/adguard-home:80" -# "10443": "adguard-home/adguard-home:443" -# "13000": "adguard-home/adguard-home::3000" -#--- -#apiVersion: v1 -#kind: ConfigMap -#metadata: -# name: udp-services -# namespace: ingress-nginx -#data: -# "53": "adguard-home/adguard-home:53" -# "67": "adguard-home/adguard-home:67" -# "68": "adguard-home/adguard-home:68" -# "853": "adguard-home/adguard-home:853" -# "5443": "adguard-home/adguard-home:5443" -# "10443": "adguard-home/adguard-home:443" -# "13000": "adguard-home/adguard-home:3000" +apiVersion: v1 +kind: ConfigMap +metadata: + name: tcp-services + namespace: ingress-nginx +data: + "53": "flux-system/adguard-home:53" + "853": "flux-system/adguard-home:853" + "5443": "flux-system/adguard-home:5443" + "6060": "flux-system/adguard-home:6060" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: udp-services + namespace: ingress-nginx +data: + "53": "flux-system/adguard-home:53" + "67": "flux-system/adguard-home:67" + "68": "flux-system/adguard-home:68" + "853": "flux-system/adguard-home:853" + "5443": "flux-system/adguard-home:5443" diff --git a/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml b/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml index 001c917..e3ce6e0 100644 --- a/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml +++ b/kubernetes/infrastructure/ingress-nginx/ingress-nginx.yaml @@ -29,7 +29,63 @@ spec: - op: add path: /spec/ports/- value: - name: proxied-tcp-9099 - port: 9099 - targetPort: 9099 + name: dns-tcp + port: 53 + targetPort: 53 + protocol: TCP + - op: add + path: /spec/ports/- + value: + name: dns-udp + port: 53 + targetPort: 53 + protocol: UDP + - op: add + path: /spec/ports/- + value: + name: dhcps-udp + port: 67 + targetPort: 67 + protocol: UDP + - op: add + path: /spec/ports/- + value: + name: dhcpc-udp + port: 68 + targetPort: 68 + protocol: UDP + - op: add + path: /spec/ports/- + value: + name: dns-tls-tcp + port: 853 + targetPort: 853 + protocol: TCP + - op: add + path: /spec/ports/- + value: + name: dns-tls-udp + port: 853 + targetPort: 853 + protocol: UDP + - op: add + path: /spec/ports/- + value: + name: dnscrypt-tcp + port: 5443 + targetPort: 5443 + protocol: TCP + - op: add + path: /spec/ports/- + value: + name: dnscrypt-udp + port: 5443 + targetPort: 5443 + protocol: UDP + - op: add + path: /spec/ports/- + value: + name: https-pprof + port: 6060 + targetPort: 6060 protocol: TCP