Skip to content

Commit

Permalink
feat(networking): bring back nginx
Browse files Browse the repository at this point in the history
Signed-off-by: Steven Kreitzer <[email protected]>
  • Loading branch information
buroa committed Jan 18, 2024
1 parent 2d3fb16 commit a70abfe
Show file tree
Hide file tree
Showing 51 changed files with 330 additions and 61 deletions.
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,10 +58,11 @@ This semi hyper-converged cluster runs [Talos Linux](https://github.com/siderola

- [actions-runner-controller](https://github.com/actions/actions-runner-controller): Self-hosted Github runners.
- [cert-manager](https://github.com/cert-manager/cert-manager): Creates SSL certificates for services in my cluster.
- [cilium](https://github.com/cilium/cilium): Internal Kubernetes container networking interface & ingress controller.
- [cloudflared](https://github.com/cloudflare/cloudflared): Provides Cloudflare secure access to my ingresses.
- [cilium](https://github.com/cilium/cilium): Internal Kubernetes container networking interface.
- [cloudflared](https://github.com/cloudflare/cloudflared): Enables Cloudflare secure access to my ingresses.
- [external-dns](https://github.com/kubernetes-sigs/external-dns): Automatically syncs ingress DNS records to a DNS provider.
- [external-secrets](https://github.com/external-secrets/external-secrets): Managed Kubernetes secrets using [1Password Connect](https://github.com/1Password/connect).
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx): Kubernetes ingress controller using NGINX as a reverse proxy and load balancer.
- [multus](https://github.com/k8snetworkplumbingwg/multus-cni): Multi-homed pod networking.
- [rook](https://github.com/rook/rook): Distributed block storage for peristent storage.
- [sops](https://github.com/getsops/sops): Managed secrets for Kubernetes and Terraform which are commited to Git.
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/default/kromgo/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: external
annotations:
gatus.io/enabled: "true"
gatus.io/status-code: "404"
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/default/libreddit/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: external
annotations:
gatus.io/enabled: "true"
gatus.io/path: *path
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/default/nostr-relay/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: external
annotations:
gatus.io/enabled: "true"
hajimari.io/enable: "false"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ metadata:
hajimari.io/enable: "false"
external-dns.alpha.kubernetes.io/target: external.${PUBLIC_DOMAIN}
spec:
ingressClassName: cilium
ingressClassName: external
rules:
- host: &host flux-webhook.${PUBLIC_DOMAIN}
http:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ spec:
username: admin
ingress:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: simple-icons:flux
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/home/atuin/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/enable: "false"
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/home/hajimari/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ spec:
ingress:
main:
enabled: true
ingressClassName: cilium
ingressClassName: internal
annotations:
hajimari.io/enable: "false"
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/home/home-assistant/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:home-assistant
hajimari.io/url: https://hass.${PUBLIC_DOMAIN}
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/home/miniflux/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: external
annotations:
gatus.io/enabled: "true"
gatus.io/path: *path
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/home/node-red/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: cib:node-red
hajimari.io/url: https://nr.${PUBLIC_DOMAIN}
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/home/thelounge/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:forum
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/home/zigbee2mqtt/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:zigbee
hajimari.io/url: https://zigbee.${PUBLIC_DOMAIN}
Expand Down
12 changes: 1 addition & 11 deletions kubernetes/apps/kube-system/cilium/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -78,24 +78,14 @@ spec:
rollOutPods: true
ingress:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: simple-icons:cilium
hosts:
- &host hubble.${PUBLIC_DOMAIN}
tls:
- hosts:
- *host
ingressController:
enabled: true
defaultSecretNamespace: kube-system
defaultSecretName: ingress-tls
loadbalancerMode: shared
service:
annotations:
io.cilium/lb-ipam-ips: ${INGRESS_LB_IP}
labels:
io.cilium/lb-ipam-layer2: "true"
ipam:
mode: kubernetes
ipv4NativeRoutingCIDR: ${CLUSTER_POD_IP_CIDR}
Expand Down
1 change: 0 additions & 1 deletion kubernetes/apps/kube-system/cilium/app/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./certificate.yaml
- ./helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/enable: "false"
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/media/autobrr/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:bunny
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/media/bazarr/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:subtitles-outline
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/media/overseerr/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: external
annotations:
gatus.io/enabled: "true"
gatus.io/path: *path
Expand Down
3 changes: 2 additions & 1 deletion kubernetes/apps/media/plex/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,12 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: external
annotations:
gatus.io/enabled: "true"
gatus.io/path: *path
hajimari.io/icon: mdi:plex
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
external-dns.alpha.kubernetes.io/target: external.${PUBLIC_DOMAIN}
hosts:
- host: &host "{{ .Release.Name }}.${PUBLIC_DOMAIN}"
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/media/prowlarr/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:movie-search
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/media/qbittorrent/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:seedling
hajimari.io/url: https://qb.${PUBLIC_DOMAIN}
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/media/radarr/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:filmstrip
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/media/sabnzbd/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:download
hajimari.io/url: https://sab.${PUBLIC_DOMAIN}
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/media/sonarr/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:television-classic
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/media/tautulli/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: external
annotations:
gatus.io/enabled: "true"
gatus.io/path: *path
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ spec:
pspEnabled: false
ingress:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/enable: "false"
hosts:
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/monitoring/gatus/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: external
annotations:
gatus.io/enabled: "true"
gatus.io/path: *path
Expand Down
17 changes: 16 additions & 1 deletion kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,14 @@ spec:
editable: true
options:
path: /var/lib/grafana/dashboards/kubernetes
- name: nginx
orgId: 1
folder: Nginx
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/nginx
- name: blocky
orgId: 1
folder: Blocky
Expand Down Expand Up @@ -309,6 +317,13 @@ spec:
gnetId: 11454
revision: 14
datasource: Prometheus
nginx:
nginx:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/nginx.json
datasource: Prometheus
nginx-request-handling-performance:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/request-handling-performance.json
datasource: Prometheus
blocky:
blocky:
# renovate: depName="blocky"
Expand Down Expand Up @@ -420,7 +435,7 @@ spec:
enabled: true
ingress:
enabled: true
ingressClassName: cilium
ingressClassName: internal
annotations:
hajimari.io/appName: Grafana
hajimari.io/icon: simple-icons:grafana
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/monitoring/karma/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/icon: mdi:recycle
hosts:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
alertmanager:
ingress:
enabled: true
ingressClassName: cilium
ingressClassName: internal
annotations:
hajimari.io/appName: Alertmanager
hajimari.io/icon: fluent:alert-16-filled
Expand Down Expand Up @@ -80,7 +80,7 @@ spec:
prometheus:
ingress:
enabled: true
ingressClassName: cilium
ingressClassName: internal
annotations:
hajimari.io/appName: Prometheus
hajimari.io/icon: simple-icons:prometheus
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/monitoring/thanos/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ spec:
ingress:
enabled: true
hostname: &host thanos.${PUBLIC_DOMAIN}
ingressClassName: cilium
ingressClassName: internal
annotations:
hajimari.io/appName: Thanos
hajimari.io/icon: material-symbols:health-metrics
Expand Down
2 changes: 1 addition & 1 deletion kubernetes/apps/networking/blocky/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: internal
annotations:
hajimari.io/enable: "false"
hosts:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
---
originRequest:
autoOriginServerName: true # Ref: https://github.com/cloudflare/cloudflared/pull/1160

ingress:
- hostname: ${PUBLIC_DOMAIN}
service: https://cilium-ingress.kube-system.svc.cluster.local:443
service: https://nginx-external-controller.networking.svc.cluster.local:443
- hostname: "*.${PUBLIC_DOMAIN}"
service: https://cilium-ingress.kube-system.svc.cluster.local:443
service: https://nginx-external-controller.networking.svc.cluster.local:443
- service: http_status:404
5 changes: 2 additions & 3 deletions kubernetes/apps/networking/cloudflared/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,8 @@ spec:
containers:
main:
image:
# TODO: move to semver once available
repository: ghcr.io/buroa/cloudflared
tag: develop@sha256:3d101d8e548135d1e416fc9ed43971feb3022300cd1f683070a61fd9e8506269
repository: docker.io/cloudflare/cloudflared
tag: 2024.1.3@sha256:8124930145ba79535f2a9fb83bb9fb0abbeb8fdab94f4d72ae34deeeaee8774d
args:
- tunnel
- --config
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ spec:
ingress:
main:
enabled: true
className: cilium
className: external
annotations:
gatus.io/enabled: "true"
hajimari.io/enable: "false"
Expand Down
Loading

0 comments on commit a70abfe

Please sign in to comment.