Skip to content

Commit

Permalink
chore(networking): good bye nginx
Browse files Browse the repository at this point in the history
  • Loading branch information
buroa committed Jan 18, 2024
1 parent 627c8e0 commit f6305be
Show file tree
Hide file tree
Showing 6 changed files with 3 additions and 37 deletions.
9 changes: 3 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,11 @@ This semi hyper-converged cluster runs [Talos Linux](https://github.com/siderola
### Core Components

- [actions-runner-controller](https://github.com/actions/actions-runner-controller): Self-hosted Github runners.
- [cilium](https://github.com/cilium/cilium): Internal Kubernetes networking plugin.
- [cert-manager](https://github.com/cert-manager/cert-manager): Creates SSL certificates for services in my Kubernetes cluster.
- [cert-manager](https://github.com/cert-manager/cert-manager): Creates SSL certificates for services in my cluster.
- [cilium](https://github.com/cilium/cilium): Internal Kubernetes container networking interface & ingress controller.
- [cloudflared](https://github.com/cloudflare/cloudflared): Provides a [secure tunnel](https://www.cloudflare.com/products/tunnel) for Cloudflare to ingress into my cluster.
- [external-dns](https://github.com/kubernetes-sigs/external-dns): Automatically syncs DNS records from my cluster ingresses to a DNS provider.
- [external-secrets](https://github.com/external-secrets/external-secrets): Managed Kubernetes secrets using [1Password Connect](https://github.com/1Password/connect).
- [ingress-nginx](https://github.com/kubernetes/ingress-nginx): Kubernetes ingress controller using NGINX as a reverse proxy and load balancer.
- [multus](https://github.com/k8snetworkplumbingwg/multus-cni): Multi-homed pod networking.
- [rook](https://github.com/rook/rook): Distributed block storage for peristent storage.
- [sops](https://github.com/getsops/sops): Managed secrets for Kubernetes and Terraform which are commited to Git.
Expand Down Expand Up @@ -131,9 +131,6 @@ graph TD;
| Thunderbolt network (rook-ceph) | `10.1.0.0/24` |

- [cilium](https://github.com/cilium/cilium) is configured with the `io.cilium/lb-ipam-ips` annotation to expose Kubernetes services with their own IP over L3 (BGP), which is configured on my router. L2 (ARP) can also be announced in addition to L3 via the `io.cilium/lb-ipam-layer2` label.
- [cloudflared](https://github.com/cloudflare/cloudflared) provides a [secure tunnel](https://www.cloudflare.com/products/tunnel) for [Cloudflare](https://www.cloudflare.com) to ingress into [ingress-nginx](https://github.com/kubernetes/ingress-nginx), my ingress controller.

🔸 _[Click here](./kubernetes/apps/networking/cloudflared/app/configs/config.yaml) to see my `cloudflared` configuration._

---

Expand Down
1 change: 0 additions & 1 deletion kubernetes/apps/media/plex/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,6 @@ spec:
gatus.io/enabled: "true"
gatus.io/path: *path
hajimari.io/icon: mdi:plex
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
external-dns.alpha.kubernetes.io/target: external.${PUBLIC_DOMAIN}
hosts:
- host: &host "{{ .Release.Name }}.${PUBLIC_DOMAIN}"
Expand Down
15 changes: 0 additions & 15 deletions kubernetes/apps/monitoring/grafana/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,14 +111,6 @@ spec:
editable: true
options:
path: /var/lib/grafana/dashboards/kubernetes
- name: nginx
orgId: 1
folder: Nginx
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards/nginx
- name: blocky
orgId: 1
folder: Blocky
Expand Down Expand Up @@ -317,13 +309,6 @@ spec:
gnetId: 11454
revision: 14
datasource: Prometheus
nginx:
nginx:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/nginx.json
datasource: Prometheus
nginx-request-handling-performance:
url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/request-handling-performance.json
datasource: Prometheus
blocky:
blocky:
# renovate: depName="blocky"
Expand Down
5 changes: 0 additions & 5 deletions kubernetes/apps/security/authelia/app/helmrelease.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -99,11 +99,6 @@ spec:
gatus.io/path: *path
hajimari.io/icon: mdi:shield-account
hajimari.io/url: https://auth.${PUBLIC_DOMAIN}
nginx.ingress.kubernetes.io/configuration-snippet: |
add_header Cache-Control "no-store";
add_header Pragma "no-cache";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
external-dns.alpha.kubernetes.io/target: external.${PUBLIC_DOMAIN}
hosts:
- host: &host "{{ .Release.Name }}.${PUBLIC_DOMAIN}"
Expand Down
9 changes: 0 additions & 9 deletions kubernetes/flux/repositories/helm/ingress-nginx-charts.yaml

This file was deleted.

1 change: 0 additions & 1 deletion kubernetes/flux/repositories/helm/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ resources:
- ./fairwinds-charts.yaml
- ./grafana-charts.yaml
- ./hajimari-charts.yaml
- ./ingress-nginx-charts.yaml
- ./intel-charts.yaml
- ./jetstack-charts.yaml
- ./kubernetes-sigs-descheduler-charts.yaml
Expand Down

0 comments on commit f6305be

Please sign in to comment.