From 2c8e41be61778883f8bd68fe0719673d62482cb9 Mon Sep 17 00:00:00 2001 From: CJ_Clippy Date: Mon, 1 Jul 2024 19:50:54 -0800 Subject: [PATCH] traefik works! --- charts/fp/templates/echo.yaml | 119 +++++++++++++----- charts/fp/templates/next.yaml | 58 ++++++++- charts/fp/templates/strapi.yaml | 84 +++++++++---- charts/fp/templates/traefik.yaml | 63 ++++++---- .../controllers/ingress-traefik.yaml | 4 + t.wip.tiltfile | 31 ++--- 6 files changed, 264 insertions(+), 95 deletions(-) diff --git a/charts/fp/templates/echo.yaml b/charts/fp/templates/echo.yaml index 183e544..40dbef3 100644 --- a/charts/fp/templates/echo.yaml +++ b/charts/fp/templates/echo.yaml @@ -22,26 +22,6 @@ spec: args: - -text="Hello, choom!" ---- -apiVersion: v1 -kind: Service -metadata: - name: echo - namespace: futureporn - annotations: - external-dns.alpha.kubernetes.io/hostname: "{{ .Values.echo.hostname }}" - {{ if eq .Values.environment "development" }} - chisel-operator.io/exit-node-name: "echo-exit-node" - {{ end }} - cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}" -spec: - selector: - app: echo - ports: - - protocol: TCP - port: 80 - targetPort: 5678 - {{ if eq .Values.environment "development" }} --- apiVersion: chisel-operator.io/v1 @@ -57,21 +37,102 @@ spec: +# --- +# apiVersion: traefik.io/v1alpha1 +# kind: IngressRoute +# metadata: +# name: echo +# namespace: futureporn +# spec: +# entryPoints: +# - web +# routes: +# - match: Host(`echo.fp.sbtp.xyz`) || PathPrefix(`/extra/echo`) +# kind: Rule +# services: +# - name: echo +# port: 8001 +# # tls: +# # secretName: echo-cert + + + +--- +apiVersion: v1 +kind: Service +metadata: + name: echo + namespace: futureporn + annotations: + external-dns.alpha.kubernetes.io/hostname: "{{ .Values.echo.hostname }}" + {{ if eq .Values.environment "development" }} + chisel-operator.io/exit-node-name: "echo-exit-node" + {{ end }} +spec: + type: LoadBalancer + selector: + app: echo + ports: + - name: web + protocol: TCP + port: 5678 + targetPort: 5678 + - name: websecure + protocol: TCP + port: 4443 + targetPort: 5678 + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: echo + namespace: futureporn +spec: + secretName: echo-tls + issuerRef: + name: "{{ .Values.certManager.issuer }}" + kind: ClusterIssuer + dnsNames: + - "{{ .Values.echo.hostname }}" + --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: echo + name: echo-http namespace: futureporn - spec: entryPoints: - web routes: - - match: Host(`echo.fp.sbtp.xyz`) || PathPrefix(`/extra/echo`) - kind: Rule - services: - - name: echo - port: 8001 - # tls: - # secretName: echo-cert + - match: Host(`echo.fp.sbtp.xyz`) + kind: Rule + services: + - name: echo + namespace: futureporn + port: 5678 + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: echo-https + namespace: futureporn + annotations: + cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}" +spec: + entryPoints: + - websecure + routes: + - match: Host(`echo.fp.sbtp.xyz`) + kind: Rule + middlewares: + - name: redirect + namespace: futureporn + services: + - name: echo + namespace: futureporn + port: 5678 + tls: + secretName: echo-tls \ No newline at end of file diff --git a/charts/fp/templates/next.yaml b/charts/fp/templates/next.yaml index 50538e9..5262948 100644 --- a/charts/fp/templates/next.yaml +++ b/charts/fp/templates/next.yaml @@ -30,6 +30,7 @@ metadata: external-dns.alpha.kubernetes.io/hostname: "{{ .Values.next.hostname }}" chisel-operator.io/exit-node-name: "next-exit-node" spec: + type: LoadBalancer selector: app.kubernetes.io/name: next ports: @@ -114,4 +115,59 @@ spec: # tls: # - hosts: # - "{{ .Values.next.hostname }}" -# secretName: next-cert \ No newline at end of file +# secretName: next-cert +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: next + namespace: futureporn +spec: + secretName: next-tls + issuerRef: + name: "{{ .Values.certManager.issuer }}" + kind: ClusterIssuer + dnsNames: + - "{{ .Values.next.hostname }}" + + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: next-http + namespace: futureporn +spec: + entryPoints: + - web + routes: + - match: Host(`next.fp.sbtp.xyz`) + kind: Rule + middlewares: + - name: redirect + namespace: futureporn + services: + - name: next + port: 3000 + + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: next-https + namespace: futureporn + annotations: + cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}" +spec: + entryPoints: + - websecure + routes: + - match: Host(`next.fp.sbtp.xyz`) + kind: Rule + services: + - name: next + namespace: futureporn + port: 3000 + tls: + secretName: next-tls \ No newline at end of file diff --git a/charts/fp/templates/strapi.yaml b/charts/fp/templates/strapi.yaml index addec9b..8d3fac9 100644 --- a/charts/fp/templates/strapi.yaml +++ b/charts/fp/templates/strapi.yaml @@ -8,6 +8,7 @@ metadata: external-dns.alpha.kubernetes.io/hostname: "{{ .Values.strapi.hostname }}" chisel-operator.io/exit-node-name: "strapi-exit-node" spec: + type: LoadBalancer selector: app.kubernetes.io/name: strapi ports: @@ -153,33 +154,6 @@ spec: -# --- -# apiVersion: networking.k8s.io/v1 -# kind: Ingress -# metadata: -# name: strapi -# namespace: futureporn -# annotations: -# kubernetes.io/ingress.class: traefik -# traefik.ingress.kubernetes.io/router.entrypoints: websecure,web -# traefik.ingress.kubernetes.io/router.tls: "false" -# cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}" -# spec: -# tls: -# - hosts: -# - "{{ .Values.strapi.hostname }}" -# secretName: strapi-cert -# rules: -# - host: "{{ .Values.strapi.hostname }}" -# http: -# paths: -# - path: / -# pathType: Prefix -# backend: -# service: -# name: strapi -# port: -# number: 1339 {{ if eq .Values.environment "development" }} --- @@ -193,3 +167,59 @@ spec: port: 9090 auth: chisel {{ end }} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: strapi + namespace: futureporn +spec: + secretName: strapi-tls + issuerRef: + name: "{{ .Values.certManager.issuer }}" + kind: ClusterIssuer + dnsNames: + - "{{ .Values.strapi.hostname }}" + + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: strapi-http + namespace: futureporn +spec: + entryPoints: + - web + routes: + - match: Host(`strapi.fp.sbtp.xyz`) + kind: Rule + middlewares: + - name: redirect + namespace: futureporn + services: + - name: strapi + namespace: futureporn + port: 1339 + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: strapi-https + namespace: futureporn + annotations: + cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}" +spec: + entryPoints: + - websecure + routes: + - match: Host(`strapi.fp.sbtp.xyz`) + kind: Rule + services: + - name: strapi + namespace: futureporn + port: 1339 + tls: + secretName: strapi-tls \ No newline at end of file diff --git a/charts/fp/templates/traefik.yaml b/charts/fp/templates/traefik.yaml index c2dc1bd..b3cc899 100644 --- a/charts/fp/templates/traefik.yaml +++ b/charts/fp/templates/traefik.yaml @@ -10,6 +10,21 @@ spec: scheme: https permanent: true + +{{ if eq .Values.environment "development" }} +--- +apiVersion: chisel-operator.io/v1 +kind: ExitNode +metadata: + name: traefik-exit-node + namespace: futureporn +spec: + host: "{{ .Values.chisel.exitNodeIp }}" + port: 9090 + auth: chisel +{{ end }} + + # --- # apiVersion: v1 # kind: Service @@ -28,30 +43,30 @@ spec: # port: 443 # targetPort: 8443 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: traefik - namespace: futureporn - annotations: - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}" - traefik.ingress.kubernetes.io/router.middlewares: futureporn-redirect@kubernetescrd -spec: - ingressClassName: traefik - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: traefik - port: - number: 443 +# --- +# apiVersion: networking.k8s.io/v1 +# kind: Ingress +# metadata: +# name: traefik +# namespace: futureporn +# annotations: +# kubernetes.io/ingress.class: traefik +# traefik.ingress.kubernetes.io/router.entrypoints: websecure +# traefik.ingress.kubernetes.io/router.tls: "true" +# cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}" +# traefik.ingress.kubernetes.io/router.middlewares: futureporn-redirect@kubernetescrd +# spec: +# ingressClassName: traefik +# rules: +# - http: +# paths: +# - path: / +# pathType: Prefix +# backend: +# service: +# name: traefik +# port: +# number: 443 # tls: # - hosts: # - "{{ .Values.echo.hostname }}" diff --git a/infrastructure/controllers/ingress-traefik.yaml b/infrastructure/controllers/ingress-traefik.yaml index 9a131bd..4bf7f97 100644 --- a/infrastructure/controllers/ingress-traefik.yaml +++ b/infrastructure/controllers/ingress-traefik.yaml @@ -26,6 +26,10 @@ spec: namespace: futureporn interval: 12h values: + providers: + kubernetesIngress: + publishedService: + enabled: true service: annotations: cert-manager.io/cluster-issuer: "letsencrypt-staging" diff --git a/t.wip.tiltfile b/t.wip.tiltfile index c645a38..8b3a32e 100644 --- a/t.wip.tiltfile +++ b/t.wip.tiltfile @@ -68,9 +68,12 @@ helm_remote( version='28.3.0', set=[ 'globalArguments[0]=--global.sendanonymoususage=false', - 'service.enabled=false', + 'service.enabled=true', 'logs.access.enabled=true', - 'logs.general.level=DEBUG' + 'logs.access.format=json', + 'logs.general.level=DEBUG', + 'logs.general.format=json', + 'providers.kubernetesIngress.publishedService.enabled=true', ] ) @@ -268,23 +271,14 @@ docker_build( # ) k8s_resource( workload='echo', - port_forwards=['8080'], + port_forwards=['8001'], links=[ link('https://echo.fp.sbtp.xyz'), link('http://echo.futureporn.svc.cluster.local:8001') ], labels='debug' ) -# k8s_resource( -# workload='snake', -# port_forwards=['8080'], -# labels='debug' -# ) -# k8s_resource( -# workload='game-2048', -# port_forwards=['8081:8080'], -# labels='debug' -# ) + k8s_resource( workload='next', @@ -306,9 +300,18 @@ k8s_resource( k8s_resource( workload='postgres', - port_forwards=['5432'] + port_forwards=['5432'], ) +k8s_resource( + workload='traefik', + port_forwards=['9000:9000'], + links=[ + link('http://localhost:9000/dashboard') + ], +) + + # k8s_resource( # workload='scout-worker', # resource_deps=['postgres', 'strapi', 'temporal-frontend', 'scout-manager']