traefik works!

charts/fp/templates/echo.yaml

@@ -22,26 +22,6 @@ spec:
         args:
           - -text="Hello, choom!"
 
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: echo
-  namespace: futureporn
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: "{{ .Values.echo.hostname }}"
-    {{ if eq .Values.environment "development" }}
-    chisel-operator.io/exit-node-name: "echo-exit-node"
-    {{ end }}
-    cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
-spec:
-  selector:
-    app: echo
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 5678
-
 {{ if eq .Values.environment "development" }}
 ---
 apiVersion: chisel-operator.io/v1
@@ -57,21 +37,102 @@ spec:
 
 
 
+# ---
+# apiVersion: traefik.io/v1alpha1
+# kind: IngressRoute
+# metadata:
+#   name: echo
+#   namespace: futureporn
+# spec:
+#   entryPoints:
+#     - web
+#   routes:
+#     - match: Host(`echo.fp.sbtp.xyz`) || PathPrefix(`/extra/echo`)
+#       kind: Rule
+#       services:
+#         - name: echo
+#           port: 8001
+#   # tls:
+#   #   secretName: echo-cert
+
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: echo
+  namespace: futureporn
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: "{{ .Values.echo.hostname }}"
+    {{ if eq .Values.environment "development" }}
+    chisel-operator.io/exit-node-name: "echo-exit-node"
+    {{ end }}
+spec:
+  type: LoadBalancer
+  selector:
+    app: echo
+  ports:
+    - name: web
+      protocol: TCP
+      port: 5678
+      targetPort: 5678
+    - name: websecure
+      protocol: TCP
+      port: 4443
+      targetPort: 5678
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: echo
+  namespace: futureporn
+spec:
+  secretName: echo-tls
+  issuerRef:
+    name: "{{ .Values.certManager.issuer }}"
+    kind: ClusterIssuer
+  dnsNames:
+    - "{{ .Values.echo.hostname }}"
+
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
-  name: echo
+  name: echo-http
   namespace: futureporn
-
 spec:
   entryPoints:
     - web
   routes:
-    - match: Host(`echo.fp.sbtp.xyz`) || PathPrefix(`/extra/echo`)
+  - match: Host(`echo.fp.sbtp.xyz`)
-      kind: Rule
+    kind: Rule
-      services:
+    services:
-        - name: echo
+    - name: echo
-          port: 8001
+      namespace: futureporn
-  # tls:
+      port: 5678
-  #   secretName: echo-cert
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: echo-https
+  namespace: futureporn
+  annotations:
+    cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`echo.fp.sbtp.xyz`)
+    kind: Rule
+    middlewares:
+    - name: redirect
+      namespace: futureporn
+    services:
+    - name: echo
+      namespace: futureporn
+      port: 5678
+  tls:
+    secretName: echo-tls

charts/fp/templates/next.yaml

@@ -30,6 +30,7 @@ metadata:
     external-dns.alpha.kubernetes.io/hostname: "{{ .Values.next.hostname }}"
     chisel-operator.io/exit-node-name: "next-exit-node"
 spec:
+  type: LoadBalancer
   selector:
     app.kubernetes.io/name: next
   ports:
@@ -114,4 +115,59 @@ spec:
 #   tls:
 #   - hosts:
 #     - "{{ .Values.next.hostname }}"
-#     secretName: next-cert
+#     secretName: next-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: next
+  namespace: futureporn
+spec:
+  secretName: next-tls
+  issuerRef:
+    name: "{{ .Values.certManager.issuer }}"
+    kind: ClusterIssuer
+  dnsNames:
+    - "{{ .Values.next.hostname }}"
+
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: next-http
+  namespace: futureporn
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`next.fp.sbtp.xyz`)
+    kind: Rule
+    middlewares:
+    - name: redirect
+      namespace: futureporn
+    services:
+    - name: next
+      port: 3000
+
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: next-https
+  namespace: futureporn
+  annotations:
+    cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`next.fp.sbtp.xyz`) 
+    kind: Rule
+    services:
+    - name: next
+      namespace: futureporn
+      port: 3000
+  tls:
+    secretName: next-tls

charts/fp/templates/strapi.yaml

@@ -8,6 +8,7 @@ metadata:
     external-dns.alpha.kubernetes.io/hostname: "{{ .Values.strapi.hostname }}"
     chisel-operator.io/exit-node-name: "strapi-exit-node"
 spec:
+  type: LoadBalancer
   selector:
     app.kubernetes.io/name: strapi
   ports:
@@ -153,33 +154,6 @@ spec:
 
 
 
-# ---
-# apiVersion: networking.k8s.io/v1
-# kind: Ingress
-# metadata:
-#   name: strapi
-#   namespace: futureporn
-#   annotations:
-#     kubernetes.io/ingress.class: traefik
-#     traefik.ingress.kubernetes.io/router.entrypoints: websecure,web
-#     traefik.ingress.kubernetes.io/router.tls: "false"
-#     cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
-# spec:
-#   tls:
-#     - hosts:
-#       - "{{ .Values.strapi.hostname }}"
-#       secretName: strapi-cert
-#   rules:
-#     - host: "{{ .Values.strapi.hostname }}"
-#       http:
-#         paths:
-#         - path: /
-#           pathType: Prefix
-#           backend:
-#             service:
-#               name: strapi
-#               port:
-#                 number: 1339
 
 {{ if eq .Values.environment "development" }}
 ---
@@ -193,3 +167,59 @@ spec:
   port: 9090
   auth: chisel
 {{ end }}
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: strapi
+  namespace: futureporn
+spec:
+  secretName: strapi-tls
+  issuerRef:
+    name: "{{ .Values.certManager.issuer }}"
+    kind: ClusterIssuer
+  dnsNames:
+    - "{{ .Values.strapi.hostname }}"
+
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: strapi-http
+  namespace: futureporn
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`strapi.fp.sbtp.xyz`) 
+    kind: Rule
+    middlewares:
+    - name: redirect
+      namespace: futureporn
+    services:
+    - name: strapi
+      namespace: futureporn
+      port: 1339
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: strapi-https
+  namespace: futureporn
+  annotations:
+    cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`strapi.fp.sbtp.xyz`) 
+    kind: Rule
+    services:
+    - name: strapi
+      namespace: futureporn
+      port: 1339
+  tls:
+    secretName: strapi-tls

charts/fp/templates/traefik.yaml

@@ -10,6 +10,21 @@ spec:
     scheme: https
     permanent: true
 
+
+{{ if eq .Values.environment "development" }}
+---
+apiVersion: chisel-operator.io/v1
+kind: ExitNode
+metadata:
+  name: traefik-exit-node
+  namespace: futureporn
+spec:
+  host: "{{ .Values.chisel.exitNodeIp }}"
+  port: 9090
+  auth: chisel
+{{ end }}
+
+
 # ---
 # apiVersion: v1
 # kind: Service
@@ -28,30 +43,30 @@ spec:
 #       port: 443
 #       targetPort: 8443
 
---- 
+# --- 
-apiVersion: networking.k8s.io/v1
+# apiVersion: networking.k8s.io/v1
-kind: Ingress
+# kind: Ingress
-metadata:
+# metadata:
-  name: traefik
+#   name: traefik
-  namespace: futureporn
+#   namespace: futureporn
-  annotations:
+#   annotations:
-    kubernetes.io/ingress.class: traefik
+#     kubernetes.io/ingress.class: traefik
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+#     traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
+#     traefik.ingress.kubernetes.io/router.tls: "true"
-    cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
+#     cert-manager.io/cluster-issuer: "{{ .Values.certManager.issuer }}"
-    traefik.ingress.kubernetes.io/router.middlewares: futureporn-redirect@kubernetescrd
+#     traefik.ingress.kubernetes.io/router.middlewares: futureporn-redirect@kubernetescrd
-spec:
+# spec:
-  ingressClassName: traefik
+#   ingressClassName: traefik
-  rules:
+#   rules:
-    - http:
+#     - http:
-        paths:
+#         paths:
-          - path: /
+#           - path: /
-            pathType: Prefix
+#             pathType: Prefix
-            backend:
+#             backend:
-              service:
+#               service:
-                name: traefik
+#                 name: traefik
-                port:
+#                 port:
-                  number: 443
+#                   number: 443
   # tls:
   #   - hosts: 
   #     - "{{ .Values.echo.hostname }}"

infrastructure/controllers/ingress-traefik.yaml

@@ -26,6 +26,10 @@ spec:
         namespace: futureporn
       interval: 12h
   values:
+    providers:
+      kubernetesIngress:
+        publishedService:
+          enabled: true
     service:
       annotations:
         cert-manager.io/cluster-issuer: "letsencrypt-staging"

t.wip.tiltfile

@@ -68,9 +68,12 @@ helm_remote(
     version='28.3.0',
     set=[
         'globalArguments[0]=--global.sendanonymoususage=false',
-        'service.enabled=false',
+        'service.enabled=true',
         'logs.access.enabled=true',
-        'logs.general.level=DEBUG'
+        'logs.access.format=json',
+        'logs.general.level=DEBUG',
+        'logs.general.format=json',
+        'providers.kubernetesIngress.publishedService.enabled=true',
     ]
 )
 
@@ -268,23 +271,14 @@ docker_build(
 # )
 k8s_resource(
     workload='echo',
-    port_forwards=['8080'],
+    port_forwards=['8001'],
     links=[
         link('https://echo.fp.sbtp.xyz'),
         link('http://echo.futureporn.svc.cluster.local:8001')
     ],
     labels='debug'
 )
-# k8s_resource(
+
-#     workload='snake',
-#     port_forwards=['8080'],
-#     labels='debug'
-# )
-# k8s_resource(
-#     workload='game-2048',
-#     port_forwards=['8081:8080'],
-#     labels='debug'
-# )
 
 k8s_resource(
     workload='next',
@@ -306,9 +300,18 @@ k8s_resource(
 
 k8s_resource(
     workload='postgres',
-    port_forwards=['5432']
+    port_forwards=['5432'],
 )
 
+k8s_resource(
+    workload='traefik',
+    port_forwards=['9000:9000'],
+    links=[
+        link('http://localhost:9000/dashboard')
+    ],
+)
+
+
 # k8s_resource(
 #     workload='scout-worker',
 #     resource_deps=['postgres', 'strapi', 'temporal-frontend', 'scout-manager']