diff --git a/infrastructure/controllers/ingress-nginx.yaml b/infrastructure/controllers/ingress-nginx.yaml new file mode 100644 index 0000000..60d386f --- /dev/null +++ b/infrastructure/controllers/ingress-nginx.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: ingress-nginx + namespace: futureporn +spec: + interval: 24h + url: https://kubernetes.github.io/ingress-nginx +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ingress-nginx + namespace: futureporn +spec: + interval: 30m + chart: + spec: + chart: ingress-nginx + version: "*" + sourceRef: + kind: HelmRepository + name: ingress-nginx + namespace: futureporn + interval: 12h + values: + controller: + service: + type: "LoadBalancer" + admissionWebhooks: + enabled: false diff --git a/infrastructure/controllers/ingress-traefik.yaml b/infrastructure/controllers/ingress-traefik.yaml index e4804cc..d86ea4e 100644 --- a/infrastructure/controllers/ingress-traefik.yaml +++ b/infrastructure/controllers/ingress-traefik.yaml @@ -1,127 +1,32 @@ --- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository metadata: - name: traefik-ingress-controller -rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-ingress-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik-ingress-controller -subjects: -- kind: ServiceAccount - name: traefik-ingress-controller - namespace: kube-system - - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: traefik-ingress-controller - namespace: kube-system - ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: traefik-ingress-controller - namespace: kube-system - labels: - k8s-app: traefik-ingress-lb + name: traefik + namespace: futureporn spec: - selector: - matchLabels: - k8s-app: traefik-ingress-lb - name: traefik-ingress-lb - template: - metadata: - labels: - k8s-app: traefik-ingress-lb - name: traefik-ingress-lb + interval: 24h + url: https://traefik.github.io/charts +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: traefik + namespace: futureporn +spec: + interval: 30m + chart: spec: - serviceAccountName: traefik-ingress-controller - terminationGracePeriodSeconds: 60 - containers: - - image: traefik:v1.7 - name: traefik-ingress-lb - ports: - - name: http - containerPort: 80 - hostPort: 80 - - name: admin - containerPort: 8080 - hostPort: 8080 - securityContext: - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - args: - - --api - - --kubernetes - - --logLevel=INFO - ---- -kind: Service -apiVersion: v1 -metadata: - name: traefik-web-ui - namespace: kube-system -spec: - selector: - k8s-app: traefik-ingress-lb - ports: - - protocol: TCP - port: 80 - name: web - - protocol: TCP - port: 8080 - name: admin - ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: traefik-web-ui - namespace: kube-system -spec: - rules: - - host: traefik-ui.minikube - http: - paths: - - path: / - backend: - serviceName: traefik-web-ui - servicePort: web \ No newline at end of file + chart: traefik + version: "*" + sourceRef: + kind: HelmRepository + name: traefik + namespace: futureporn + interval: 12h + values: + controller: + service: + type: "LoadBalancer" + admissionWebhooks: + enabled: false diff --git a/infrastructure/controllers/ingress-traefik.yaml.old b/infrastructure/controllers/ingress-traefik.yaml.old new file mode 100644 index 0000000..e4804cc --- /dev/null +++ b/infrastructure/controllers/ingress-traefik.yaml.old @@ -0,0 +1,127 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-ingress-controller +subjects: +- kind: ServiceAccount + name: traefik-ingress-controller + namespace: kube-system + + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-ingress-controller + namespace: kube-system + +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: traefik-ingress-controller + namespace: kube-system + labels: + k8s-app: traefik-ingress-lb +spec: + selector: + matchLabels: + k8s-app: traefik-ingress-lb + name: traefik-ingress-lb + template: + metadata: + labels: + k8s-app: traefik-ingress-lb + name: traefik-ingress-lb + spec: + serviceAccountName: traefik-ingress-controller + terminationGracePeriodSeconds: 60 + containers: + - image: traefik:v1.7 + name: traefik-ingress-lb + ports: + - name: http + containerPort: 80 + hostPort: 80 + - name: admin + containerPort: 8080 + hostPort: 8080 + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + args: + - --api + - --kubernetes + - --logLevel=INFO + +--- +kind: Service +apiVersion: v1 +metadata: + name: traefik-web-ui + namespace: kube-system +spec: + selector: + k8s-app: traefik-ingress-lb + ports: + - protocol: TCP + port: 80 + name: web + - protocol: TCP + port: 8080 + name: admin + +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: traefik-web-ui + namespace: kube-system +spec: + rules: + - host: traefik-ui.minikube + http: + paths: + - path: / + backend: + serviceName: traefik-web-ui + servicePort: web \ No newline at end of file