diff --git a/utility-services/authentik/index.ts b/utility-services/authentik/index.ts index b9779a9..cb83399 100644 --- a/utility-services/authentik/index.ts +++ b/utility-services/authentik/index.ts @@ -2,7 +2,7 @@ import * as fs from "fs"; import * as path from "path"; import { Release } from "@cdktf/provider-helm/lib/release"; import { Construct } from "constructs"; -import { IngressRoute, OnePasswordSecret } from "../../utils"; +import { PublicIngressRoute, OnePasswordSecret } from "../../utils"; import { Providers } from "../../types"; type AuthentikServerOptions = { @@ -44,14 +44,13 @@ export class AuthentikServer extends Construct { ], }); - new IngressRoute(this, "ingress", { + new PublicIngressRoute(this, "ingress", { provider: kubernetes, name: options.name, namespace: options.namespace, host: "auth.dogar.dev", serviceName: `authentik-server`, servicePort: 80, - tlsSecretName: "authentik-tls", }); } } diff --git a/utility-services/gitea/server.ts b/utility-services/gitea/server.ts index 214b5b0..e439eef 100644 --- a/utility-services/gitea/server.ts +++ b/utility-services/gitea/server.ts @@ -3,7 +3,11 @@ import * as path from "path"; import { Release } from "@cdktf/provider-helm/lib/release"; import { Construct } from "constructs"; -import { OnePasswordSecret, IngressRoute, IngressRouteTcp } from "../../utils"; +import { + OnePasswordSecret, + PublicIngressRoute, + IngressRouteTcp, +} from "../../utils"; import type { Providers } from "../../types"; type GiteaServerOptions = { @@ -69,20 +73,20 @@ export class GiteaServer extends Construct { new IngressRouteTcp(this, "ssh-ingress", { provider: kubernetes, namespace: options.namespace, + name: options.name, + match: "HostSNI(`*`)", entryPoint: "ssh", serviceName: `${options.name}-ssh`, servicePort: 22, }); - new IngressRoute(this, "http-ingress", { + new PublicIngressRoute(this, "http-ingress", { provider: kubernetes, namespace: options.namespace, name: options.name, - entryPoints: ["websecure"], host: "git.dogar.dev", serviceName: `${options.name}-http`, servicePort: 3000, - tlsSecretName: `${options.name}-tls`, }); } } diff --git a/utility-services/index.ts b/utility-services/index.ts index 9f1db7d..7a21f29 100644 --- a/utility-services/index.ts +++ b/utility-services/index.ts @@ -4,7 +4,6 @@ import { HelmProvider } from "@cdktf/provider-helm/lib/provider"; import { DataTerraformRemoteStateS3, TerraformStack } from "cdktf"; import { Construct } from "constructs"; -import { ValkeyCluster } from "./valkey"; import { GiteaRunner, GiteaServer } from "./gitea"; import { AuthentikServer } from "./authentik"; import { PostgresCluster } from "./postgres"; @@ -26,24 +25,28 @@ export class UtilityServices extends TerraformStack { const r2Endpoint = `${process.env.ACCOUNT_ID!}.r2.cloudflarestorage.com`; - const homelabState = new DataTerraformRemoteStateS3(this, "homelab-state", { - usePathStyle: true, - skipRegionValidation: true, - skipCredentialsValidation: true, - skipRequestingAccountId: true, - skipS3Checksum: true, - encrypt: true, - bucket: "terraform-state", - key: "core-services/terraform.tfstate", - endpoints: { - s3: `https://${r2Endpoint}`, + const coreServicesState = new DataTerraformRemoteStateS3( + this, + "core-services-state", + { + usePathStyle: true, + skipRegionValidation: true, + skipCredentialsValidation: true, + skipRequestingAccountId: true, + skipS3Checksum: true, + encrypt: true, + bucket: "terraform-state", + key: "core-services/terraform.tfstate", + endpoints: { + s3: `https://${r2Endpoint}`, + }, + region: "auto", + accessKey: process.env.ACCESS_KEY, + secretKey: process.env.SECRET_KEY, }, - region: "auto", - accessKey: process.env.ACCESS_KEY, - secretKey: process.env.SECRET_KEY, - }); + ); - const namespaceName = homelabState.getString("namespace-output"); + const namespaceName = coreServicesState.getString("namespace-output"); const namespaceResource = new DataKubernetesNamespaceV1( this, "homelab-namespace", @@ -70,12 +73,6 @@ export class UtilityServices extends TerraformStack { ], }); - const valkeyCluster = new ValkeyCluster(this, "valkey-cluster", { - namespace, - provider: kubernetes, - name: "valkey", - }); - const postgres = new PostgresCluster(this, "postgres-cluster", { certManagerApiVersion: "cert-manager.io/v1", name: "postgres-cluster", @@ -96,7 +93,6 @@ export class UtilityServices extends TerraformStack { namespace, }); - authentik.node.addDependency(valkeyCluster); authentik.node.addDependency(postgres); const gitea = new GiteaServer(this, "gitea-server", { diff --git a/utility-services/valkey/index.ts b/utility-services/valkey/index.ts deleted file mode 100644 index 124192a..0000000 --- a/utility-services/valkey/index.ts +++ /dev/null @@ -1,128 +0,0 @@ -import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1"; -import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider"; -import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1"; -import { Construct } from "constructs"; -import { OnePasswordSecret } from "../../utils"; - -type ValkeyClusterOptions = { - provider: KubernetesProvider; - name: string; - namespace: string; -}; - -export class ValkeyCluster extends Construct { - constructor(scope: Construct, id: string, options: ValkeyClusterOptions) { - super(scope, id); - - // Labels used by both Deployment and Service - const labels = { app: "valkey" }; - const { provider, name, namespace } = options; - - new OnePasswordSecret(this, "valkey-secret", { - provider, - name: "valkey", - namespace, - itemPath: "vaults/Lab/items/valkey", - }); - - new DeploymentV1(this, "valkey-deployment", { - provider, - metadata: { - name, - namespace, - labels, - }, - spec: { - replicas: "1", - strategy: { - type: "RollingUpdate", - rollingUpdate: { - maxSurge: "1", - maxUnavailable: "0", - }, - }, - selector: { matchLabels: labels }, - template: { - metadata: { labels }, - spec: { - container: [ - { - name: "valkey", - image: "docker.io/valkey/valkey:8.1.3", - port: [{ name: "client", containerPort: 6379 }], - env: [ - { - name: "PASSWORD", - valueFrom: { - secretKeyRef: { - name: "valkey", - key: "password", - }, - }, - }, - ], - command: ["/bin/sh", "-c"], - args: ['exec valkey-server --requirepass "$PASSWORD"'], - readinessProbe: { - tcpSocket: [ - { - port: "6379", - }, - ], - initialDelaySeconds: 5, - periodSeconds: 5, - timeoutSeconds: 3, - failureThreshold: 5, - }, - livenessProbe: { - tcpSocket: [ - { - port: "6379", - }, - ], - initialDelaySeconds: 20, - periodSeconds: 10, - timeoutSeconds: 5, - failureThreshold: 5, - }, - resources: { - requests: { - cpu: "100m", - memory: "128Mi", - }, - limits: { - memory: "512Mi", - }, - }, - }, - ], - }, - }, - }, - }); - - new ServiceV1(this, "valkey-service", { - provider, - metadata: { - name, - namespace, - labels, - annotations: { - "external-dns.alpha.kubernetes.io/hostname": "valkey.dogar.dev", - "metallb.io/ip-allocated-from-pool": "pool", - }, - }, - spec: { - type: "LoadBalancer", - selector: labels, - port: [ - { - name: "client", - port: 6379, - targetPort: "client", - }, - ], - }, - }); - } -}