shahab/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: shahab:2b49cc4ce1be6267fcd65cacb38fcbabab95375c
Branches Tags
shahab:main
...
compare: shahab:a96558eb801ec26a9f27a1cc3c8b64d265fae60b
Branches Tags
shahab:main

5 Commits
2b49cc4ce1 ... a96558eb80

Author SHA1 Message Date
Shahab Dogar
a96558eb80 fix: PipCache | MUST be singleton 2025-11-23 01:23:01 +05:00
Shahab Dogar
0862e196cc fix: Traefik | external traffic policy local 2025-11-23 01:17:49 +05:00
Shahab Dogar
1205cca3d3 fix: MetalLB | do not allow running on control-plane 2025-11-23 01:17:36 +05:00
Shahab Dogar
5906fdc2b4 fix: NetworkSecurity | incorrect IP cidr in allow list 2025-11-23 01:04:28 +05:00
Shahab Dogar
008ef748c6 fix: PipCache | must be singleton 2025-11-23 01:04:17 +05:00
5 changed files with 18 additions and 38 deletions
Expand all files Collapse all files

40
cache-infrastructure/pip/index.ts
View File

@@ -34,7 +34,6 @@ export class PipCache extends Construct {
namespace,
name,
size: "128Gi",
accessModes: ["ReadWriteMany"],
});
new DeploymentV1(this, "deployment", {
@@ -44,7 +43,10 @@ export class PipCache extends Construct {
namespace,
},
spec: {
replicas: "3",
replicas: "1",
strategy: {
type: "Recreate",
},
selector: {
matchLabels: {
app: name,
@@ -60,40 +62,6 @@ export class PipCache extends Construct {
nodeSelector: {
nodepool: "worker",
},
topologySpreadConstraint: [
{
maxSkew: 1,
topologyKey: "kubernetes.io/hostname",
whenUnsatisfiable: "ScheduleAnyway",
labelSelector: [
{
matchLabels: {
app: name,
},
},
],
},
],
affinity: {
podAntiAffinity: {
requiredDuringSchedulingIgnoredDuringExecution: [
{
topologyKey: "kubernetes.io/hostname",
labelSelector: [
{
matchExpressions: [
{
key: "app",
operator: "In",
values: [name],
},
],
},
],
},
],
},
},
volume: [
{
name: "data",

3
core-services/metallb/index.ts
View File

@@ -1,3 +1,5 @@
import * as fs from "fs";
import * as path from "path";
import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
import { Release } from "@cdktf/provider-helm/lib/release";
import { Construct } from "constructs";
@@ -17,6 +19,7 @@ export class MetalLB extends Construct {
repository: "https://metallb.github.io/metallb",
chart: "metallb",
createNamespace: true,
values: [fs.readFileSync(path.join(__dirname, "values.yaml"), "utf8")],
});
}
}

6
core-services/metallb/values.yaml Normal file
View File

@@ -0,0 +1,6 @@
controller:
nodeSelector:
nodepool: worker
speaker:
nodeSelector:
nodepool: worker

5
core-services/traefik/values.yaml
View File

@@ -12,10 +12,13 @@ deployment:
app: traefik
nodeSelector:
nodepool: worker
service:
spec:
externalTrafficPolicy: Local
topologySpreadConstraints:
- maxSkew: 1
topologyKey: "kubernetes.io/hostname"
whenUnsatisfiable: "ScheduleAnyway"
whenUnsatisfiable: "DoNotSchedule"
labelSelector:
matchLabels:
app: traefik

2
network-security/index.ts
View File

@@ -71,7 +71,7 @@ export class NetworkSecurity extends TerraformStack {
provider: kubernetes,
namespace,
name: "ip-allow-list",
sourceRanges: ["192.168.18.0/24", "10.43.0.0/16"],
sourceRanges: ["192.168.18.0/24", "10.42.0.0/16"],
});
new IpAllowListMiddlewareTCP(this, "tcp-internal-ip-allow-list", {