Compare commits
9 Commits
fabede0953
...
11bf756add
| Author | SHA1 | Date | |
|---|---|---|---|
11bf756add
|
|||
|
2d93965900
|
|||
|
5f83143d91
|
|||
|
55d3ba0acc
|
|||
|
53f414f97d
|
|||
|
48d4950632
|
|||
|
0dde41e79e
|
|||
|
8955455af2
|
|||
|
451bbc6de0
|
@@ -82,10 +82,24 @@ spec:
|
||||
protocol: TCP
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: devpi
|
||||
namespace: homelab
|
||||
spec:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- "127.0.0.1/32"
|
||||
- "10.43.0.0/16"
|
||||
rateLimit:
|
||||
average: 10
|
||||
burst: 50
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: devpi-ingress
|
||||
name: devpi
|
||||
namespace: homelab
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
@@ -93,12 +107,10 @@ metadata:
|
||||
cert-manager.io/acme-challenge-type: "dns01"
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
|
||||
# NGINX IP-based rate limiting
|
||||
nginx.ingress.kubernetes.io/limit-rps: "10"
|
||||
nginx.ingress.kubernetes.io/limit-burst-multiplier: "5"
|
||||
nginx.ingress.kubernetes.io/limit-whitelist: "127.0.0.1"
|
||||
# Traefik Middleware
|
||||
traefik.io/router.middlewares: "devpi@kubernetescrd"
|
||||
spec:
|
||||
ingressClassName: nginx-internal
|
||||
ingressClassName: traefik
|
||||
tls:
|
||||
- hosts:
|
||||
- pip.dogar.dev
|
||||
|
||||
@@ -2,9 +2,14 @@ import * as fs from "fs";
|
||||
import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
|
||||
import { Release } from "@cdktf/provider-helm/lib/release";
|
||||
import { Construct } from "constructs";
|
||||
import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
|
||||
import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
|
||||
|
||||
type GiteaServerOptions = {
|
||||
provider: HelmProvider;
|
||||
providers: {
|
||||
helm: HelmProvider;
|
||||
kubernetes: KubernetesProvider;
|
||||
};
|
||||
name: string;
|
||||
namespace: string;
|
||||
r2Endpoint: string;
|
||||
@@ -14,8 +19,11 @@ export class GiteaServer extends Construct {
|
||||
constructor(scope: Construct, id: string, options: GiteaServerOptions) {
|
||||
super(scope, id);
|
||||
|
||||
const { kubernetes, helm } = options.providers;
|
||||
|
||||
new Release(this, id, {
|
||||
...options,
|
||||
provider: helm,
|
||||
repository: "https://dl.gitea.com/charts",
|
||||
chart: "gitea",
|
||||
createNamespace: true,
|
||||
@@ -31,5 +39,31 @@ export class GiteaServer extends Construct {
|
||||
}),
|
||||
],
|
||||
});
|
||||
|
||||
new Manifest(this, `${id}-ssh-ingress`, {
|
||||
provider: kubernetes,
|
||||
manifest: {
|
||||
apiVersion: "traefik.io/v1alpha1",
|
||||
kind: "IngressRouteTCP",
|
||||
metadata: {
|
||||
name: "gitea-ssh-ingress",
|
||||
namespace: options.namespace,
|
||||
},
|
||||
spec: {
|
||||
entryPoints: ["ssh"],
|
||||
routes: [
|
||||
{
|
||||
match: "HostSNI(`*`)",
|
||||
services: [
|
||||
{
|
||||
name: `${options.name}-ssh`,
|
||||
port: 22,
|
||||
},
|
||||
],
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -93,11 +93,7 @@ server:
|
||||
cert-manager.io/cluster-issuer: cloudflare-issuer
|
||||
cert-manager.io/acme-challenge-type: dns01
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
ingressClassName: nginx-internal
|
||||
https: true
|
||||
ingressClassName: traefik
|
||||
hosts:
|
||||
- auth.dogar.dev
|
||||
tls:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
global:
|
||||
security:
|
||||
allowInsecureImages: true # needed for ghcr.io images
|
||||
allowInsecureImages: true # needed for non-official images
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnamilegacy/external-dns
|
||||
@@ -27,6 +27,7 @@ serviceAccount:
|
||||
name: "external-dns"
|
||||
ingressClassFilters:
|
||||
- nginx-internal
|
||||
- traefik
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
|
||||
@@ -15,15 +15,8 @@ ingress:
|
||||
cert-manager.io/cluster-issuer: cloudflare-issuer
|
||||
cert-manager.io/acme-challenge-type: dns01
|
||||
cert-manager.io/private-key-size: 4096
|
||||
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
||||
nginx.ingress.kubernetes.io/proxy-request-buffering: off
|
||||
nginx.ingress.kubernetes.io/proxy-buffering: off
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 0
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: 3600
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: 3600
|
||||
nginx.ingress.kubernetes.io/client-body-timeout: 3600
|
||||
nginx.ingress.kubernetes.io/proxy-connect-timeout: 3600
|
||||
className: nginx-internal
|
||||
traefik.io/service.scheme: https
|
||||
className: traefik
|
||||
hosts:
|
||||
- host: git.dogar.dev
|
||||
paths:
|
||||
|
||||
@@ -17,7 +17,7 @@ metrics:
|
||||
enabled: true
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: nginx-internal
|
||||
ingressClassName: traefik
|
||||
host: longhorn.dogar.dev
|
||||
tls: true
|
||||
tlsSecretName: longhorn-tls
|
||||
|
||||
@@ -2,7 +2,7 @@ grafana:
|
||||
enabled: true
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: nginx-internal
|
||||
ingressClassName: traefik
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: cloudflare-issuer
|
||||
cert-manager.io/acme-challenge-type: dns01
|
||||
|
||||
@@ -16,3 +16,13 @@ topologySpreadConstraints:
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app: traefik
|
||||
additionalArguments:
|
||||
- "--entryPoints.ssh.address=:22/tcp"
|
||||
ports:
|
||||
ssh:
|
||||
name: ssh
|
||||
port: 22
|
||||
exposedPort: 22
|
||||
expose:
|
||||
default: true
|
||||
protocol: TCP
|
||||
|
||||
5
main.ts
5
main.ts
@@ -142,7 +142,10 @@ class Homelab extends TerraformStack {
|
||||
const gitea = new GiteaServer(this, "gitea-server", {
|
||||
name: "gitea",
|
||||
namespace,
|
||||
provider: helm,
|
||||
providers: {
|
||||
helm,
|
||||
kubernetes,
|
||||
},
|
||||
r2Endpoint: `${env.ACCOUNT_ID}.r2.cloudflarestorage.com`,
|
||||
});
|
||||
|
||||
|
||||
@@ -114,6 +114,20 @@ spec:
|
||||
targetPort: 4873
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: verdaccio
|
||||
namespace: homelab
|
||||
spec:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- "127.0.0.1/32"
|
||||
- "10.43.0.0/16"
|
||||
rateLimit:
|
||||
average: 10
|
||||
burst: 50
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
@@ -124,12 +138,10 @@ metadata:
|
||||
cert-manager.io/acme-challenge-type: "dns01"
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
|
||||
# NGINX IP-based rate limiting
|
||||
nginx.ingress.kubernetes.io/limit-rps: "10"
|
||||
nginx.ingress.kubernetes.io/limit-burst-multiplier: "5"
|
||||
nginx.ingress.kubernetes.io/limit-whitelist: "127.0.0.1"
|
||||
# Traefik Middleware
|
||||
traefik.io/router.middlewares: "verdaccio@kubernetescrd"
|
||||
spec:
|
||||
ingressClassName: nginx-internal
|
||||
ingressClassName: traefik
|
||||
tls:
|
||||
- hosts:
|
||||
- npm.dogar.dev
|
||||
|
||||
Reference in New Issue
Block a user