simon/kube
1
0
Fork 0
forked from k-space/kube
Code Pull Requests Activity

inventory: k6 tls

Browse Source
This commit is contained in:
rasmus
2025-04-18 15:39:09 +03:00
parent 19e6f53d96
commit a280a19772
2 changed files with 84 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
hackerspace/goredirect.yaml
View File

@@ -7,24 +7,12 @@ spec:
revisionHistoryLimit: 0
selector:
matchLabels:
app.kubernetes.io/name: goredirect
app: goredirect
template:
metadata:
labels:
app.kubernetes.io/name: goredirect
app: goredirect
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- goredirect
topologyKey: topology.kubernetes.io/zone
weight: 100
containers:
- image: harbor.k-space.ee/k-space/goredirect:latest
imagePullPolicy: Always
@@ -43,7 +31,6 @@ spec:
name: goredirect
ports:
- containerPort: 8080
name: http
protocol: TCP
resources:
limits:
@@ -61,17 +48,37 @@ apiVersion: v1
kind: Service
metadata:
name: goredirect
annotations:
external-dns.alpha.kubernetes.io/hostname: k6.ee
metallb.universe.tf/address-pool: elisa
spec:
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080
nodePort: 32120
type: ClusterIP
selector:
app.kubernetes.io/name: goredirect
type: LoadBalancer
externalTrafficPolicy: Local
app: goredirect
ports:
- protocol: TCP
port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: goredirect
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
external-dns.alpha.kubernetes.io/hostname: k6.ee
# metallb.universe.tf/address-pool: elisa
spec:
rules:
- host: k6.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: goredirect
port:
number: 8080
tls:
- hosts:
- "k6.ee"

72
traefik/application-extras.yml
View File

@@ -1,26 +1,4 @@
---
apiVersion: v1
kind: Service
metadata:
name: traefik-metrics
namespace: traefik
spec:
selector:
app.kubernetes.io/instance: k6-traefik
app.kubernetes.io/name: traefik
ports:
- protocol: TCP
port: 9100
targetPort: 9100
---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCMiddlewareClient
metadata:
name: dashboard
spec:
displayName: Traefik dashboard
uri: 'https://traefik.k-space.ee'
---
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
@@ -48,6 +26,41 @@ spec:
revisionHistoryLimit: 1
---
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: k6store
spec:
defaultCertificate:
secretName: k6-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: k6-tls
namespace: traefik
spec:
dnsNames:
- 'k6.ee'
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: default
secretName: k6-tls
usages:
- digital signature
- key encipherment
revisionHistoryLimit: 1
---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCMiddlewareClient
metadata:
name: dashboard
spec:
displayName: Traefik dashboard
uri: 'https://traefik.k-space.ee'
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: dashboard-redirect
@@ -57,6 +70,21 @@ spec:
replacement: https://traefik.k-space.ee/dashboard/
permanent: false
---
apiVersion: v1
kind: Service
metadata:
name: traefik-metrics
namespace: traefik
spec:
selector:
app.kubernetes.io/instance: k6-traefik
app.kubernetes.io/name: traefik
ports:
- protocol: TCP
port: 9100
targetPort: 9100
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata: