diff --git a/hackerspace/goredirect.yaml b/hackerspace/goredirect.yaml index deaabb9..67b4543 100644 --- a/hackerspace/goredirect.yaml +++ b/hackerspace/goredirect.yaml @@ -7,24 +7,12 @@ spec: revisionHistoryLimit: 0 selector: matchLabels: - app.kubernetes.io/name: goredirect + app: goredirect template: metadata: labels: - app.kubernetes.io/name: goredirect + app: goredirect spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - goredirect - topologyKey: topology.kubernetes.io/zone - weight: 100 containers: - image: harbor.k-space.ee/k-space/goredirect:latest imagePullPolicy: Always @@ -43,7 +31,6 @@ spec: name: goredirect ports: - containerPort: 8080 - name: http protocol: TCP resources: limits: @@ -61,17 +48,37 @@ apiVersion: v1 kind: Service metadata: name: goredirect - annotations: - external-dns.alpha.kubernetes.io/hostname: k6.ee - metallb.universe.tf/address-pool: elisa spec: - ports: - - name: http - protocol: TCP - port: 80 - targetPort: 8080 - nodePort: 32120 + type: ClusterIP selector: - app.kubernetes.io/name: goredirect - type: LoadBalancer - externalTrafficPolicy: Local + app: goredirect + ports: + - protocol: TCP + port: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: goredirect + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + external-dns.alpha.kubernetes.io/target: traefik.k-space.ee + external-dns.alpha.kubernetes.io/hostname: k6.ee +# metallb.universe.tf/address-pool: elisa +spec: + rules: + - host: k6.ee + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: goredirect + port: + number: 8080 + tls: + - hosts: + - "k6.ee" diff --git a/traefik/application-extras.yml b/traefik/application-extras.yml index bcbfaef..7ed5442 100644 --- a/traefik/application-extras.yml +++ b/traefik/application-extras.yml @@ -1,26 +1,4 @@ --- -apiVersion: v1 -kind: Service -metadata: - name: traefik-metrics - namespace: traefik -spec: - selector: - app.kubernetes.io/instance: k6-traefik - app.kubernetes.io/name: traefik - ports: - - protocol: TCP - port: 9100 - targetPort: 9100 ---- -apiVersion: codemowers.cloud/v1beta1 -kind: OIDCMiddlewareClient -metadata: - name: dashboard -spec: - displayName: Traefik dashboard - uri: 'https://traefik.k-space.ee' ---- apiVersion: traefik.io/v1alpha1 kind: TLSStore metadata: @@ -48,6 +26,41 @@ spec: revisionHistoryLimit: 1 --- apiVersion: traefik.io/v1alpha1 +kind: TLSStore +metadata: + name: k6store +spec: + defaultCertificate: + secretName: k6-tls +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: k6-tls + namespace: traefik +spec: + dnsNames: + - 'k6.ee' + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: default + secretName: k6-tls + usages: + - digital signature + - key encipherment + revisionHistoryLimit: 1 +--- + +apiVersion: codemowers.cloud/v1beta1 +kind: OIDCMiddlewareClient +metadata: + name: dashboard +spec: + displayName: Traefik dashboard + uri: 'https://traefik.k-space.ee' +--- +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: dashboard-redirect @@ -57,6 +70,21 @@ spec: replacement: https://traefik.k-space.ee/dashboard/ permanent: false --- + +apiVersion: v1 +kind: Service +metadata: + name: traefik-metrics + namespace: traefik +spec: + selector: + app.kubernetes.io/instance: k6-traefik + app.kubernetes.io/name: traefik + ports: + - protocol: TCP + port: 9100 + targetPort: 9100 +--- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: