inventory: k6 tls

hackerspace/goredirect.yaml

@@ -7,24 +7,12 @@ spec:
   revisionHistoryLimit: 0
   selector:
     matchLabels:
-      app.kubernetes.io/name: goredirect
+      app: goredirect
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: goredirect
+        app: goredirect
     spec:
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - podAffinityTerm:
-                labelSelector:
-                  matchExpressions:
-                  - key: app.kubernetes.io/name
-                    operator: In
-                    values:
-                    - goredirect
-                topologyKey: topology.kubernetes.io/zone
-              weight: 100
       containers:
         - image: harbor.k-space.ee/k-space/goredirect:latest
           imagePullPolicy: Always 
@@ -43,7 +31,6 @@ spec:
           name: goredirect
           ports:
             - containerPort: 8080
-              name: http
               protocol: TCP
           resources:
             limits:
@@ -61,17 +48,37 @@ apiVersion: v1
 kind: Service
 metadata:
   name: goredirect
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: k6.ee  
-    metallb.universe.tf/address-pool: elisa
 spec:
-  ports:
+  type: ClusterIP
-    - name: http
-      protocol: TCP
-      port: 80
-      targetPort: 8080
-      nodePort: 32120
   selector:
-    app.kubernetes.io/name: goredirect
+    app:  goredirect
-  type: LoadBalancer
+  ports:
-  externalTrafficPolicy: Local
+    - protocol: TCP
+      port: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: goredirect
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
+    external-dns.alpha.kubernetes.io/hostname: k6.ee
+#     metallb.universe.tf/address-pool: elisa
+spec:
+  rules:
+    - host: k6.ee
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: goredirect
+                port:
+                  number: 8080
+  tls:
+    - hosts:
+        - "k6.ee"

traefik/application-extras.yml

@@ -1,26 +1,4 @@
 ---
-apiVersion: v1
-kind: Service
-metadata:
-  name: traefik-metrics
-  namespace: traefik
-spec:
-  selector:
-    app.kubernetes.io/instance: k6-traefik
-    app.kubernetes.io/name: traefik
-  ports:
-    - protocol: TCP
-      port: 9100
-      targetPort: 9100
----
-apiVersion: codemowers.cloud/v1beta1
-kind: OIDCMiddlewareClient
-metadata:
-  name: dashboard
-spec:
-  displayName: Traefik dashboard
-  uri: 'https://traefik.k-space.ee'
----
 apiVersion: traefik.io/v1alpha1
 kind: TLSStore
 metadata:
@@ -48,6 +26,41 @@ spec:
   revisionHistoryLimit: 1
 ---
 apiVersion: traefik.io/v1alpha1
+kind: TLSStore
+metadata:
+  name: k6store
+spec:
+  defaultCertificate:
+    secretName: k6-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: k6-tls
+  namespace: traefik
+spec:
+  dnsNames:
+    - 'k6.ee'
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: default
+  secretName: k6-tls
+  usages:
+    - digital signature
+    - key encipherment
+  revisionHistoryLimit: 1
+---
+
+apiVersion: codemowers.cloud/v1beta1
+kind: OIDCMiddlewareClient
+metadata:
+  name: dashboard
+spec:
+  displayName: Traefik dashboard
+  uri: 'https://traefik.k-space.ee'
+---
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: dashboard-redirect
@@ -57,6 +70,21 @@ spec:
     replacement: https://traefik.k-space.ee/dashboard/
     permanent: false
 ---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-metrics
+  namespace: traefik
+spec:
+  selector:
+    app.kubernetes.io/instance: k6-traefik
+    app.kubernetes.io/name: traefik
+  ports:
+    - protocol: TCP
+      port: 9100
+      targetPort: 9100
+---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata: