kubernetes-deployments/modules/traefik.nix
2024-10-28 16:05:06 +01:00

82 lines
1.9 KiB
Nix

{
lib,
globals,
config,
...
}: {
options.traefik.enable = lib.mkEnableOption "traefik";
config = lib.mkIf config.traefik.enable {
kubernetes.resources = {
helmChartConfigs = {
traefik = {
# Override Traefik's service with a static load balancer IP.
# Create endpoint for HTTPS on port 444.
# Allow external name services for servers in LAN.
spec.valuesContent = lib.generators.toYAML {} {
providers.kubernetesIngress.allowExternalNameServices = true;
service.loadBalancerIP = globals.traefikIPv4;
ports = {
localsecure = {
port = 8444;
expose = true;
exposedPort = 444;
protocol = "TCP";
tls = {
enabled = true;
options = "";
certResolver = "";
domains = [];
};
};
web.redirectTo.port = "websecure";
};
};
};
};
services = {
esrom.spec = {
type = "ExternalName";
externalName = "esrom.dmz";
ports.web = {
port = 80;
targetPort = 80;
};
};
traefik-dashboard.spec = {
selector = {
"app.kubernetes.io/name" = "traefik";
"app.kubernetes.io/instance" = "traefik-kube-system";
};
ports.web = {
port = 80;
targetPort = "traefik";
};
};
};
};
lab = {
ingresses.esrom = {
host = "esrom.kun.is";
service = {
name = "esrom";
portName = "web";
};
};
tailscaleIngresses.traefik-dashboard = {
host = "traefik";
service.name = "traefik-dashboard";
};
};
};
}