refactor(traefik): Deploy resources in kube-system namespace

README.md

@@ -71,6 +71,7 @@ Currently, the applications being deployed like this are:
 - `dnsmasq`
 - `bind9`
 - `media`
+- `traefik`
 
 ## Known bugs
 

flake-parts/kubenix.nix

@@ -44,7 +44,9 @@
             {
               imports = [
                 kubenix.modules.k8s
+                kubenix.modules.helm
                 "${self}/kubenix-modules/custom"
+                "${self}/kubenix-modules/custom-types.nix"
                 module
               ];
 
@@ -102,4 +104,6 @@
       "${self}/kubenix-modules/bind9" "bind9" "dns";
     kubenix.media = mkDeployScriptAndManifest
       "${self}/kubenix-modules/media.nix" "media" "media";
+    kubenix.traefik = mkDeployScriptAndManifest
+      "${self}/kubenix-modules/traefik.nix" "traefik" "kube-system";
   })

kubenix-modules/all.nix

@@ -4,12 +4,9 @@
     # ./minecraft.nix
     ./base.nix
     ./longhorn.nix
-    ./esrom.nix
-    ./ek2024.nix
     ./metallb.nix
     ./cert-manager.nix
     ./custom
-    ./traefik.nix
     ./volumes.nix
     ./custom-types.nix
   ];

kubenix-modules/base.nix

@@ -36,10 +36,10 @@
           includeCRDs = false;
         };
 
-        argo-workflows = {
+        # argo-workflows = {
-          chart = nixhelm.chartsDerivations.${system}.argoproj.argo-workflows;
+        #   chart = nixhelm.chartsDerivations.${system}.argoproj.argo-workflows;
-          includeCRDs = true;
+        #   includeCRDs = true;
-        };
+        # };
 
         longhorn = {
           chart = nixhelm.chartsDerivations.${system}.longhorn.longhorn;
@@ -76,6 +76,7 @@
           inbucket = { };
           dns = { };
           media = { };
+          traefik = { };
         };
 
         nodes =

kubenix-modules/ek2024.nix

@@ -1,22 +0,0 @@
-{
-  kubernetes.resources = {
-    services.ek2024.spec = {
-      type = "ExternalName";
-      externalName = "ek2024.dmz";
-
-      ports.web = {
-        port = 80;
-        targetPort = 80;
-      };
-    };
-  };
-
-  lab.ingresses.ek2024 = {
-    host = "ek2024.kun.is";
-
-    service = {
-      name = "ek2024";
-      portName = "web";
-    };
-  };
-}

kubenix-modules/esrom.nix

@@ -1,22 +0,0 @@
-{
-  kubernetes.resources = {
-    services.esrom.spec = {
-      type = "ExternalName";
-      externalName = "esrom.dmz";
-
-      ports.web = {
-        port = 80;
-        targetPort = 80;
-      };
-    };
-  };
-
-  lab.ingresses.esrom = {
-    host = "esrom.kun.is";
-
-    service = {
-      name = "esrom";
-      portName = "web";
-    };
-  };
-}

kubenix-modules/traefik.nix

@@ -1,34 +1,78 @@
 { lib, myLib, ... }: {
-  kubernetes.resources.helmChartConfigs = {
+  kubernetes.resources = {
-    traefik = {
+    helmChartConfigs = {
-      metadata.namespace = "kube-system";
+      traefik = {
+        metadata.namespace = lib.mkForce "kube-system";
 
-      # Override Traefik's service with a static load balancer IP.
+        # Override Traefik's service with a static load balancer IP.
-      # Create endpoint for HTTPS on port 444.
+        # Create endpoint for HTTPS on port 444.
-      # Allow external name services for esrom.
+        # Allow external name services for servers in LAN.
-      spec.valuesContent = lib.generators.toYAML { } {
+        spec.valuesContent = lib.generators.toYAML { } {
-        # service.annotations."metallb.universe.tf/loadBalancerIPs" = myLib.globals.traefikIPv4;
+          # service.annotations."metallb.universe.tf/loadBalancerIPs" = myLib.globals.traefikIPv4;
-        providers.kubernetesIngress.allowExternalNameServices = true;
+          providers.kubernetesIngress.allowExternalNameServices = true;
-        service.loadBalancerIP = myLib.globals.traefikIPv4;
+          service.loadBalancerIP = myLib.globals.traefikIPv4;
 
-        ports = {
+          ports = {
-          localsecure = {
+            localsecure = {
-            port = 8444;
+              port = 8444;
-            expose = true;
+              expose = true;
-            exposedPort = 444;
+              exposedPort = 444;
-            protocol = "TCP";
+              protocol = "TCP";
 
-            tls = {
+              tls = {
-              enabled = true;
+                enabled = true;
-              options = "";
+                options = "";
-              certResolver = "";
+                certResolver = "";
-              domains = [ ];
+                domains = [ ];
+              };
             };
-          };
 
-          web.redirectTo = "websecure";
+            web.redirectTo = "websecure";
+          };
+        };
+      };
+    };
+
+    services = {
+      ek2024.spec = {
+        type = "ExternalName";
+        externalName = "ek2024.dmz";
+
+        ports.web = {
+          port = 80;
+          targetPort = 80;
+        };
+      };
+
+      esrom.spec = {
+        type = "ExternalName";
+        externalName = "esrom.dmz";
+
+        ports.web = {
+          port = 80;
+          targetPort = 80;
         };
       };
     };
   };
+
+  lab.ingresses = {
+    ek2024 = {
+      host = "ek2024.kun.is";
+
+      service = {
+        name = "ek2024";
+        portName = "web";
+      };
+    };
+
+    esrom = {
+      host = "esrom.kun.is";
+
+      service = {
+        name = "esrom";
+        portName = "web";
+      };
+    };
+  };
 }