create traefik entrypoint on port 444
expose inbucket web GUI on port 444
This commit is contained in:
parent
40fc4013de
commit
f78631e3ae
2 changed files with 52 additions and 21 deletions
|
|
@ -26,6 +26,10 @@
|
||||||
kubenix.project = "home";
|
kubenix.project = "home";
|
||||||
|
|
||||||
kubernetes = {
|
kubernetes = {
|
||||||
|
# TODO: These were copied from https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
|
||||||
|
# See https://cert-manager.io/docs/installation/helm/
|
||||||
|
# Seems kubenix cannot import a list of resources, but only individual resources.
|
||||||
|
# Might be good to create PR for this.
|
||||||
imports = [
|
imports = [
|
||||||
./certificaterequest.yaml
|
./certificaterequest.yaml
|
||||||
./certificate.yaml
|
./certificate.yaml
|
||||||
|
|
@ -74,16 +78,31 @@
|
||||||
ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" ];
|
ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" ];
|
||||||
l2Advertisements.main.metadata = { };
|
l2Advertisements.main.metadata = { };
|
||||||
|
|
||||||
|
# NOTE: The name of each helmChartConfig must match the relevant chart name!
|
||||||
# Override Traefik's service with a static load balancer IP.
|
# Override Traefik's service with a static load balancer IP.
|
||||||
helmChartConfigs.traefik = {
|
helmChartConfigs = {
|
||||||
|
traefik = {
|
||||||
metadata.namespace = "kube-system";
|
metadata.namespace = "kube-system";
|
||||||
|
|
||||||
spec.valuesContent = ''
|
spec.valuesContent = ''
|
||||||
service:
|
service:
|
||||||
spec:
|
spec:
|
||||||
loadBalancerIP: "192.168.30.128"
|
loadBalancerIP: "192.168.30.128"
|
||||||
|
ports:
|
||||||
|
localsecure:
|
||||||
|
port: 8444
|
||||||
|
expose: true
|
||||||
|
exposedPort: 444
|
||||||
|
protocol: TCP
|
||||||
|
tls:
|
||||||
|
enabled: true
|
||||||
|
options: ""
|
||||||
|
certResolver: ""
|
||||||
|
domains: []
|
||||||
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
clusterIssuers.letsencrypt = {
|
clusterIssuers.letsencrypt = {
|
||||||
metadata.namespace = "kube-system";
|
metadata.namespace = "kube-system";
|
||||||
|
|
|
||||||
|
|
@ -53,22 +53,34 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# ingresses.inbucket.spec = {
|
ingresses.inbucket = {
|
||||||
# ingressClassName = "traefik";
|
metadata.annotations = {
|
||||||
|
"cert-manager.io/cluster-issuer" = "letsencrypt";
|
||||||
|
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
|
||||||
|
};
|
||||||
|
|
||||||
# rules = [{
|
spec = {
|
||||||
# host = "inbucket.kun.is";
|
ingressClassName = "traefik";
|
||||||
|
|
||||||
# http.paths = [{
|
rules = [{
|
||||||
# path = "/";
|
host = "inbucket.kun.is";
|
||||||
# pathType = "Prefix";
|
|
||||||
|
|
||||||
# backend.service = {
|
http.paths = [{
|
||||||
# name = "inbucket-web";
|
path = "/";
|
||||||
# port.number = 80;
|
pathType = "Prefix";
|
||||||
# };
|
|
||||||
# }];
|
backend.service = {
|
||||||
# }];
|
name = "inbucket-web";
|
||||||
# };
|
port.number = 80;
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
}];
|
||||||
|
|
||||||
|
tls = [{
|
||||||
|
secretName = "inbucket-tls";
|
||||||
|
hosts = [ "inbucket.kun.is" ];
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue