create traefik entrypoint on port 444

expose inbucket web GUI on port 444
This commit is contained in:
Pim Kunis 2024-04-08 20:42:06 +02:00
parent 40fc4013de
commit f78631e3ae
2 changed files with 52 additions and 21 deletions

View file

@ -26,6 +26,10 @@
kubenix.project = "home"; kubenix.project = "home";
kubernetes = { kubernetes = {
# TODO: These were copied from https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
# See https://cert-manager.io/docs/installation/helm/
# Seems kubenix cannot import a list of resources, but only individual resources.
# Might be good to create PR for this.
imports = [ imports = [
./certificaterequest.yaml ./certificaterequest.yaml
./certificate.yaml ./certificate.yaml
@ -74,16 +78,31 @@
ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" ]; ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" ];
l2Advertisements.main.metadata = { }; l2Advertisements.main.metadata = { };
# NOTE: The name of each helmChartConfig must match the relevant chart name!
# Override Traefik's service with a static load balancer IP. # Override Traefik's service with a static load balancer IP.
helmChartConfigs.traefik = { helmChartConfigs = {
traefik = {
metadata.namespace = "kube-system"; metadata.namespace = "kube-system";
spec.valuesContent = '' spec.valuesContent = ''
service: service:
spec: spec:
loadBalancerIP: "192.168.30.128" loadBalancerIP: "192.168.30.128"
ports:
localsecure:
port: 8444
expose: true
exposedPort: 444
protocol: TCP
tls:
enabled: true
options: ""
certResolver: ""
domains: []
''; '';
}; };
};
clusterIssuers.letsencrypt = { clusterIssuers.letsencrypt = {
metadata.namespace = "kube-system"; metadata.namespace = "kube-system";

View file

@ -53,22 +53,34 @@
}; };
}; };
# ingresses.inbucket.spec = { ingresses.inbucket = {
# ingressClassName = "traefik"; metadata.annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt";
"traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
};
# rules = [{ spec = {
# host = "inbucket.kun.is"; ingressClassName = "traefik";
# http.paths = [{ rules = [{
# path = "/"; host = "inbucket.kun.is";
# pathType = "Prefix";
# backend.service = { http.paths = [{
# name = "inbucket-web"; path = "/";
# port.number = 80; pathType = "Prefix";
# };
# }]; backend.service = {
# }]; name = "inbucket-web";
# }; port.number = 80;
};
}];
}];
tls = [{
secretName = "inbucket-tls";
hosts = [ "inbucket.kun.is" ];
}];
};
};
}; };
} }