create traefik entrypoint on port 444

expose inbucket web GUI on port 444
2024-04-08 20:42:06 +02:00 · 2024-04-08 20:42:06 +02:00 · f78631e3ae
commit f78631e3ae
parent 40fc4013de
2 changed files with 52 additions and 21 deletions
--- a/nix/flake/kubenix/default.nix
+++ b/nix/flake/kubenix/default.nix
@ -26,6 +26,10 @@
          kubenix.project = "home";

          kubernetes = {
+            # TODO: These were copied from https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
+            # See https://cert-manager.io/docs/installation/helm/
+            # Seems kubenix cannot import a list of resources, but only individual resources.
+            # Might be good to create PR for this.
            imports = [
              ./certificaterequest.yaml
              ./certificate.yaml
@ -74,15 +78,30 @@
              ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" ];
              l2Advertisements.main.metadata = { };

+              # NOTE: The name of each helmChartConfig must match the relevant chart name!
              # Override Traefik's service with a static load balancer IP.
-              helmChartConfigs.traefik = {
-                metadata.namespace = "kube-system";
+              helmChartConfigs = {
+                traefik = {
+                  metadata.namespace = "kube-system";

-                spec.valuesContent = ''
-                  service:
-                    spec:
-                      loadBalancerIP: "192.168.30.128"
-                '';
+                  spec.valuesContent = ''
+                    service:
+                      spec:
+                        loadBalancerIP: "192.168.30.128"
+                    ports:
+                      localsecure:
+                        port: 8444
+                        expose: true
+                        exposedPort: 444
+                        protocol: TCP
+                        tls:
+                          enabled: true
+                          options: ""
+                          certResolver: ""
+                          domains: []
+
+                  '';
+                };
              };

              clusterIssuers.letsencrypt = {
--- a/nix/flake/kubenix/inbucket.nix
+++ b/nix/flake/kubenix/inbucket.nix
@ -53,22 +53,34 @@
      };
    };

-    # ingresses.inbucket.spec = {
-    #   ingressClassName = "traefik";
+    ingresses.inbucket = {
+      metadata.annotations = {
+        "cert-manager.io/cluster-issuer" = "letsencrypt";
+        "traefik.ingress.kubernetes.io/router.entrypoints" = "localsecure";
+      };

-    #   rules = [{
-    #     host = "inbucket.kun.is";
+      spec = {
+        ingressClassName = "traefik";

-    #     http.paths = [{
-    #       path = "/";
-    #       pathType = "Prefix";
+        rules = [{
+          host = "inbucket.kun.is";

-    #       backend.service = {
-    #         name = "inbucket-web";
-    #         port.number = 80;
-    #       };
-    #     }];
-    #   }];
-    # };
+          http.paths = [{
+            path = "/";
+            pathType = "Prefix";
+
+            backend.service = {
+              name = "inbucket-web";
+              port.number = 80;
+            };
+          }];
+        }];
+
+        tls = [{
+          secretName = "inbucket-tls";
+          hosts = [ "inbucket.kun.is" ];
+        }];
+      };
+    };
  };
 }