{ lib, myLib, ... }: { kubernetes.resources = { helmChartConfigs = { traefik = { metadata.namespace = lib.mkForce "kube-system"; # Override Traefik's service with a static load balancer IP. # Create endpoint for HTTPS on port 444. # Allow external name services for servers in LAN. spec.valuesContent = lib.generators.toYAML { } { # service.annotations."metallb.universe.tf/loadBalancerIPs" = myLib.globals.traefikIPv4; providers.kubernetesIngress.allowExternalNameServices = true; service.loadBalancerIP = myLib.globals.traefikIPv4; ports = { localsecure = { port = 8444; expose = true; exposedPort = 444; protocol = "TCP"; tls = { enabled = true; options = ""; certResolver = ""; domains = [ ]; }; }; web.redirectTo = "websecure"; }; }; }; }; services = { ek2024.spec = { type = "ExternalName"; externalName = "ek2024.dmz"; ports.web = { port = 80; targetPort = 80; }; }; esrom.spec = { type = "ExternalName"; externalName = "esrom.dmz"; ports.web = { port = 80; targetPort = 80; }; }; }; }; lab.ingresses = { ek2024 = { host = "ek2024.kun.is"; service = { name = "ek2024"; portName = "web"; }; }; esrom = { host = "esrom.kun.is"; service = { name = "esrom"; portName = "web"; }; }; }; }