Update traefik internal services template

2024-08-02 16:09:09 -07:00 · 2024-08-02 16:09:09 -07:00 · 41a2f09959
commit 41a2f09959
parent ff18cdf1cf
12 changed files with 49 additions and 19 deletions
--- a/k8s/matrix/config-janky.bot/homeserver.yaml
+++ b/k8s/matrix/config-janky.bot/homeserver.yaml
@ -27,4 +27,4 @@ signing_key_path: "/secrets/janky.bot.signing.key"
 trusted_key_servers:
  - server_name: "matrix.org"
 public_baseurl: https://matrix.janky.bot
-ip_range_whitelist: [10.5.1.245]
+ip_range_whitelist: [10.5.1.245,10.5.1.1]
--- a/k8s/matrix/kustomization.yaml
+++ b/k8s/matrix/kustomization.yaml
@ -7,6 +7,7 @@ resources:
 - bridge-signal.yaml
 - bridge-telegram.yaml
 - janky.bot-homeserver.yaml
+ - janky.solutions-homeserver.yaml
 - secrets.yaml
 - secrets-init.yaml
 configMapGenerator:
@ -18,3 +19,12 @@ configMapGenerator:
    files:
      - config-janky.bot/homeserver.yaml
      - config-janky.bot/log.yaml
+  - name: synapse-janky-solutions
+    files:
+      - config-janky.solutions/homeserver.yaml
+      - config-janky.solutions/log.yaml
+  - name: appservices-janky-solutions
+    files:
+      - appservices-janky.solutions/facebook.yaml
+      - appservices-janky.solutions/telegram.yaml
+      - appservices-janky.solutions/signal.yaml
--- a/k8s/monica/kustomization.yaml
+++ b/k8s/monica/kustomization.yaml
@ -4,5 +4,5 @@ namespace: monica
 resources:
 - namespace.yaml
 - monica.yaml
- - mysql.yaml
+ - database.yaml
 - secrets.yaml
--- a/k8s/monica/monica.yaml
+++ b/k8s/monica/monica.yaml
@ -64,6 +64,7 @@ spec:
  - metadata:
      name: storage
    spec:
+      storageClassName: longhorn
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
--- a/k8s/monica/mysql.yaml
+++ b/k8s/monica/mysql.yaml
@ -27,7 +27,7 @@ spec:
        app: mysql
    spec:
      containers:
-      - image: docker.io/library/mysql:5.7
+      - image: docker.io/library/mysql:8
        name: mysql
        resources: {}
        ports:
@ -50,6 +50,7 @@ spec:
  - metadata:
      name: storage
    spec:
+      storageClassName: longhorn
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
--- a/k8s/monitoring/ingresses.yaml
+++ b/k8s/monitoring/ingresses.yaml
@ -19,6 +19,8 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: prometheus-internal
+  annotations:
+    janky.solutions/auth-glue: prometheus
 spec:
  rules:
    - host: prometheus.monitoring.k8s
--- a/k8s/system/kustomization.yaml
+++ b/k8s/system/kustomization.yaml
@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - traefik-default-cert.yaml
+  - traefik-dashboard.yaml
 configMapGenerator:
  - name: traefik-additional-configs
    namespace: kube-system
--- a/k8s/system/traefik-dashboard.yaml
+++ b/k8s/system/traefik-dashboard.yaml
@ -0,0 +1,12 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: traefik-dashboard
+  namespace: kube-system
+spec:
+  routes:
+  - match: Host(`traefik.kube-system.k8s`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
+    kind: Rule
+    services:
+    - name: api@internal
+      kind: TraefikService
--- a/k8s/system/traefik/external-services.yaml
+++ b/k8s/system/traefik/external-services.yaml
@ -1,21 +1,25 @@
+{{
+  $services := list
+    (list "minio-console" "minio-console.home.finn.io" "http://minio:9001")
+    (list "minio" "storage.home.finn.io" "http://minio:9000")
+    (list "jellyfin" "jellyfin.janky.solutions" "http://jellyfin:8096")
+    (list "dns" "dns.janky.solutions" "http://dns:9191")
+    (list "dns443" "dns.janky.solutions:443" "http://dns:9191")
+    (list "matrix" "matrix.janky.solutions" "http://matrix:8008")
+}}
 http:
  routers:
-    minio:
+    {{range $_, $service := $services}}
+    {{index $service 0}}:
      entryPoints:
        - websecure
-      rule: "Host(`storage.home.finn.io`)"
-      service: minio
-    minio-console:
-      entryPoints:
-        - websecure
-      rule: "Host(`minio-console.home.finn.io`)"
-      service: minio-console
+      rule: "Host(`{{ index $service 1 }}`)"
+      service: {{ index $service 0 }}
+    {{end}}
  services:
-    minio:
+    {{range $_, $service := $services}}
+    {{index $service 0}}:
      loadBalancer:
        servers:
-        - url: "http://minio:9000/"
-    minio-console:
-      loadBalancer:
-        servers:
-        - url: "http://minio:9001/"
+          - url: "{{index $service 2}}"
+    {{end}}
--- a/playbook-home-k8s-usb.yaml
+++ b/playbook-home-k8s-usb.yaml
@ -3,6 +3,5 @@
    ansible_user: root
  roles:
    - base
-    - monitoring
    - k8s-node
    - k8s-usb-node
--- a/playbook-home-k8s.yaml
+++ b/playbook-home-k8s.yaml
@ -3,5 +3,4 @@
    ansible_user: root
  roles:
    - base
-    - monitoring
    - k8s-node
--- a/roles/k8s-node/templates/traefik-config.yaml
+++ b/roles/k8s-node/templates/traefik-config.yaml
@ -22,6 +22,7 @@ spec:
    additionalArguments:
      - --providers.file.directory=/file-configs
      - --providers.file.watch=true
+      - --providers.file.debugLogGeneratedTemplate=true
    volumes:
      - name: traefik-additional-configs
        mountPath: /file-configs