all repos — infra @ 5e7860d3792e9067c6be9cec5fa60a1fe89bbfcf

infrastructure manifests and setup notes

all: switch to ingress-nginx
Anirudh Oppiliappan x@icyphox.sh
Fri, 12 Jul 2024 17:35:36 +0300
commit

5e7860d3792e9067c6be9cec5fa60a1fe89bbfcf

parent

c7665ddf891eb6c53ad28085d8287c51c99fd83c

D apps/fsrv/fsrv.yaml

@@ -1,79 +0,0 @@

-apiVersion: apps/v1 -kind: Deployment -metadata: - name: fsrv - labels: - app: fsrv -spec: - selector: - matchLabels: - app: fsrv - template: - metadata: - labels: - app: fsrv - spec: - nodeSelector: - kubernetes.io/hostname: sini - containers: - - name: fsrv - image: sini:5000/fsrv:latest - imagePullPolicy: Always - env: - - name: FSRV_KEY - valueFrom: - secretKeyRef: - name: fsrv-key - key: key - volumeMounts: - - name: uploads - mountPath: /uploads - readOnly: false - ports: - - name: http - containerPort: 9393 - args: - - -url - - https://x.icyphox.sh - - -key - - $FSRV_KEY - - -index - - /index.html - - -storepath - - /uploads - volumes: - - name: uploads - hostPath: - path: /var/lib/uploads ---- -apiVersion: v1 -kind: Service -metadata: - name: fsrv -spec: - selector: - app: fsrv - ports: - - name: fsrv-http - port: 9393 - targetPort: 9393 ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: x.icyphox.sh - namespace: default -spec: - ingressClassName: caddy - rules: - - host: x.icyphox.sh - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: garage - port: - number: 80 -
M apps/honk/honk.yamlapps/honk/honk.yaml

@@ -65,8 +65,14 @@ kind: Ingress

metadata: name: h.icyphox.sh namespace: default + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: caddy + ingressClassName: nginx + tls: + - hosts: + - h.icyphox.sh + secretName: h-icyphox-sh-tls rules: - host: h.icyphox.sh http:
M apps/imaginary/imaginary.yamlapps/imaginary/imaginary.yaml

@@ -50,8 +50,14 @@ kind: Ingress

metadata: name: x.icyphox.sh namespace: default + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: caddy + ingressClassName: nginx + tls: + - hosts: + - x.icyphox.sh + secretName: x-icyphox-sh-tls rules: - host: x.icyphox.sh http:
M apps/legit/legit.yamlapps/legit/legit.yaml

@@ -53,8 +53,14 @@ kind: Ingress

metadata: name: git.icyphox.sh namespace: default + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: caddy + ingressClassName: nginx + tls: + - hosts: + - git.icyphox.sh + secretName: git-icyphox-sh-tls rules: - host: git.icyphox.sh http:
M apps/pixelfed/pixelfed.yamlapps/pixelfed/pixelfed.yaml

@@ -11,8 +11,14 @@ kind: Ingress

metadata: name: ani.place namespace: default + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: - ingressClassName: caddy + ingressClassName: nginx + tls: + - hosts: + - ani.place + secretName: ani-place-tls rules: - host: ani.place http:
M apps/site/site.yamlapps/site/site.yaml

@@ -4,9 +4,18 @@ metadata:

name: icyphox.sh namespace: default annotations: - caddy.ingress.kubernetes.io/permanent-redirect: "https://anirudh.fi" + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/server-snippet: | + location = /.well-known/webfinger { + return 301 https://h.icyphox.sh$request_uri; + } + nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: - ingressClassName: caddy + ingressClassName: nginx + tls: + - hosts: + - icyphox.sh + secretName: icyphox-sh-tls rules: - host: icyphox.sh http:

@@ -25,7 +34,11 @@ metadata:

name: anirudh.fi namespace: default spec: - ingressClassName: caddy + ingressClassName: nginx + tls: + - hosts: + - anirudh.fi + secretName: anirudh-fi-tls rules: - host: anirudh.fi http:
A cert-manager/le-issuers.yaml

@@ -0,0 +1,29 @@

+apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: anirudh@oppiliappan.com + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - http01: + ingress: + ingressClassName: nginx +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: anirudh@oppiliappan.com + privateKeySecretRef: + name: letsencrypt-prod + solvers: + - http01: + ingress: + ingressClassName: nginx
D charts/caddy-ingress.yaml

@@ -1,15 +0,0 @@

-apiVersion: helm.cattle.io/v1 -kind: HelmChart -metadata: - name: caddy-ingress - namespace: caddy-system -spec: - repo: https://caddyserver.github.io/ingress/ - chart: caddy-ingress-controller - targetNamespace: caddy-system - valuesContent: |- - fullnameOverrride: caddy-ingress - ingressController: - config: - email: anirudh@oppiliappan.com - replicaCount: 1
A charts/ingress-nginx.yaml

@@ -0,0 +1,13 @@

+apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: koti + namespace: ingress-nginx +spec: + repo: https://kubernetes.github.io/ingress-nginx + chart: ingress-nginx + targetNamespace: ingress-nginx + valuesContent: |- + controller: + allowSnippetAnnotations: true +
M metallb/metallb.yamlmetallb/metallb.yaml

@@ -6,7 +6,6 @@ namespace: metallb-system

spec: addresses: - 100.122.122.12/32 - - 100.122.122.13/32 --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement
M readmereadme

@@ -21,7 +21,7 @@ • tailscale: mesh network

• metallb: bare metal LoadBalancer provider • coredns: DNS server • longhorn: distributed block storage -• caddy: ingress controller +• nginx: ingress controller • prometheus/grafana: stats and visualisation