From f516ee38aedc76368a589f2745d14474b70c7bbe Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Sat, 16 Oct 2021 09:46:06 +0100 Subject: [PATCH] Switched to nginx Signed-off-by: Marcus Noble --- .../11-year-anniversary.yaml | 4 +- .../_apps/{traefik-lb.yaml => nginx-lb.yaml} | 4 +- manifests/_apps/wallabag.yaml | 4 +- manifests/argocd/argocd.yaml | 5 +- manifests/base64/base64.yaml | 5 +- manifests/blog/blog.yaml | 15 +-- .../certmanager_chart/certmanager_chart.yaml | 2 +- manifests/code-server/code-server.yaml | 5 +- manifests/cors-proxy/cors-proxy.yaml | 10 +- manifests/cv/cv.yaml | 5 +- manifests/dashboard/dashboard.yaml | 5 +- manifests/downloads/downloads.yaml | 5 +- manifests/feed-fetcher/feed-fetcher.yaml | 5 +- manifests/gitea/gitea.yaml | 5 +- manifests/goplayground/goplayground.yaml | 5 +- manifests/harbor_chart/harbor_chart.yaml | 8 +- manifests/inlets/inlets.yaml | 21 +-- manifests/jackett/jackett.yaml | 5 +- manifests/matrix_chart/matrix_chart.yaml | 10 +- manifests/monitoring/inges.yaml | 15 +-- .../nextcloud_chart/nextcloud_chart.yaml | 4 +- manifests/nginx-lb/nginx-lb.yaml | 125 ++++++++++++++++++ manifests/nodered/nodered.yaml | 4 +- manifests/opengraph/opengraph.yaml | 5 +- manifests/outline/outline.yaml | 5 +- manifests/paradoxfox/paradoxfox.yaml | 8 +- manifests/printer/printer.yaml | 4 +- manifests/qr/qr.yaml | 5 +- manifests/radarr/radarr.yaml | 5 +- manifests/rss/rss.yaml | 5 +- manifests/sonarr/sonarr.yaml | 5 +- manifests/svg-to-dxf/svg-to-dxf.yaml | 4 +- manifests/talks/talks.yaml | 5 +- manifests/text-to-dxf/text-to-dxf.yaml | 4 +- manifests/til/til.yaml | 5 +- manifests/traefik-lb/traefik-lb.yaml | 75 ----------- manifests/transmission/transmission.yaml | 5 +- manifests/tweetsvg/tweetsvg.yaml | 4 +- .../twitter-profile-pic.yaml | 15 +-- tekton/1-Install/5-dashboard-ingress.yaml | 4 +- terraform/kubernetes-cluster.tf | 2 +- 41 files changed, 211 insertions(+), 230 deletions(-) rename manifests/_apps/{traefik-lb.yaml => nginx-lb.yaml} (90%) create mode 100644 manifests/nginx-lb/nginx-lb.yaml delete mode 100644 manifests/traefik-lb/traefik-lb.yaml diff --git a/manifests/11-year-anniversary/11-year-anniversary.yaml b/manifests/11-year-anniversary/11-year-anniversary.yaml index 3b8ce29..f6155ee 100644 --- a/manifests/11-year-anniversary/11-year-anniversary.yaml +++ b/manifests/11-year-anniversary/11-year-anniversary.yaml @@ -62,9 +62,7 @@ metadata: namespace: anniversary annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: diff --git a/manifests/_apps/traefik-lb.yaml b/manifests/_apps/nginx-lb.yaml similarity index 90% rename from manifests/_apps/traefik-lb.yaml rename to manifests/_apps/nginx-lb.yaml index 909af4f..01b422a 100644 --- a/manifests/_apps/traefik-lb.yaml +++ b/manifests/_apps/nginx-lb.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: traefik-lb + name: nginx-lb namespace: argocd finalizers: - resources-finalizer.argocd.argoproj.io @@ -11,7 +11,7 @@ spec: namespace: kube-system name: cluster-fun (scaleway) source: - path: manifests/traefik-lb + path: manifests/nginx-lb repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" targetRevision: HEAD syncPolicy: diff --git a/manifests/_apps/wallabag.yaml b/manifests/_apps/wallabag.yaml index d81c476..6a97b4f 100644 --- a/manifests/_apps/wallabag.yaml +++ b/manifests/_apps/wallabag.yaml @@ -64,9 +64,7 @@ spec: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" tls: - hosts: - wallabag.cluster.fun diff --git a/manifests/argocd/argocd.yaml b/manifests/argocd/argocd.yaml index 24944e4..41cd18e 100644 --- a/manifests/argocd/argocd.yaml +++ b/manifests/argocd/argocd.yaml @@ -7,10 +7,9 @@ metadata: app: argo annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - argo.cluster.fun diff --git a/manifests/base64/base64.yaml b/manifests/base64/base64.yaml index dc38f30..9e37e4a 100644 --- a/manifests/base64/base64.yaml +++ b/manifests/base64/base64.yaml @@ -49,10 +49,9 @@ metadata: namespace: base64 annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - base64.cluster.fun diff --git a/manifests/blog/blog.yaml b/manifests/blog/blog.yaml index 3215eb0..b34fcf3 100644 --- a/manifests/blog/blog.yaml +++ b/manifests/blog/blog.yaml @@ -57,10 +57,9 @@ metadata: namespace: blog annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - marcusnoble.co.uk @@ -85,10 +84,9 @@ metadata: namespace: blog annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - www.marcusnoble.co.uk @@ -113,10 +111,9 @@ metadata: namespace: blog annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - blog.marcusnoble.co.uk diff --git a/manifests/certmanager_chart/certmanager_chart.yaml b/manifests/certmanager_chart/certmanager_chart.yaml index a69d920..67f434b 100644 --- a/manifests/certmanager_chart/certmanager_chart.yaml +++ b/manifests/certmanager_chart/certmanager_chart.yaml @@ -41,4 +41,4 @@ spec: solvers: - http01: ingress: - class: traefik + class: nginx diff --git a/manifests/code-server/code-server.yaml b/manifests/code-server/code-server.yaml index 288640c..4b98114 100644 --- a/manifests/code-server/code-server.yaml +++ b/manifests/code-server/code-server.yaml @@ -5,10 +5,9 @@ metadata: namespace: inlets annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - code.cluster.fun diff --git a/manifests/cors-proxy/cors-proxy.yaml b/manifests/cors-proxy/cors-proxy.yaml index 1a59d0f..3cf67c7 100644 --- a/manifests/cors-proxy/cors-proxy.yaml +++ b/manifests/cors-proxy/cors-proxy.yaml @@ -42,10 +42,9 @@ metadata: namespace: cors-proxy annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - cors-proxy.cluster.fun @@ -70,10 +69,9 @@ metadata: namespace: cors-proxy annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - cors-proxy.marcusnoble.co.uk diff --git a/manifests/cv/cv.yaml b/manifests/cv/cv.yaml index 871879b..d8145ee 100644 --- a/manifests/cv/cv.yaml +++ b/manifests/cv/cv.yaml @@ -62,10 +62,9 @@ metadata: namespace: cv annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - cv.marcusnoble.co.uk diff --git a/manifests/dashboard/dashboard.yaml b/manifests/dashboard/dashboard.yaml index d236433..95a770c 100644 --- a/manifests/dashboard/dashboard.yaml +++ b/manifests/dashboard/dashboard.yaml @@ -111,10 +111,9 @@ metadata: namespace: dashboard annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - dash.cluster.fun diff --git a/manifests/downloads/downloads.yaml b/manifests/downloads/downloads.yaml index f430d7a..c3b88fc 100644 --- a/manifests/downloads/downloads.yaml +++ b/manifests/downloads/downloads.yaml @@ -7,10 +7,9 @@ metadata: app: downloads-auth annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - downloads.cluster.fun diff --git a/manifests/feed-fetcher/feed-fetcher.yaml b/manifests/feed-fetcher/feed-fetcher.yaml index 2af836f..1255f81 100644 --- a/manifests/feed-fetcher/feed-fetcher.yaml +++ b/manifests/feed-fetcher/feed-fetcher.yaml @@ -42,10 +42,9 @@ metadata: namespace: feed-fetcher annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - feed-fetcher.cluster.fun diff --git a/manifests/gitea/gitea.yaml b/manifests/gitea/gitea.yaml index 1f10dee..51c0cc0 100644 --- a/manifests/gitea/gitea.yaml +++ b/manifests/gitea/gitea.yaml @@ -96,10 +96,9 @@ metadata: namespace: gitea annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - git.cluster.fun diff --git a/manifests/goplayground/goplayground.yaml b/manifests/goplayground/goplayground.yaml index 694caee..296b144 100644 --- a/manifests/goplayground/goplayground.yaml +++ b/manifests/goplayground/goplayground.yaml @@ -47,10 +47,9 @@ metadata: namespace: goplayground annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - go.cluster.fun diff --git a/manifests/harbor_chart/harbor_chart.yaml b/manifests/harbor_chart/harbor_chart.yaml index 203b021..a2d9d1f 100644 --- a/manifests/harbor_chart/harbor_chart.yaml +++ b/manifests/harbor_chart/harbor_chart.yaml @@ -49,12 +49,8 @@ spec: core: docker.cluster.fun annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" - traefik.ingress.kubernetes.io/buffering: | - maxrequestbodybytes: "0" - maxresponsebodybytes: "0" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 0 portal: replicas: 2 priorityClassName: system-cluster-critical diff --git a/manifests/inlets/inlets.yaml b/manifests/inlets/inlets.yaml index 931fc40..93551a2 100644 --- a/manifests/inlets/inlets.yaml +++ b/manifests/inlets/inlets.yaml @@ -70,7 +70,6 @@ metadata: namespace: inlets annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https spec: tls: - hosts: @@ -95,9 +94,7 @@ metadata: namespace: inlets annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: @@ -138,9 +135,7 @@ metadata: namespace: inlets annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: @@ -165,9 +160,7 @@ metadata: namespace: inlets annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: @@ -193,9 +186,7 @@ metadata: namespace: inlets annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: @@ -221,9 +212,7 @@ metadata: namespace: inlets annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: diff --git a/manifests/jackett/jackett.yaml b/manifests/jackett/jackett.yaml index 69b44a6..b59d2f5 100644 --- a/manifests/jackett/jackett.yaml +++ b/manifests/jackett/jackett.yaml @@ -7,10 +7,9 @@ metadata: app: jackett-auth annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - jackett.cluster.fun diff --git a/manifests/matrix_chart/matrix_chart.yaml b/manifests/matrix_chart/matrix_chart.yaml index ba22ed7..bb7680a 100644 --- a/manifests/matrix_chart/matrix_chart.yaml +++ b/manifests/matrix_chart/matrix_chart.yaml @@ -144,10 +144,9 @@ metadata: namespace: chat annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - matrix.cluster.fun @@ -180,10 +179,9 @@ metadata: namespace: chat annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - chat.cluster.fun diff --git a/manifests/monitoring/inges.yaml b/manifests/monitoring/inges.yaml index 2860f07..19833e0 100644 --- a/manifests/monitoring/inges.yaml +++ b/manifests/monitoring/inges.yaml @@ -7,10 +7,9 @@ metadata: app: grafana annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - grafana.cluster.fun @@ -36,10 +35,9 @@ metadata: app: prometheus annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - prometheus.cluster.fun @@ -75,12 +73,11 @@ metadata: app: prometheus-cloud annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" ingress.kubernetes.io/auth-type: basic ingress.kubernetes.io/auth-secret: prometheus-credentials spec: + ingressClassName: nginx tls: - hosts: - prometheus-cloud.cluster.fun diff --git a/manifests/nextcloud_chart/nextcloud_chart.yaml b/manifests/nextcloud_chart/nextcloud_chart.yaml index 1d50937..6b37fec 100644 --- a/manifests/nextcloud_chart/nextcloud_chart.yaml +++ b/manifests/nextcloud_chart/nextcloud_chart.yaml @@ -36,9 +36,7 @@ spec: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" tls: - hosts: - nextcloud.cluster.fun diff --git a/manifests/nginx-lb/nginx-lb.yaml b/manifests/nginx-lb/nginx-lb.yaml new file mode 100644 index 0000000..22b3920 --- /dev/null +++ b/manifests/nginx-lb/nginx-lb.yaml @@ -0,0 +1,125 @@ +kind: Service +apiVersion: v1 +metadata: + name: nginx-ingress-service + namespace: kube-system +spec: + selector: + app.kubernetes.io/name: ingress-nginx + ports: + - protocol: TCP + port: 80 + name: http + - protocol: TCP + port: 443 + name: https + type: LoadBalancer + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + meta.helm.sh/release-name: kapsule-ingress + meta.helm.sh/release-namespace: kube-system + labels: + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + k8s.scw.cloud/ingress: nginx + k8s.scw.cloud/object: ConfigMap + k8s.scw.cloud/system: ingress + name: ingress-nginx-configuration + namespace: kube-system +data: + log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forward_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }' + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + annotations: + deprecated.daemonset.template.generation: "2" + meta.helm.sh/release-name: kapsule-ingress + meta.helm.sh/release-namespace: kube-system + labels: + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + k8s.scw.cloud/ingress: nginx + k8s.scw.cloud/object: DaemonSet + k8s.scw.cloud/system: ingress + name: nginx-ingress + namespace: kube-system +spec: + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + spec: + containers: + - args: + - /nginx-ingress-controller + - --election-id=ingress-controller-leader-nginx + - --controller-class=k8s.io/ingress-nginx + - --configmap=$(POD_NAMESPACE)/ingress-nginx-configuration + - --tcp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-tcp-services + - --udp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-udp-services + - --annotations-prefix=nginx.ingress.kubernetes.io + - --watch-ingress-without-class + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: k8s.gcr.io/ingress-nginx/controller:v1.0.0-beta.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + name: nginx-ingress-controller + ports: + - containerPort: 80 + hostPort: 80 + name: http + protocol: TCP + - containerPort: 443 + hostPort: 443 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 diff --git a/manifests/nodered/nodered.yaml b/manifests/nodered/nodered.yaml index bc4bad3..078cfe0 100644 --- a/manifests/nodered/nodered.yaml +++ b/manifests/nodered/nodered.yaml @@ -91,9 +91,7 @@ metadata: namespace: node-red annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: diff --git a/manifests/opengraph/opengraph.yaml b/manifests/opengraph/opengraph.yaml index 5887ee6..bdebba4 100644 --- a/manifests/opengraph/opengraph.yaml +++ b/manifests/opengraph/opengraph.yaml @@ -47,10 +47,9 @@ metadata: namespace: opengraph annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - opengraph.cluster.fun diff --git a/manifests/outline/outline.yaml b/manifests/outline/outline.yaml index 9f7465b..7551f5b 100644 --- a/manifests/outline/outline.yaml +++ b/manifests/outline/outline.yaml @@ -108,10 +108,9 @@ metadata: namespace: outline annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - outline.cluster.fun diff --git a/manifests/paradoxfox/paradoxfox.yaml b/manifests/paradoxfox/paradoxfox.yaml index 30220c4..c15b458 100644 --- a/manifests/paradoxfox/paradoxfox.yaml +++ b/manifests/paradoxfox/paradoxfox.yaml @@ -80,9 +80,7 @@ metadata: namespace: paradoxfox annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: @@ -108,9 +106,7 @@ metadata: namespace: paradoxfox annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: diff --git a/manifests/printer/printer.yaml b/manifests/printer/printer.yaml index eb9a2e3..bf22c16 100644 --- a/manifests/printer/printer.yaml +++ b/manifests/printer/printer.yaml @@ -7,9 +7,7 @@ metadata: app: printer-auth annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: diff --git a/manifests/qr/qr.yaml b/manifests/qr/qr.yaml index 4823591..366bdff 100644 --- a/manifests/qr/qr.yaml +++ b/manifests/qr/qr.yaml @@ -47,10 +47,9 @@ metadata: namespace: qr annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - qr.cluster.fun diff --git a/manifests/radarr/radarr.yaml b/manifests/radarr/radarr.yaml index 4c309be..1862c47 100644 --- a/manifests/radarr/radarr.yaml +++ b/manifests/radarr/radarr.yaml @@ -7,10 +7,9 @@ metadata: app: radarr annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - radarr.cluster.fun diff --git a/manifests/rss/rss.yaml b/manifests/rss/rss.yaml index e9445e2..6e04bde 100644 --- a/manifests/rss/rss.yaml +++ b/manifests/rss/rss.yaml @@ -131,10 +131,9 @@ metadata: namespace: rss annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - rss.cluster.fun diff --git a/manifests/sonarr/sonarr.yaml b/manifests/sonarr/sonarr.yaml index 1e06b07..56b1217 100644 --- a/manifests/sonarr/sonarr.yaml +++ b/manifests/sonarr/sonarr.yaml @@ -7,10 +7,9 @@ metadata: app: sonarr annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - sonarr.cluster.fun diff --git a/manifests/svg-to-dxf/svg-to-dxf.yaml b/manifests/svg-to-dxf/svg-to-dxf.yaml index 1d9e897..7ba1868 100644 --- a/manifests/svg-to-dxf/svg-to-dxf.yaml +++ b/manifests/svg-to-dxf/svg-to-dxf.yaml @@ -45,9 +45,7 @@ metadata: namespace: svg-to-dxf annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: diff --git a/manifests/talks/talks.yaml b/manifests/talks/talks.yaml index 35c2da8..5eb1569 100644 --- a/manifests/talks/talks.yaml +++ b/manifests/talks/talks.yaml @@ -47,10 +47,9 @@ metadata: namespace: talks annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - talks.marcusnoble.co.uk diff --git a/manifests/text-to-dxf/text-to-dxf.yaml b/manifests/text-to-dxf/text-to-dxf.yaml index c8244a1..4c9ebc7 100644 --- a/manifests/text-to-dxf/text-to-dxf.yaml +++ b/manifests/text-to-dxf/text-to-dxf.yaml @@ -45,9 +45,7 @@ metadata: namespace: text-to-dxf annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: diff --git a/manifests/til/til.yaml b/manifests/til/til.yaml index e8ece49..1fc3aae 100644 --- a/manifests/til/til.yaml +++ b/manifests/til/til.yaml @@ -47,10 +47,9 @@ metadata: namespace: til annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - til.marcusnoble.co.uk diff --git a/manifests/traefik-lb/traefik-lb.yaml b/manifests/traefik-lb/traefik-lb.yaml deleted file mode 100644 index b446c0a..0000000 --- a/manifests/traefik-lb/traefik-lb.yaml +++ /dev/null @@ -1,75 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: traefik-ingress-service - namespace: kube-system -spec: - selector: - k8s-app: traefik-ingress-lb - ports: - - protocol: TCP - port: 80 - name: http - - protocol: TCP - port: 443 - name: https - type: LoadBalancer - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - k8s-app: traefik-ingress-lb - k8s.scw.cloud/ingress: traefik - k8s.scw.cloud/object: DaemonSet - k8s.scw.cloud/system: ingress - name: ingress-traefik - namespace: kube-system -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - k8s-app: traefik-ingress-lb - template: - metadata: - labels: - k8s-app: traefik-ingress-lb - name: ingress-traefik - spec: - containers: - - args: - - --api - - --kubernetes - - --logLevel=INFO - - --defaultentrypoints=http,https - - --entrypoints=Name:https Address::443 TLS - - --entrypoints=Name:http Address::80 - - --accesslog=true - - --accesslog.format=json - image: docker.io/traefik:1.7 - imagePullPolicy: IfNotPresent - name: ingress-traefik - ports: - - containerPort: 80 - hostPort: 80 - name: http - protocol: TCP - - containerPort: 443 - hostPort: 443 - name: https - protocol: TCP - - containerPort: 8080 - name: admin - protocol: TCP - securityContext: - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - dnsPolicy: ClusterFirst - restartPolicy: Always - serviceAccount: ingress-traefik - serviceAccountName: ingress-traefik diff --git a/manifests/transmission/transmission.yaml b/manifests/transmission/transmission.yaml index e5fb856..4a066e5 100644 --- a/manifests/transmission/transmission.yaml +++ b/manifests/transmission/transmission.yaml @@ -7,10 +7,9 @@ metadata: app: transmission annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - transmission.cluster.fun diff --git a/manifests/tweetsvg/tweetsvg.yaml b/manifests/tweetsvg/tweetsvg.yaml index 93d60ca..b93cc68 100644 --- a/manifests/tweetsvg/tweetsvg.yaml +++ b/manifests/tweetsvg/tweetsvg.yaml @@ -69,9 +69,7 @@ metadata: namespace: tweetsvg annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: diff --git a/manifests/twitter-profile-pic/twitter-profile-pic.yaml b/manifests/twitter-profile-pic/twitter-profile-pic.yaml index 810189a..1c69baa 100644 --- a/manifests/twitter-profile-pic/twitter-profile-pic.yaml +++ b/manifests/twitter-profile-pic/twitter-profile-pic.yaml @@ -66,10 +66,9 @@ metadata: namespace: twitter-profile-pic annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - twitter-profile-pic.marcusnoble.co.uk @@ -93,10 +92,9 @@ metadata: namespace: twitter-profile-pic annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - twitter-profile-pic.jsoxford.com @@ -121,10 +119,9 @@ metadata: namespace: twitter-profile-pic annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: + ingressClassName: nginx tls: - hosts: - twitter-profile-pic.cluster.fun diff --git a/tekton/1-Install/5-dashboard-ingress.yaml b/tekton/1-Install/5-dashboard-ingress.yaml index 6f24f8b..855a305 100644 --- a/tekton/1-Install/5-dashboard-ingress.yaml +++ b/tekton/1-Install/5-dashboard-ingress.yaml @@ -86,9 +86,7 @@ metadata: app: tekton-dashboard-auth annotations: cert-manager.io/cluster-issuer: letsencrypt - traefik.ingress.kubernetes.io/frontend-entry-points: http,https - traefik.ingress.kubernetes.io/redirect-entry-point: https - traefik.ingress.kubernetes.io/redirect-permanent: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: diff --git a/terraform/kubernetes-cluster.tf b/terraform/kubernetes-cluster.tf index ec1100f..fadd94b 100644 --- a/terraform/kubernetes-cluster.tf +++ b/terraform/kubernetes-cluster.tf @@ -4,7 +4,7 @@ resource "scaleway_k8s_cluster_beta" "k8s-cluster" { version = "1.22.2" cni = "weave" enable_dashboard = false - ingress = "traefik" + ingress = "nginx" feature_gates = [ "HPAScaleToZero",