Switched to nginx

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
2021-10-16 09:46:06 +01:00 · 2021-10-16 09:46:06 +01:00 · f516ee38ae
commit f516ee38ae
parent 36d87d3c12
41 changed files with 211 additions and 230 deletions
--- a/manifests/11-year-anniversary/11-year-anniversary.yaml
+++ b/manifests/11-year-anniversary/11-year-anniversary.yaml
@ -62,9 +62,7 @@ metadata:
  namespace: anniversary
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
--- a/manifests/_apps/traefik-lb.yaml
+++ b/manifests/_apps/traefik-lb.yaml
@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: traefik-lb
+  name: nginx-lb
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
@ -11,7 +11,7 @@ spec:
    namespace: kube-system
    name: cluster-fun (scaleway)
  source:
-    path: manifests/traefik-lb
+    path: manifests/nginx-lb
    repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git"
    targetRevision: HEAD
  syncPolicy:
--- a/manifests/_apps/wallabag.yaml
+++ b/manifests/_apps/wallabag.yaml
@ -64,9 +64,7 @@ spec:
            enabled: true
            annotations:
              cert-manager.io/cluster-issuer: letsencrypt
-              traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-              traefik.ingress.kubernetes.io/redirect-entry-point: https
-              traefik.ingress.kubernetes.io/redirect-permanent: "true"
+              nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
            tls:
            - hosts:
              - wallabag.cluster.fun
--- a/manifests/argocd/argocd.yaml
+++ b/manifests/argocd/argocd.yaml
@ -7,10 +7,9 @@ metadata:
    app: argo
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - argo.cluster.fun
--- a/manifests/base64/base64.yaml
+++ b/manifests/base64/base64.yaml
@ -49,10 +49,9 @@ metadata:
  namespace: base64
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - base64.cluster.fun
--- a/manifests/blog/blog.yaml
+++ b/manifests/blog/blog.yaml
@ -57,10 +57,9 @@ metadata:
  namespace: blog
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - marcusnoble.co.uk
@ -85,10 +84,9 @@ metadata:
  namespace: blog
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - www.marcusnoble.co.uk
@ -113,10 +111,9 @@ metadata:
  namespace: blog
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - blog.marcusnoble.co.uk
--- a/manifests/certmanager_chart/certmanager_chart.yaml
+++ b/manifests/certmanager_chart/certmanager_chart.yaml
@ -41,4 +41,4 @@ spec:
    solvers:
    - http01:
        ingress:
-          class: traefik
+          class: nginx
--- a/manifests/code-server/code-server.yaml
+++ b/manifests/code-server/code-server.yaml
@ -5,10 +5,9 @@ metadata:
  namespace: inlets
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - code.cluster.fun
--- a/manifests/cors-proxy/cors-proxy.yaml
+++ b/manifests/cors-proxy/cors-proxy.yaml
@ -42,10 +42,9 @@ metadata:
  namespace: cors-proxy
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - cors-proxy.cluster.fun
@ -70,10 +69,9 @@ metadata:
  namespace: cors-proxy
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - cors-proxy.marcusnoble.co.uk
--- a/manifests/cv/cv.yaml
+++ b/manifests/cv/cv.yaml
@ -62,10 +62,9 @@ metadata:
  namespace: cv
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - cv.marcusnoble.co.uk
--- a/manifests/dashboard/dashboard.yaml
+++ b/manifests/dashboard/dashboard.yaml
@ -111,10 +111,9 @@ metadata:
  namespace: dashboard
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - dash.cluster.fun
--- a/manifests/downloads/downloads.yaml
+++ b/manifests/downloads/downloads.yaml
@ -7,10 +7,9 @@ metadata:
    app: downloads-auth
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - downloads.cluster.fun
--- a/manifests/feed-fetcher/feed-fetcher.yaml
+++ b/manifests/feed-fetcher/feed-fetcher.yaml
@ -42,10 +42,9 @@ metadata:
  namespace: feed-fetcher
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - feed-fetcher.cluster.fun
--- a/manifests/gitea/gitea.yaml
+++ b/manifests/gitea/gitea.yaml
@ -96,10 +96,9 @@ metadata:
  namespace: gitea
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - git.cluster.fun
--- a/manifests/goplayground/goplayground.yaml
+++ b/manifests/goplayground/goplayground.yaml
@ -47,10 +47,9 @@ metadata:
  namespace: goplayground
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - go.cluster.fun
--- a/manifests/harbor_chart/harbor_chart.yaml
+++ b/manifests/harbor_chart/harbor_chart.yaml
@ -49,12 +49,8 @@ spec:
          core: docker.cluster.fun
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt
-          traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-          traefik.ingress.kubernetes.io/redirect-entry-point: https
-          traefik.ingress.kubernetes.io/redirect-permanent: "true"
-          traefik.ingress.kubernetes.io/buffering: |
-            maxrequestbodybytes: "0"
-            maxresponsebodybytes: "0"
+          nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+          nginx.ingress.kubernetes.io/proxy-body-size: 0
    portal:
      replicas: 2
      priorityClassName: system-cluster-critical
--- a/manifests/inlets/inlets.yaml
+++ b/manifests/inlets/inlets.yaml
@ -70,7 +70,6 @@ metadata:
  namespace: inlets
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
 spec:
  tls:
  - hosts:
@ -95,9 +94,7 @@ metadata:
  namespace: inlets
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
@ -138,9 +135,7 @@ metadata:
  namespace: inlets
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
@ -165,9 +160,7 @@ metadata:
  namespace: inlets
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
@ -193,9 +186,7 @@ metadata:
  namespace: inlets
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
@ -221,9 +212,7 @@ metadata:
  namespace: inlets
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
--- a/manifests/jackett/jackett.yaml
+++ b/manifests/jackett/jackett.yaml
@ -7,10 +7,9 @@ metadata:
    app: jackett-auth
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - jackett.cluster.fun
--- a/manifests/matrix_chart/matrix_chart.yaml
+++ b/manifests/matrix_chart/matrix_chart.yaml
@ -144,10 +144,9 @@ metadata:
  namespace: chat
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - matrix.cluster.fun
@ -180,10 +179,9 @@ metadata:
  namespace: chat
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - chat.cluster.fun
--- a/manifests/monitoring/inges.yaml
+++ b/manifests/monitoring/inges.yaml
@ -7,10 +7,9 @@ metadata:
    app: grafana
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - grafana.cluster.fun
@ -36,10 +35,9 @@ metadata:
    app: prometheus
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - prometheus.cluster.fun
@ -75,12 +73,11 @@ metadata:
    app: prometheus-cloud
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    ingress.kubernetes.io/auth-type: basic
    ingress.kubernetes.io/auth-secret: prometheus-credentials
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - prometheus-cloud.cluster.fun
--- a/manifests/nextcloud_chart/nextcloud_chart.yaml
+++ b/manifests/nextcloud_chart/nextcloud_chart.yaml
@ -36,9 +36,7 @@ spec:
      enabled: true
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt
-        traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-        traefik.ingress.kubernetes.io/redirect-entry-point: https
-        traefik.ingress.kubernetes.io/redirect-permanent: "true"
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      tls:
      - hosts:
        - nextcloud.cluster.fun
--- a/manifests/nginx-lb/nginx-lb.yaml
+++ b/manifests/nginx-lb/nginx-lb.yaml
@ -0,0 +1,125 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: nginx-ingress-service
+  namespace: kube-system
+spec:
+  selector:
+    app.kubernetes.io/name: ingress-nginx
+  ports:
+    - protocol: TCP
+      port: 80
+      name: http
+    - protocol: TCP
+      port: 443
+      name: https
+  type: LoadBalancer
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  annotations:
+    meta.helm.sh/release-name: kapsule-ingress
+    meta.helm.sh/release-namespace: kube-system
+  labels:
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    k8s.scw.cloud/ingress: nginx
+    k8s.scw.cloud/object: ConfigMap
+    k8s.scw.cloud/system: ingress
+  name: ingress-nginx-configuration
+  namespace: kube-system
+data:
+  log-format-upstream: '{"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forward_for": "$proxy_add_x_forwarded_for", "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, "status": $status, "host": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", "request_length": $request_length, "duration": $request_time,"method": "$request_method", "http_referrer": "$http_referer", "http_user_agent": "$http_user_agent" }'
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  annotations:
+    deprecated.daemonset.template.generation: "2"
+    meta.helm.sh/release-name: kapsule-ingress
+    meta.helm.sh/release-namespace: kube-system
+  labels:
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: ingress-nginx
+    app.kubernetes.io/part-of: ingress-nginx
+    k8s.scw.cloud/ingress: nginx
+    k8s.scw.cloud/object: DaemonSet
+    k8s.scw.cloud/system: ingress
+  name: nginx-ingress
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: ingress-nginx
+      app.kubernetes.io/part-of: ingress-nginx
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: ingress-nginx
+        app.kubernetes.io/part-of: ingress-nginx
+    spec:
+      containers:
+      - args:
+        - /nginx-ingress-controller
+        - --election-id=ingress-controller-leader-nginx
+        - --controller-class=k8s.io/ingress-nginx
+        - --configmap=$(POD_NAMESPACE)/ingress-nginx-configuration
+        - --tcp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-tcp-services
+        - --udp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-udp-services
+        - --annotations-prefix=nginx.ingress.kubernetes.io
+        - --watch-ingress-without-class
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: k8s.gcr.io/ingress-nginx/controller:v1.0.0-beta.1
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 10
+        name: nginx-ingress-controller
+        ports:
+        - containerPort: 80
+          hostPort: 80
+          name: http
+          protocol: TCP
+        - containerPort: 443
+          hostPort: 443
+          name: https
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 10
+        securityContext:
+          allowPrivilegeEscalation: true
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - ALL
+          runAsUser: 101
--- a/manifests/nodered/nodered.yaml
+++ b/manifests/nodered/nodered.yaml
@ -91,9 +91,7 @@ metadata:
  namespace: node-red
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
--- a/manifests/opengraph/opengraph.yaml
+++ b/manifests/opengraph/opengraph.yaml
@ -47,10 +47,9 @@ metadata:
  namespace: opengraph
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - opengraph.cluster.fun
--- a/manifests/outline/outline.yaml
+++ b/manifests/outline/outline.yaml
@ -108,10 +108,9 @@ metadata:
  namespace: outline
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - outline.cluster.fun
--- a/manifests/paradoxfox/paradoxfox.yaml
+++ b/manifests/paradoxfox/paradoxfox.yaml
@ -80,9 +80,7 @@ metadata:
  namespace: paradoxfox
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
@ -108,9 +106,7 @@ metadata:
  namespace: paradoxfox
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
--- a/manifests/printer/printer.yaml
+++ b/manifests/printer/printer.yaml
@ -7,9 +7,7 @@ metadata:
    app: printer-auth
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
--- a/manifests/qr/qr.yaml
+++ b/manifests/qr/qr.yaml
@ -47,10 +47,9 @@ metadata:
  namespace: qr
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - qr.cluster.fun
--- a/manifests/radarr/radarr.yaml
+++ b/manifests/radarr/radarr.yaml
@ -7,10 +7,9 @@ metadata:
    app: radarr
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - radarr.cluster.fun
--- a/manifests/rss/rss.yaml
+++ b/manifests/rss/rss.yaml
@ -131,10 +131,9 @@ metadata:
  namespace: rss
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - rss.cluster.fun
--- a/manifests/sonarr/sonarr.yaml
+++ b/manifests/sonarr/sonarr.yaml
@ -7,10 +7,9 @@ metadata:
    app: sonarr
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - sonarr.cluster.fun
--- a/manifests/svg-to-dxf/svg-to-dxf.yaml
+++ b/manifests/svg-to-dxf/svg-to-dxf.yaml
@ -45,9 +45,7 @@ metadata:
  namespace: svg-to-dxf
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
--- a/manifests/talks/talks.yaml
+++ b/manifests/talks/talks.yaml
@ -47,10 +47,9 @@ metadata:
  namespace: talks
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - talks.marcusnoble.co.uk
--- a/manifests/text-to-dxf/text-to-dxf.yaml
+++ b/manifests/text-to-dxf/text-to-dxf.yaml
@ -45,9 +45,7 @@ metadata:
  namespace: text-to-dxf
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
--- a/manifests/til/til.yaml
+++ b/manifests/til/til.yaml
@ -47,10 +47,9 @@ metadata:
  namespace: til
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - til.marcusnoble.co.uk
--- a/manifests/traefik-lb/traefik-lb.yaml
+++ b/manifests/traefik-lb/traefik-lb.yaml
@ -1,75 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: traefik-ingress-service
-  namespace: kube-system
-spec:
-  selector:
-    k8s-app: traefik-ingress-lb
-  ports:
-    - protocol: TCP
-      port: 80
-      name: http
-    - protocol: TCP
-      port: 443
-      name: https
-  type: LoadBalancer
-
---
-
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  labels:
-    k8s-app: traefik-ingress-lb
-    k8s.scw.cloud/ingress: traefik
-    k8s.scw.cloud/object: DaemonSet
-    k8s.scw.cloud/system: ingress
-  name: ingress-traefik
-  namespace: kube-system
-spec:
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      k8s-app: traefik-ingress-lb
-  template:
-    metadata:
-      labels:
-        k8s-app: traefik-ingress-lb
-        name: ingress-traefik
-    spec:
-      containers:
-      - args:
-        - --api
-        - --kubernetes
-        - --logLevel=INFO
-        - --defaultentrypoints=http,https
-        - --entrypoints=Name:https Address::443 TLS
-        - --entrypoints=Name:http Address::80
-        - --accesslog=true
-        - --accesslog.format=json
-        image: docker.io/traefik:1.7
-        imagePullPolicy: IfNotPresent
-        name: ingress-traefik
-        ports:
-        - containerPort: 80
-          hostPort: 80
-          name: http
-          protocol: TCP
-        - containerPort: 443
-          hostPort: 443
-          name: https
-          protocol: TCP
-        - containerPort: 8080
-          name: admin
-          protocol: TCP
-        securityContext:
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-            drop:
-            - ALL
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      serviceAccount: ingress-traefik
-      serviceAccountName: ingress-traefik
--- a/manifests/transmission/transmission.yaml
+++ b/manifests/transmission/transmission.yaml
@ -7,10 +7,9 @@ metadata:
    app: transmission
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - transmission.cluster.fun
--- a/manifests/tweetsvg/tweetsvg.yaml
+++ b/manifests/tweetsvg/tweetsvg.yaml
@ -69,9 +69,7 @@ metadata:
  namespace: tweetsvg
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
--- a/manifests/twitter-profile-pic/twitter-profile-pic.yaml
+++ b/manifests/twitter-profile-pic/twitter-profile-pic.yaml
@ -66,10 +66,9 @@ metadata:
  namespace: twitter-profile-pic
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - twitter-profile-pic.marcusnoble.co.uk
@ -93,10 +92,9 @@ metadata:
  namespace: twitter-profile-pic
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - twitter-profile-pic.jsoxford.com
@ -121,10 +119,9 @@ metadata:
  namespace: twitter-profile-pic
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
+  ingressClassName: nginx
  tls:
  - hosts:
    - twitter-profile-pic.cluster.fun
--- a/tekton/1-Install/5-dashboard-ingress.yaml
+++ b/tekton/1-Install/5-dashboard-ingress.yaml
@ -86,9 +86,7 @@ metadata:
    app: tekton-dashboard-auth
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 spec:
  tls:
  - hosts:
--- a/terraform/kubernetes-cluster.tf
+++ b/terraform/kubernetes-cluster.tf
@ -4,7 +4,7 @@ resource "scaleway_k8s_cluster_beta" "k8s-cluster" {
  version          = "1.22.2"
  cni              = "weave"
  enable_dashboard = false
-  ingress          = "traefik"
+  ingress          = "nginx"

  feature_gates = [
    "HPAScaleToZero",