Compare commits
7 commits
f27448ffbe
...
c8fe65944b
| Author | SHA1 | Date | |
|---|---|---|---|
| c8fe65944b | |||
e22ac7e255
|
|||
|
76b5b293c2
|
|||
|
4c78c53f53
|
|||
|
760b310624
|
|||
|
1f42f87229
|
|||
|
f9cb28bc40
|
10 changed files with 11 additions and 49 deletions
|
|
@ -7,7 +7,7 @@ metadata:
|
|||
annotations:
|
||||
external-dns.alpha.kubernetes.io/target: valinor.hsn.dev
|
||||
spec:
|
||||
ingressClassName: "nginx"
|
||||
ingressClassName: "hsn-nginx"
|
||||
rules:
|
||||
- host: &host "flux-receiver-valinor.hsn.dev"
|
||||
http:
|
||||
|
|
|
|||
|
|
@ -36,12 +36,6 @@ spec:
|
|||
name: hcloud
|
||||
key: token
|
||||
optional: true
|
||||
HCLOUD_NETWORK:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: hcloud
|
||||
key: network
|
||||
optional: true
|
||||
metrics:
|
||||
enabled: true
|
||||
networking:
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ spec:
|
|||
main:
|
||||
classname: nginx
|
||||
hosts:
|
||||
- host: &host alertmanager.valinor.social
|
||||
- host: &host alertmanager.hsn.dev
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
|
|
|
|||
|
|
@ -268,7 +268,7 @@ spec:
|
|||
enabled: true
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/target: valinor.hsn.dev
|
||||
ingressClassName: nginx
|
||||
ingressClassName: hsn-nginx
|
||||
hosts:
|
||||
- &host grafana.hsn.dev
|
||||
tls:
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ spec:
|
|||
ingress:
|
||||
enabled: true
|
||||
pathType: Prefix
|
||||
ingressClassName: nginx
|
||||
ingressClassName: hsn-nginx
|
||||
hosts:
|
||||
- &host alert-manager.valinor.social
|
||||
tls:
|
||||
|
|
|
|||
|
|
@ -38,8 +38,8 @@ spec:
|
|||
replicaCount: 3
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: nginx
|
||||
hostname: &host thanos-query-frontend.valinor.social
|
||||
ingressClassName: hsn-nginx
|
||||
hostname: &host thanos-query-frontend.hsn.dev
|
||||
tls: true
|
||||
extraTls:
|
||||
- hosts:
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ spec:
|
|||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
className: "nginx"
|
||||
className: hsn-nginx
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/target: "valinor.hsn.dev"
|
||||
hosts:
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@ spec:
|
|||
load-balancer.hetzner.cloud/location: fsn1
|
||||
load-balancer.hetzner.cloud/protocol: tcp
|
||||
load-balancer.hetzner.cloud/name: hsn-nginx
|
||||
load-balancer.hetzner.cloud/use-private-ip: true
|
||||
load-balancer.hetzner.cloud/uses-proxyprotocol: true
|
||||
|
||||
publishService:
|
||||
|
|
@ -64,10 +63,6 @@ spec:
|
|||
proxy-buffer-size: "16k"
|
||||
ssl-protocols: "TLSv1.3 TLSv1.2"
|
||||
use-forwarded-headers: "true"
|
||||
plugins: "crowdsec"
|
||||
lua-shared-dicts: "crowdsec_cache: 50m"
|
||||
server-snippet: |
|
||||
resolver local=on ipv6=off;
|
||||
|
||||
extraArgs:
|
||||
default-ssl-certificate: "network/hsn-dev-tls"
|
||||
|
|
@ -78,7 +73,7 @@ spec:
|
|||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/instance: ingress-nginx
|
||||
app.kubernetes.io/instance: ingress-nginx-hsn
|
||||
app.kubernetes.io/component: controller
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
|
|
@ -92,40 +87,13 @@ spec:
|
|||
- key: app.kubernetes.io/instance
|
||||
operator: In
|
||||
values:
|
||||
- ingress-nginx
|
||||
- ingress-nginx-hsn
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 23m
|
||||
memory: 381M
|
||||
extraVolumes:
|
||||
- name: crowdsec-bouncer-plugin
|
||||
emptyDir: {}
|
||||
extraInitContainers:
|
||||
- name: init-clone-crowdsec-bouncer
|
||||
image: crowdsecurity/lua-bouncer-plugin
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: API_URL
|
||||
value: "http://crowdsec-service.security.svc.cluster.local:8080" # crowdsec lapi service-name
|
||||
- name: API_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nginx-ingress-secrets
|
||||
key: nginx-ingress-bouncer-apikey
|
||||
- name: BOUNCER_CONFIG
|
||||
value: "/crowdsec/crowdsec-bouncer.conf"
|
||||
- name: BAN_TEMPLATE_PATH
|
||||
value: /etc/nginx/lua/plugins/crowdsec/templates/ban.html
|
||||
command: ['sh', '-c', "sh /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"]
|
||||
volumeMounts:
|
||||
- name: crowdsec-bouncer-plugin
|
||||
mountPath: /lua_plugins
|
||||
extraVolumeMounts:
|
||||
- name: crowdsec-bouncer-plugin
|
||||
mountPath: /etc/nginx/lua/plugins/crowdsec
|
||||
subPath: crowdsec
|
||||
|
||||
defaultBackend:
|
||||
enabled: false
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ spec:
|
|||
agent:
|
||||
acquisition:
|
||||
- namespace: network
|
||||
podName: ingress-nginx-controller-*
|
||||
podName: ingress-nginx-hsn-controller-*
|
||||
program: nginx
|
||||
|
||||
env:
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ spec:
|
|||
annotations:
|
||||
nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
|
||||
hosts:
|
||||
- host: &host "1pwconnect.valinor.social"
|
||||
- host: &host "1pwconnect.hsn.dev"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
|
|
|
|||
Reference in a new issue