feat(kube-nas): setup nginx-ingress #2008

tyriis · Oct 16, 2023 · a3ad285 · a3ad285
1 parent 472ba0a
commit a3ad285
Show file tree

Hide file tree

Showing 6 changed files with 125 additions and 0 deletions.
diff --git a/kubernetes/kube-nas/apps/nginx-ingress/kustomization.yaml b/kubernetes/kube-nas/apps/nginx-ingress/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  - ./nginx/flux-sync.yaml
diff --git a/kubernetes/kube-nas/apps/nginx-ingress/namespace.yaml b/kubernetes/kube-nas/apps/nginx-ingress/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nginx-ingress
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/helm-release.yaml b/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/helm-release.yaml
@@ -0,0 +1,76 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: &app nginx
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: ingress-nginx
+      version: 4.8.2
+      sourceRef:
+        kind: HelmRepository
+        name: ingress-nginx-charts
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=values
+    fullnameOverride: *app
+    controller:
+      replicaCount: 2
+      updateStrategy:
+        type: "RollingUpdate"
+        rollingUpdate:
+          maxUnavailable: 1
+      service:
+        annotations:
+          io.cilium/lb-ipam-ips: 192.168.1.90
+        externalTrafficPolicy: Cluster
+      allowSnippetAnnotations: true
+      config:
+        client-body-buffer-size: 100M
+        client-body-timeout: 120
+        client-header-timeout: 120
+        enable-brotli: "true"
+        enable-real-ip: "true"
+        hsts-max-age: 31449600
+        keep-alive-requests: 10000
+        keep-alive: 120
+        log-format-escape-json: "true"
+        log-format-upstream: >
+          {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for",
+          "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time,
+          "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args",
+          "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer",
+          "http_user_agent": "$http_user_agent"}
+        proxy-body-size: 0
+        proxy-buffer-size: 16k
+        ssl-protocols: TLSv1.3 TLSv1.2
+      metrics:
+        # TODO: enable me
+        enabled: false
+        serviceMonitor:
+          # TODO: enable me
+          enabled: false
+          namespace: nginx-ingress
+          namespaceSelector:
+            any: true
+      resources:
+        requests:
+          cpu: 100m
+          memory: 250Mi
+        limits:
+          memory: 500Mi
+    defaultBackend:
+      enabled: false
diff --git a/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/kustomization.yaml b/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: nginx-ingress
+resources:
+  - helm-release.yaml
diff --git a/kubernetes/kube-nas/apps/nginx-ingress/nginx/flux-sync.yaml b/kubernetes/kube-nas/apps/nginx-ingress/nginx/flux-sync.yaml
@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: apps-nginx
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  dependsOn:
+    - name: apps-cert-manager-issuers
+  interval: 10m
+  path: ./kubernetes/kube-nas/apps/nginx-ingress/nginx/app
+  prune: true
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
diff --git a/kubernetes/kube-nas/flux/repositories/helm/ingress-nginx-charts.yaml b/kubernetes/kube-nas/flux/repositories/helm/ingress-nginx-charts.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: ingress-nginx-charts
+  namespace: flux-system
+spec:
+  interval: 2h
+  url: https://kubernetes.github.io/ingress-nginx