From a3ad285cbc52b6508dc5c82f57ce453a8339f1a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20M=C3=BCller?= Date: Mon, 16 Oct 2023 23:28:12 +0200 Subject: [PATCH] feat(kube-nas): setup nginx-ingress #2008 --- .../apps/nginx-ingress/kustomization.yaml | 7 ++ .../apps/nginx-ingress/namespace.yaml | 7 ++ .../nginx-ingress/nginx/app/helm-release.yaml | 76 +++++++++++++++++++ .../nginx/app/kustomization.yaml | 7 ++ .../apps/nginx-ingress/nginx/flux-sync.yaml | 19 +++++ .../helm/ingress-nginx-charts.yaml | 9 +++ 6 files changed, 125 insertions(+) create mode 100644 kubernetes/kube-nas/apps/nginx-ingress/kustomization.yaml create mode 100644 kubernetes/kube-nas/apps/nginx-ingress/namespace.yaml create mode 100644 kubernetes/kube-nas/apps/nginx-ingress/nginx/app/helm-release.yaml create mode 100644 kubernetes/kube-nas/apps/nginx-ingress/nginx/app/kustomization.yaml create mode 100644 kubernetes/kube-nas/apps/nginx-ingress/nginx/flux-sync.yaml create mode 100644 kubernetes/kube-nas/flux/repositories/helm/ingress-nginx-charts.yaml diff --git a/kubernetes/kube-nas/apps/nginx-ingress/kustomization.yaml b/kubernetes/kube-nas/apps/nginx-ingress/kustomization.yaml new file mode 100644 index 000000000..2410b91d2 --- /dev/null +++ b/kubernetes/kube-nas/apps/nginx-ingress/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + - ./nginx/flux-sync.yaml diff --git a/kubernetes/kube-nas/apps/nginx-ingress/namespace.yaml b/kubernetes/kube-nas/apps/nginx-ingress/namespace.yaml new file mode 100644 index 000000000..da272f47b --- /dev/null +++ b/kubernetes/kube-nas/apps/nginx-ingress/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: nginx-ingress + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/helm-release.yaml b/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/helm-release.yaml new file mode 100644 index 000000000..16c31ffb5 --- /dev/null +++ b/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/helm-release.yaml @@ -0,0 +1,76 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app nginx +spec: + interval: 30m + chart: + spec: + chart: ingress-nginx + version: 4.8.2 + sourceRef: + kind: HelmRepository + name: ingress-nginx-charts + namespace: flux-system + maxHistory: 2 + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx?modal=values + fullnameOverride: *app + controller: + replicaCount: 2 + updateStrategy: + type: "RollingUpdate" + rollingUpdate: + maxUnavailable: 1 + service: + annotations: + io.cilium/lb-ipam-ips: 192.168.1.90 + externalTrafficPolicy: Cluster + allowSnippetAnnotations: true + config: + client-body-buffer-size: 100M + client-body-timeout: 120 + client-header-timeout: 120 + enable-brotli: "true" + enable-real-ip: "true" + hsts-max-age: 31449600 + keep-alive-requests: 10000 + keep-alive: 120 + log-format-escape-json: "true" + log-format-upstream: > + {"time": "$time_iso8601", "remote_addr": "$proxy_protocol_addr", "x_forwarded_for": "$proxy_add_x_forwarded_for", + "request_id": "$req_id", "remote_user": "$remote_user", "bytes_sent": $bytes_sent, "request_time": $request_time, + "status": $status, "vhost": "$host", "request_proto": "$server_protocol", "path": "$uri", "request_query": "$args", + "request_length": $request_length, "duration": $request_time, "method": "$request_method", "http_referrer": "$http_referer", + "http_user_agent": "$http_user_agent"} + proxy-body-size: 0 + proxy-buffer-size: 16k + ssl-protocols: TLSv1.3 TLSv1.2 + metrics: + # TODO: enable me + enabled: false + serviceMonitor: + # TODO: enable me + enabled: false + namespace: nginx-ingress + namespaceSelector: + any: true + resources: + requests: + cpu: 100m + memory: 250Mi + limits: + memory: 500Mi + defaultBackend: + enabled: false diff --git a/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/kustomization.yaml b/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/kustomization.yaml new file mode 100644 index 000000000..3bf6698f7 --- /dev/null +++ b/kubernetes/kube-nas/apps/nginx-ingress/nginx/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: nginx-ingress +resources: + - helm-release.yaml diff --git a/kubernetes/kube-nas/apps/nginx-ingress/nginx/flux-sync.yaml b/kubernetes/kube-nas/apps/nginx-ingress/nginx/flux-sync.yaml new file mode 100644 index 000000000..2c9d2e3ba --- /dev/null +++ b/kubernetes/kube-nas/apps/nginx-ingress/nginx/flux-sync.yaml @@ -0,0 +1,19 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1beta2.json +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: apps-nginx + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + dependsOn: + - name: apps-cert-manager-issuers + interval: 10m + path: ./kubernetes/kube-nas/apps/nginx-ingress/nginx/app + prune: true + wait: true + sourceRef: + kind: GitRepository + name: home-ops diff --git a/kubernetes/kube-nas/flux/repositories/helm/ingress-nginx-charts.yaml b/kubernetes/kube-nas/flux/repositories/helm/ingress-nginx-charts.yaml new file mode 100644 index 000000000..cbdee2368 --- /dev/null +++ b/kubernetes/kube-nas/flux/repositories/helm/ingress-nginx-charts.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: ingress-nginx-charts + namespace: flux-system +spec: + interval: 2h + url: https://kubernetes.github.io/ingress-nginx