diff --git a/cluster/apps/networking/ingress-nginx/helm-release.yaml b/cluster/apps/networking/ingress-nginx/helm-release.yaml new file mode 100644 index 000000000..fd1f43fb5 --- /dev/null +++ b/cluster/apps/networking/ingress-nginx/helm-release.yaml @@ -0,0 +1,67 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: ingress-nginx + namespace: networking +spec: + interval: 5m + chart: + spec: + # renovate: registryUrl=https://kubernetes.github.io/ingress-nginx + chart: ingress-nginx + version: 3.35.0 + sourceRef: + kind: HelmRepository + name: ingress-nginx-charts + namespace: flux-system + interval: 5m + values: + controller: + replicaCount: 2 + service: + type: LoadBalancer + externalIPs: + - ${CLUSTER_LB_NGINX} + externalTrafficPolicy: Local + publishService: + enabled: true + config: + ssl-protocols: "TLSv1.3 TLSv1.2" + custom-http-errors: 404,403,500,503 + enable-vts-status: "false" + hsts-max-age: "31449600" + metrics: + enabled: true + serviceMonitor: + enabled: true + namespace: networking + namespaceSelector: + any: true + extraArgs: + default-ssl-certificate: "networking/${SECRET_CLUSTER_DOMAIN/./-}-tls" + resources: + requests: + memory: 250Mi + cpu: 50m + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - ingress-nginx + topologyKey: kubernetes.io/hostname + defaultBackend: + enabled: true + image: + repository: ghcr.io/181192/custom-error-pages + tag: latest + resources: + requests: + memory: 250Mi + cpu: 25m diff --git a/cluster/apps/networking/ingress-nginx/kustomization.yaml b/cluster/apps/networking/ingress-nginx/kustomization.yaml new file mode 100644 index 000000000..2fa2de20c --- /dev/null +++ b/cluster/apps/networking/ingress-nginx/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helm-release.yaml diff --git a/cluster/apps/networking/kustomization.yaml b/cluster/apps/networking/kustomization.yaml index 376920104..0a1d8baf2 100644 --- a/cluster/apps/networking/kustomization.yaml +++ b/cluster/apps/networking/kustomization.yaml @@ -6,6 +6,7 @@ resources: - authelia - authentik - certificate + - ingress-nginx - k8s-gateway - traefik - unifi diff --git a/cluster/base-custom/charts/ingress-nginx-charts.yaml b/cluster/base-custom/charts/ingress-nginx-charts.yaml new file mode 100644 index 000000000..eb15f7492 --- /dev/null +++ b/cluster/base-custom/charts/ingress-nginx-charts.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: ingress-nginx-charts + namespace: flux-system +spec: + interval: 1h + url: https://kubernetes.github.io/ingress-nginx + timeout: 3m diff --git a/cluster/base-custom/charts/kustomization.yaml b/cluster/base-custom/charts/kustomization.yaml index c3824e33c..b7cd3ed96 100644 --- a/cluster/base-custom/charts/kustomization.yaml +++ b/cluster/base-custom/charts/kustomization.yaml @@ -11,6 +11,7 @@ resources: - grafana-loki-charts.yaml - influxdata-charts.yaml - infracloudio-charts.yaml + - ingress-nginx-charts.yaml - jetstack-charts.yaml - k8s-at-home.yaml - k8s-gateway-charts.yaml diff --git a/cluster/base-custom/settings/cluster-settings.yaml b/cluster/base-custom/settings/cluster-settings.yaml index 109135730..87d07d64e 100644 --- a/cluster/base-custom/settings/cluster-settings.yaml +++ b/cluster/base-custom/settings/cluster-settings.yaml @@ -6,6 +6,7 @@ metadata: name: cluster-settings data: CLUSTER_LB_K8SGATEWAY: 192.168.169.100 + CLUSTER_LB_NGINX: 192.168.169.101 CLUSTER_LB_TRAEFIK: 192.168.169.102 CLUSTER_LB_UNIFI: 192.168.169.103 CLUSTER_LB_GITEA: 192.168.169.104