feat: ingress-nginx

cluster/apps/networking/ingress-nginx/helm-release.yaml

@@ -0,0 +1,67 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: ingress-nginx
+  namespace: networking
+spec:
+  interval: 5m
+  chart:
+    spec:
+      # renovate: registryUrl=https://kubernetes.github.io/ingress-nginx
+      chart: ingress-nginx
+      version: 3.35.0
+      sourceRef:
+        kind: HelmRepository
+        name: ingress-nginx-charts
+        namespace: flux-system
+      interval: 5m
+  values:
+    controller:
+      replicaCount: 2
+      service:
+        type: LoadBalancer
+        externalIPs:
+          - ${CLUSTER_LB_NGINX}
+        externalTrafficPolicy: Local
+      publishService:
+        enabled: true
+      config:
+        ssl-protocols: "TLSv1.3 TLSv1.2"
+        custom-http-errors: 404,403,500,503
+        enable-vts-status: "false"
+        hsts-max-age: "31449600"
+      metrics:
+        enabled: true
+        serviceMonitor:
+          enabled: true
+          namespace: networking
+          namespaceSelector:
+            any: true
+      extraArgs:
+        default-ssl-certificate: "networking/${SECRET_CLUSTER_DOMAIN/./-}-tls"
+      resources:
+        requests:
+          memory: 250Mi
+          cpu: 50m
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: app.kubernetes.io/name
+                      operator: In
+                      values:
+                        - ingress-nginx
+                topologyKey: kubernetes.io/hostname
+    defaultBackend:
+      enabled: true
+      image:
+        repository: ghcr.io/181192/custom-error-pages
+        tag: latest
+      resources:
+        requests:
+          memory: 250Mi
+          cpu: 25m

cluster/apps/networking/ingress-nginx/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml

cluster/apps/networking/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
   - authelia
   - authentik
   - certificate
+  - ingress-nginx
   - k8s-gateway
   - traefik
   - unifi

cluster/base-custom/charts/ingress-nginx-charts.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: ingress-nginx-charts
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://kubernetes.github.io/ingress-nginx
+  timeout: 3m

cluster/base-custom/charts/kustomization.yaml

@@ -11,6 +11,7 @@ resources:
   - grafana-loki-charts.yaml
   - influxdata-charts.yaml
   - infracloudio-charts.yaml
+  - ingress-nginx-charts.yaml
   - jetstack-charts.yaml
   - k8s-at-home.yaml
   - k8s-gateway-charts.yaml

cluster/base-custom/settings/cluster-settings.yaml

@@ -6,6 +6,7 @@ metadata:
   name: cluster-settings
 data:
   CLUSTER_LB_K8SGATEWAY: 192.168.169.100
+  CLUSTER_LB_NGINX: 192.168.169.101
   CLUSTER_LB_TRAEFIK: 192.168.169.102
   CLUSTER_LB_UNIFI: 192.168.169.103
   CLUSTER_LB_GITEA: 192.168.169.104