feat(nginx): 新增nginx ingress配置

apps/gitea/helmchart.yaml

@@ -43,18 +43,18 @@ spec:
           LANGS: zh-CN,en-US
           NAMES: 简体中文,English
     extraVolumes:
-    - name: gitea-custom-templates-volume
+      - name: gitea-custom-templates-volume
-      configMap:
+        configMap:
-        name: gitea-custom-templates
+          name: gitea-custom-templates
-        items:
+          items:
-        - key: home.tmpl
+            - key: home.tmpl
-          path: home.tmpl
+              path: home.tmpl
-        - key: extra_links.tmpl
+            - key: extra_links.tmpl
-          path: custom/extra_links.tmpl
+              path: custom/extra_links.tmpl
     extraContainerVolumeMounts:
-    - name: gitea-custom-templates-volume
+      - name: gitea-custom-templates-volume
-      readOnly: true
+        readOnly: true
-      mountPath: /data/gitea/templates
+        mountPath: /data/gitea/templates
 
 
 

apps/gitea/ingress-http.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea-http
+  namespace: infra-devops
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: git.dev.cm
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: gitea-http
+                port:
+                  number: 3000

apps/gitea/ingressroute-http.yaml

@@ -1,19 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: gitea-http
-  namespace: infra-devops
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: Host(`git.dev.cm`)
-      middlewares:
-        - name: compress
-        - name: cache
-      services:
-        - kind: Service
-          name: gitea-http
-          namespace: infra-devops
-          port: 3000

apps/gitea/ingressroute-ssh.yaml

@@ -1,14 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRouteTCP
-metadata:
-  name: gitea-ssh
-  namespace: infra-devops
-spec:
-  entryPoints:
-    - ssh
-  routes:
-    - match: HostSNI(`*`)
-      services:
-        - name: gitea-ssh
-          namespace: infra-devops
-          port: 22

apps/gitea/loadbalancer-ssh.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-ssh-lb
+  namespace: infra-devops
+spec:
+  selector:
+    app.kubernetes.io/name: gitea
+    app.kubernetes.io/instance: gitea
+  ports:
+    - protocol: TCP
+      port: 22
+      targetPort: 22
+  type: LoadBalancer

apps/postgresql-ha/helmchart.yaml

@@ -19,11 +19,11 @@ spec:
         type: "hard"
         key: "topology.kubernetes.io/region"
         values:
-        - "cn-sh"
+          - "cn-sh"
       tolerations:
-      - key: "node-role.kubernetes.io/master"
+        - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
+          operator: "Exists"
-        effect: "NoSchedule"
+          effect: "NoSchedule"
     pgpool:
       image:
         debug: false
@@ -31,9 +31,9 @@ spec:
         type: "hard"
         key: "topology.kubernetes.io/region"
         values:
-        - "cn-sh"
+          - "cn-sh"
       tolerations:
-      - key: "node-role.kubernetes.io/master"
+        - key: "node-role.kubernetes.io/master"
-        operator: "Exists"
+          operator: "Exists"
-        effect: "NoSchedule"
+          effect: "NoSchedule"
 

certs/certificate-dev-cm.yaml

@@ -12,16 +12,4 @@ spec:
   dnsNames:
     - "dev.cm"
     - "*.dev.cm"
-    - "*.node.dev.cm"
+    - "*.node.dev.cm"
-
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: TLSStore
-metadata:
-  name: default
-  namespace: kube-system
-spec:
-  certificates:
-    - secretName: dev-cm-crt
-  defaultCertificate:
-    secretName: dev-cm-crt

core/nginx/helmchart.yaml

@@ -0,0 +1,43 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: ingress-nginx
+  namespace: kube-system
+spec:
+  chart: ingress-nginx
+  repo: https://kubernetes.github.io/ingress-nginx
+  targetNamespace: kube-system
+  version: 4.10.0
+  set:
+  valuesContent: |-
+    fullnameOverride: ingress-nginx
+    controller:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: svccontroller.k3s.cattle.io/enablelb
+                    operator: In
+                    values:
+                      - "true"
+      tolerations:
+        - key: "node-role.kubernetes.io/master"
+          operator: "Exists"
+          effect: "NoSchedule"
+      kind: DaemonSet
+      hostNetwork: true
+      dnsPolicy: None
+      dnsConfig:
+        nameservers:
+          - 169.254.20.10
+          - 10.43.0.10
+      hostNetwork: true
+      hostPort:
+        enabled: true
+      service:
+        enabled: false
+      publishService:
+        enabled: false
+      config:
+        use-forwarded-headers: "true"

core/traefik/helmchartconfig.yaml

@@ -9,15 +9,15 @@ spec:
       nodeAffinity:
         requiredDuringSchedulingIgnoredDuringExecution:
           nodeSelectorTerms:
-          - matchExpressions:
+            - matchExpressions:
-            - key: svccontroller.k3s.cattle.io/enablelb
+                - key: svccontroller.k3s.cattle.io/enablelb
-              operator: In
+                  operator: In
-              values:
+                  values:
-              - "true"
+                    - "true"
     tolerations:
-    - key: "node-role.kubernetes.io/master"
+      - key: "node-role.kubernetes.io/master"
-      operator: "Exists"
+        operator: "Exists"
-      effect: "NoSchedule"
+        effect: "NoSchedule"
     updateStrategy:
       rollingUpdate:
         maxUnavailable: 1
@@ -27,8 +27,8 @@ spec:
       dnsPolicy: None
       dnsConfig:
         nameservers:
-        - 169.254.20.10
+          - 169.254.20.10
-        - 10.43.0.10
+          - 10.43.0.10
     hostNetwork: true
     service:
       spec:
@@ -50,8 +50,11 @@ spec:
         port: 8022
         expose: true
         exposedPort: 22
+    providers:
+      kubernetesCRD:
+        allowCrossNamespace: true
     additionalArguments:
-      - "--experimental.plugins.souin.moduleName=github.com/darkweak/souin"
+      - "--experimental.plugins.cache.moduleName=github.com/darkweak/souin"
       - "--experimental.plugins.souin.version=v1.6.47"
     experimental:
       plugins:

core/traefik/ingressroute-internal.yaml

@@ -11,7 +11,6 @@ spec:
       match: Host(`gateway.dev.cm`)
       middlewares:
         - name: compress
-        - name: cache
       services:
         - kind: TraefikService
           name: dashboard@internal

core/traefik/middleware/middleware-cache.yaml

@@ -1,11 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: cache
-  namespace: kube-system
-spec:
-  plugin:
-    souin:
-      default_cache:
-        ttl: 3600s
-        default_cache_control: public, max-age=86400

install/master-init.config.yaml

@@ -4,4 +4,8 @@ tls-san:
   - "k3s.dev.cm,k3s.fillcode.com"
 
 # 网络相关
-vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw"
+vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw"
+
+# 组件相关
+disable:
+  - traefik

install/master.config.yaml

@@ -5,4 +5,8 @@ tls-san:
   - "k3s.dev.cm,k3s.fillcode.com"
 
 # 网络相关
-vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw"
+vpn-auth: "name=tailscale,joinKey=tskey-auth-ksJXXH4CNTRL-4WRkX448yC6W6yhytK1FD68HMDK4zStw"
+
+# 组件相关
+disable:
+  - traefik