Add traefik config for running on a different port

7 months ago · c2703834f0
parent 85c8afe072
commit c2703834f0
9 changed files with 107 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,6 @@
 **/*.tfvars
 **/.terraform/*
 **/*.tfstate.*
-**/*.tfstate
+**/*.tfstate
+**/*.auth
+**/*-secret.yaml
--- a/apps/longhorn/route.yaml
+++ b/apps/longhorn/route.yaml
@ -0,0 +1,25 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: longhorn-auth
+  namespace: longhorn-system
+spec:
+  basicAuth:
+    secret: longhorn-secret
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: longhorn-route
+  namespace: longhorn-system
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`longhorn.trivernis.net`)
+    kind: Rule
+    services:
+    - name: longhorn-frontend
+      port: 80
+    middlewares:
+      - name: longhorn-auth
--- a/apps/plantwiki/deploy.yaml
+++ b/apps/plantwiki/deploy.yaml
@ -20,6 +20,7 @@ spec:
      labels:
        app: plantwiki
    spec:
+      nodeName: hetzner-dedicated
      containers:
      - image: git.trivernis.net/trivernis/plantwiki:latest
        name: plantwiki
--- a/apps/searxng/config.yaml
+++ b/apps/searxng/config.yaml
@ -808,6 +808,7 @@ data:

      - name: google
        engine: google
+        weight: 2
        shortcut: go
        # additional_tests:
        #   android: *test_android
--- a/apps/searxng/deploy.yaml
+++ b/apps/searxng/deploy.yaml
@ -4,7 +4,7 @@ metadata:
  name: searxng
  namespace: searxng
 spec:
-  replicas: 1
+  replicas: 3
  selector:
    matchLabels:
      app: searxng
@ -13,6 +13,13 @@ spec:
      labels:
        app: searxng
    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: searxng    
      containers:
        - image: docker.io/searxng/searxng:latest
          name: searxng
--- a/apps/searxng/route.yaml
+++ b/apps/searxng/route.yaml
@ -0,0 +1,19 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: searxng-route
+  namespace: searxng
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`search.trivernis.dev`)
+    kind: Rule
+    services:
+    - name: searxng-srv
+      port: 8080
+  - match: Host(`search.trivernis.net`)
+    kind: Rule
+    services:
+    - name: searxng-srv
+      port: 8080
--- a/apps/traefik/traefik-config.yaml
+++ b/apps/traefik/traefik-config.yaml
@ -0,0 +1,15 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: traefik
+  namespace: kube-system
+spec:
+  valuesContent: |-
+    additionalArguments:
+      - "--entryPoints.web.proxyProtocol.trustedIPs=10.0.0.254"
+      - "--entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.254"
+    ports:
+      web:
+        exposedPort: 8000
+      websecure:
+        exposedPort: 8443
--- a/infra/STEPS.md
+++ b/infra/STEPS.md
@ -10,4 +10,35 @@ apt install apparmor apparmor-utils -y
 ```
 Follow https://community.hetzner.com/tutorials/k3s-glusterfs-loadbalancer

-For Storage use https://github.com/hetznercloud/csi-driver/blob/main/docs/kubernetes/README.md
+## Longhorn Storage
+
+On all nodes install [open-iscsi](https://longhorn.io/docs/1.5.1/deploy/install/#installing-open-iscsi).
+
+```sh
+helm repo add longhorn https://charts.longhorn.io
+helm repo update
+helm install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace --version 1.5.1
+```
+
+## Hetzner Storage
+
+https://github.com/hetznercloud/csi-driver/blob/main/docs/kubernetes/README.md
+
+## Metrics
+
+```sh
+kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+```
+
+## Prometheus / Grafana
+https://grafana.com/blog/2023/01/19/how-to-monitor-kubernetes-clusters-with-the-prometheus-operator/
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/bundle.yaml --force-conflicts=true --server-side=true
+```
+
+## Traefik (fix)
+
+```sh
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+```
--- a/infra/init.tf
+++ b/infra/init.tf
@ -34,10 +34,10 @@ resource "hcloud_placement_group" "spread-group" {

 resource "hcloud_server" "control" {
  name        = "cluster-control"
-  image       = "ubuntu-22.04"
+  image       = "fedora-38"
  location    = "nbg1"
  ssh_keys  = ["archomen_cloud1", "deepthought_cloud1"]
-  server_type = "cx11"
+  server_type = "cx21"
  firewall_ids = [hcloud_firewall.firewall.id]
  placement_group_id = hcloud_placement_group.spread-group.id

@ -57,7 +57,7 @@ resource "hcloud_server" "control" {

 resource "hcloud_server" "worker-1" {
  name        = "cluster-worker-1"
-  image       = "ubuntu-22.04"
+  image       = "fedora-38"
  location    = "nbg1"
  ssh_keys  = ["archomen_cloud2", "deepthought_cloud2"]
  server_type = "cx21"