HGKeeper

Replace all of the ingress resources in imfreedom with ingressroute resources

2020-02-11, Gary Kramlich

f1e30709d73d

Parents 9be1330eec31
Children 3f14de05e1a0

Replace all of the ingress resources in imfreedom with ingressroute resources

5 files changed, 128 insertions(+), 94 deletions(-)

+21 -0

40-imfreedom-middleware.yaml

+20 -25

50-ci.imfreedom.org.yaml

+29 -23

50-data.imfreedom.org.yaml

+29 -22

50-hub.imfreedom.org.yaml

+29 -24

50-issues.imfreedom.org.yaml

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/40-imfreedom-middleware.yaml Tue Feb 11 03:19:05 2020 -0600

@@ -0,0 +1,21 @@

+# This file contains common traefik middleware for the roost namespace.

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: Middleware

+metadata:

+ name: common-headers

+ namespace: imfreedom

+spec:

+ headers:

+ customResponseHeaders:

+ X-Frame-Options: SAMEORIGIN

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: Middleware

+metadata:

+ name: https-redirect

+ namespace: imfreedom

+spec:

+ redirectScheme:

+ scheme: https

+---

~~--- a/50-ci.imfreedom.org.yaml Tue Feb 11 02:43:29 2020 -0600~~

+++ b/50-ci.imfreedom.org.yaml Tue Feb 11 03:19:05 2020 -0600

@@ -116,38 +116,30 @@

requests:

storage: 1Gi

---

~~-apiVersion: extensions/v1beta1~~

~~-kind: Ingress~~

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

metadata:

~~- namespace: imfreedom~~

~~- annotations:~~

~~- cert-manager.io/issuer: letsencrypt~~

~~- nginx.ingress.kubernetes.io/proxy-body-size: 16m~~

~~- nginx.ingress.kubernetes.io/configuration-snippet: |~~

~~- more_set_headers "X-Frame-Options: SAMEORIGIN";~~

~~- labels:~~

~~- app: ci~~

~~- role: app~~

+ namespace: imfreedom

spec:

~~- rules:~~

~~- - host: ci.imfreedom.org~~

~~- http:~~

~~- paths:~~

~~- - backend:~~

~~- serviceName: ci~~

~~- servicePort: 8111~~

~~- path: /~~

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`ci.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: ci

+ port: 8111

+ middlewares:

+ - name: common-headers

tls:

~~- - hosts:~~

~~- - ci.imfreedom.org~~

~~- secretName: ci-tls~~

+ secretName: ci-tls

---

apiVersion: cert-manager.io/v1alpha2

kind: Certificate

metadata:

namespace: imfreedom

~~- name: ci~~

+ name: ci-tls

spec:

secretName: ci-tls

issuerRef:

@@ -192,7 +184,7 @@

podSelector:

matchLabels:

~~- app: ingress~~

+ app: traefik

role: controller

ports:

- port: 8111

@@ -224,6 +216,9 @@

- name: teamcity

image: docker.io/rwgrim/teamcity-server:latest

imagePullPolicy: Always

+ env:

+ - name: TEAMCITY_SERVER_MEM_OPTS

+ value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xmx3g -XX:ReservedCodeCacheSize=350m

ports:

- containerPort: 8111

resources:

@@ -232,7 +227,7 @@

memory: 3072Mi

requests:

cpu: 500m

~~- memory: 1536Mi~~

+ memory: 1024Mi

volumeMounts:

- mountPath: /data/teamcity_server/datadir/

~~--- a/50-data.imfreedom.org.yaml Tue Feb 11 02:43:29 2020 -0600~~

+++ b/50-data.imfreedom.org.yaml Tue Feb 11 03:19:05 2020 -0600

@@ -1,29 +1,35 @@

---

~~-apiVersion: extensions/v1beta1~~

~~-kind: Ingress~~

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: data

+ namespace: imfreedom

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`data.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: data

+ port: 9000

+ middlewares:

+ - name: common-headers

+ tls:

+ secretName: data-tls

+---

+apiVersion: cert-manager.io/v1alpha2

+kind: Certificate

metadata:

namespace: imfreedom

~~- name: data~~

~~- annotations:~~

~~- cert-manager.io/issuer: letsencrypt~~

~~- nginx.ingress.kubernetes.io/proxy-body-size: 200m~~

~~- nginx.ingress.kubernetes.io/configuration-snippet: |~~

~~- more_set_headers "X-Frame-Options: SAMEORIGIN";~~

~~- labels:~~

~~- app: data~~

+ name: data-tls

spec:

~~- rules:~~

~~- - host: data.imfreedom.org~~

~~- http:~~

~~- paths:~~

~~- - backend:~~

~~- serviceName: data~~

~~- servicePort: 9000~~

~~- path: /~~

~~- tls:~~

~~- - hosts:~~

~~- - data.imfreedom.org~~

~~- secretName: data-tls~~

+ secretName: data-tls

+ issuerRef:

+ name: letsencrypt

+ commonName: data.imfreedom.org

+ dnsNames:

+ - data.imfreedom.org

---

apiVersion: v1

kind: Service

@@ -57,7 +63,7 @@

podSelector:

matchLabels:

~~- app: ingress~~

+ app: traefik

role: controller

ports:

- port: 9000

~~--- a/50-hub.imfreedom.org.yaml Tue Feb 11 02:43:29 2020 -0600~~

+++ b/50-hub.imfreedom.org.yaml Tue Feb 11 03:19:05 2020 -0600

@@ -1,30 +1,37 @@

# hub is a deployment of jetbrains hub software which we use for a centralized

# authentication platform.

---

~~-apiVersion: extensions/v1beta1~~

~~-kind: Ingress~~

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: hub

+ namespace: imfreedom

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`hub.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: hub

+ port: 8080

+ middlewares:

+ - name: common-headers

+ tls:

+ secretName: hub-tls

+---

+apiVersion: cert-manager.io/v1alpha2

+kind: Certificate

metadata:

namespace: imfreedom

~~- name: hub~~

~~- annotations:~~

~~- cert-manager.io/issuer: letsencrypt~~

~~- nginx.ingress.kubernetes.io/configuration-snippet: |~~

~~- more_set_headers "X-Frame-Options: SAMEORIGIN";~~

~~- labels:~~

~~- app: hub~~

+ name: hub-tls

spec:

~~- rules:~~

~~- - host: hub.imfreedom.org~~

~~- http:~~

~~- paths:~~

~~- - backend:~~

~~- serviceName: hub~~

~~- servicePort: 8080~~

~~- path: /~~

~~- tls:~~

~~- - hosts:~~

~~- - hub.imfreedom.org~~

~~- secretName: hub-tls~~

+ secretName: hub-tls

+ issuerRef:

+ name: letsencrypt

+ commonName: hub.imfreedom.org

+ dnsNames:

+ - hub.imfreedom.org

---

apiVersion: v1

kind: Service

@@ -58,7 +65,7 @@

podSelector:

matchLabels:

~~- app: ingress~~

+ app: traefik

role: controller

ports:

- port: 8080

~~--- a/50-issues.imfreedom.org.yaml Tue Feb 11 02:43:29 2020 -0600~~

+++ b/50-issues.imfreedom.org.yaml Tue Feb 11 03:19:05 2020 -0600

@@ -1,32 +1,37 @@

# youtrack is an issue tracker from jetbrains. It supports multiple projects,

# integrates into hub, and supports importing from multiple issue trackers.

---

~~-apiVersion: extensions/v1beta1~~

~~-kind: Ingress~~

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: issues

+ namespace: imfreedom

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`issues.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: issues

+ port: 8080

+ middlewares:

+ - name: common-headers

+ tls:

+ secretName: issues-tls

+---

+apiVersion: cert-manager.io/v1alpha2

+kind: Certificate

metadata:

namespace: imfreedom

~~- name: issues~~

~~- annotations:~~

~~- cert-manager.io/issuer: letsencrypt~~

~~- nginx.ingress.kubernetes.io/proxy-body-size: 16m~~

~~- nginx.ingress.kubernetes.io/configuration-snippet: |~~

~~- more_set_headers "X-Frame-Options: SAMEORIGIN";~~

~~- labels:~~

~~- app: issues~~

~~- role: app~~

+ name: issues-tls

spec:

~~- rules:~~

~~- - host: issues.imfreedom.org~~

~~- http:~~

~~- paths:~~

~~- - backend:~~

~~- serviceName: issues~~

~~- servicePort: 8080~~

~~- path: /~~

~~- tls:~~

~~- - hosts:~~

~~- - issues.imfreedom.org~~

~~- secretName: issues-tls~~

+ secretName: issues-tls

+ issuerRef:

+ name: letsencrypt

+ commonName: issues.imfreedom.org

+ dnsNames:

+ - issues.imfreedom.org

---

apiVersion: v1

kind: Service

@@ -64,7 +69,7 @@

podSelector:

matchLabels:

~~- app: ingress~~

+ app: traefik

role: controller

ports:

- port: 8080

imfreedom/k8s-cluster