{ pkgs, inputs, ... }: { resource."kubernetes_namespace"."ingress" = { metadata = { name = "ingress"; # has to be kept in sync with `prepare` profile labels = { "istio.io/rev" = "1-20-2"; }; }; }; resource."kubernetes_namespace"."website" = { metadata = { name = "website"; labels = { "istio.io/rev" = "1-20-2"; }; }; }; resource."kubernetes_manifest"."metallb-pool" = { manifest = { apiVersion = "metallb.io/v1beta1"; kind = "IPAddressPool"; metadata = { name = "first-pool"; namespace = "metallb-system"; }; spec = { addresses = [ "172.26.96.2/32" ]; }; }; }; resource."kubernetes_manifest"."website-deployment" = { manifest = { apiVersion = "apps/v1"; kind = "Deployment"; metadata = { name = "website"; namespace = "website"; labels = { app = "website"; }; }; spec = { replicas = 3; selector = { matchLabels = { app = "website"; }; }; template = { metadata = { labels = { app = "website"; }; }; spec = { containers = [ { name = "nginx"; image = (inputs.nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage { name = "website"; resolvedByNix = true; config.entrypoint = ["${inputs.self.nixngConfigurations.website.config.system.build.toplevel}/init"]; }) .image; ports = [ { containerPort = 80; } ]; } ]; }; }; }; }; }; resource."kubernetes_manifest"."website-service" = { manifest = { apiVersion = "v1"; kind = "Service"; metadata = { name = "website"; namespace = "website"; }; spec = { ports = [ { port = 80; protocol = "TCP"; targetPort = 80; } ]; selector = { app = "website"; }; }; }; }; resource."kubernetes_manifest"."website-gateway" = { manifest = { apiVersion = "gateway.networking.k8s.io/v1"; kind = "Gateway"; metadata = { name = "website"; namespace = "ingress"; }; spec = { gatewayClassName = "istio"; listeners = [ { name = "http"; hostname = "redalder.org"; port = "80"; protocol = "HTTP"; allowedRoutes = { namespaces = { from = "All"; }; }; } ]; addresses = [ { type = "IPAddress"; value = "172.26.96.2"; } ]; infrastructure = { annotations = { "metallb.universe.tf/allow-shared-ip" = "172.26.96.2"; }; }; }; }; }; resource."kubernetes_manifest"."website-reference-grant" = { manifest = { apiVersion = "gateway.networking.k8s.io/v1alpha2"; kind = "ReferenceGrant"; metadata = { name = "website"; namespace = "website"; }; spec = { from = [ { group = "gateway.networking.k8s.io"; kind = "HTTPRoute"; namespace = "ingress"; } ]; to = [ { group = ""; kind = "Service"; } ]; }; }; }; resource."kubernetes_manifest"."website-httproute" = { manifest = { apiVersion = "gateway.networking.k8s.io/v1"; kind = "HTTPRoute"; metadata = { name = "website"; namespace = "ingress"; }; spec = { parentRefs = [ {name = "website";} ]; hostnames = ["redalder.org"]; rules = [ { backendRefs = [ { name = "website"; namespace = "website"; port = 80; } ]; } ]; }; }; }; }