mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-02 04:56:14 +01:00
bc824c6849
Signed-off-by: magic_rb <magic_rb@redalder.org>
206 lines
4.3 KiB
Nix
206 lines
4.3 KiB
Nix
{
|
|
pkgs,
|
|
inputs,
|
|
...
|
|
}: {
|
|
resource."kubernetes_namespace"."ingress" = {
|
|
metadata = {
|
|
name = "ingress";
|
|
|
|
# has to be kept in sync with `prepare` profile
|
|
labels = {
|
|
"istio.io/rev" = "1-20-2";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_namespace"."website" = {
|
|
metadata = {
|
|
name = "website";
|
|
|
|
labels = {
|
|
"istio.io/rev" = "1-20-2";
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."metallb-pool" = {
|
|
manifest = {
|
|
apiVersion = "metallb.io/v1beta1";
|
|
kind = "IPAddressPool";
|
|
metadata = {
|
|
name = "first-pool";
|
|
namespace = "metallb-system";
|
|
};
|
|
spec = {
|
|
addresses = [
|
|
"172.26.96.2/32"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."website-deployment" = {
|
|
manifest = {
|
|
apiVersion = "apps/v1";
|
|
kind = "Deployment";
|
|
metadata = {
|
|
name = "website";
|
|
namespace = "website";
|
|
labels = {
|
|
app = "website";
|
|
};
|
|
};
|
|
spec = {
|
|
replicas = 3;
|
|
selector = {
|
|
matchLabels = {
|
|
app = "website";
|
|
};
|
|
};
|
|
template = {
|
|
metadata = {
|
|
labels = {
|
|
app = "website";
|
|
};
|
|
};
|
|
spec = {
|
|
containers = [
|
|
{
|
|
name = "nginx";
|
|
image =
|
|
(inputs.nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage {
|
|
name = "website";
|
|
resolvedByNix = true;
|
|
config.entrypoint = ["${inputs.self.nixngConfigurations.website.config.system.build.toplevel}/init"];
|
|
})
|
|
.image;
|
|
ports = [
|
|
{
|
|
containerPort = 80;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."website-service" = {
|
|
manifest = {
|
|
apiVersion = "v1";
|
|
kind = "Service";
|
|
metadata = {
|
|
name = "website";
|
|
namespace = "website";
|
|
};
|
|
spec = {
|
|
ports = [
|
|
{
|
|
port = 80;
|
|
protocol = "TCP";
|
|
targetPort = 80;
|
|
}
|
|
];
|
|
selector = {
|
|
app = "website";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."website-gateway" = {
|
|
manifest = {
|
|
apiVersion = "gateway.networking.k8s.io/v1";
|
|
kind = "Gateway";
|
|
metadata = {
|
|
name = "website";
|
|
namespace = "ingress";
|
|
};
|
|
spec = {
|
|
gatewayClassName = "istio";
|
|
listeners = [
|
|
{
|
|
name = "http";
|
|
hostname = "redalder.org";
|
|
port = "80";
|
|
protocol = "HTTP";
|
|
allowedRoutes = {
|
|
namespaces = {
|
|
from = "All";
|
|
};
|
|
};
|
|
}
|
|
];
|
|
addresses = [
|
|
{
|
|
type = "IPAddress";
|
|
value = "172.26.96.2";
|
|
}
|
|
];
|
|
infrastructure = {
|
|
annotations = {
|
|
"metallb.universe.tf/allow-shared-ip" = "172.26.96.2";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."website-reference-grant" = {
|
|
manifest = {
|
|
apiVersion = "gateway.networking.k8s.io/v1alpha2";
|
|
kind = "ReferenceGrant";
|
|
metadata = {
|
|
name = "website";
|
|
namespace = "website";
|
|
};
|
|
spec = {
|
|
from = [
|
|
{
|
|
group = "gateway.networking.k8s.io";
|
|
kind = "HTTPRoute";
|
|
namespace = "ingress";
|
|
}
|
|
];
|
|
to = [
|
|
{
|
|
group = "";
|
|
kind = "Service";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
resource."kubernetes_manifest"."website-httproute" = {
|
|
manifest = {
|
|
apiVersion = "gateway.networking.k8s.io/v1";
|
|
kind = "HTTPRoute";
|
|
metadata = {
|
|
name = "website";
|
|
namespace = "ingress";
|
|
};
|
|
spec = {
|
|
parentRefs = [
|
|
{name = "website";}
|
|
];
|
|
hostnames = ["redalder.org"];
|
|
rules = [
|
|
{
|
|
backendRefs = [
|
|
{
|
|
name = "website";
|
|
namespace = "website";
|
|
port = 80;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|