From 5ec7b6c3384fbcb01aa1a3262d74cae6582eb461 Mon Sep 17 00:00:00 2001 From: j37hr0 Date: Mon, 4 May 2026 20:39:38 +1200 Subject: [PATCH] initial setup of HAproxy --- infrastructure/haproxy/certificate.yaml | 13 ++++++ infrastructure/haproxy/helmrelease.yaml | 20 +++++++++ infrastructure/haproxy/kustomization.yaml | 16 +++++++ infrastructure/haproxy/namespace.yaml | 4 ++ infrastructure/haproxy/values.yaml | 55 +++++++++++++++++++++++ infrastructure/kustomization.yaml | 1 + infrastructure/sources/haproxytech.yaml | 8 ++++ infrastructure/sources/kustomization.yaml | 1 + 8 files changed, 118 insertions(+) create mode 100644 infrastructure/haproxy/certificate.yaml create mode 100644 infrastructure/haproxy/helmrelease.yaml create mode 100644 infrastructure/haproxy/kustomization.yaml create mode 100644 infrastructure/haproxy/namespace.yaml create mode 100644 infrastructure/haproxy/values.yaml create mode 100644 infrastructure/sources/haproxytech.yaml diff --git a/infrastructure/haproxy/certificate.yaml b/infrastructure/haproxy/certificate.yaml new file mode 100644 index 0000000..1fcc6ea --- /dev/null +++ b/infrastructure/haproxy/certificate.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-jethrocotton-com + namespace: haproxy +spec: + secretName: wildcard-jethrocotton-com-tls + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + commonName: "*.jethrocotton.com" + dnsNames: + - "*.jethrocotton.com" diff --git a/infrastructure/haproxy/helmrelease.yaml b/infrastructure/haproxy/helmrelease.yaml new file mode 100644 index 0000000..d154e36 --- /dev/null +++ b/infrastructure/haproxy/helmrelease.yaml @@ -0,0 +1,20 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: haproxy + namespace: haproxy +spec: + interval: 15m + releaseName: haproxy + chart: + spec: + chart: haproxy + version: "*" + sourceRef: + kind: HelmRepository + name: haproxytech + namespace: flux-system + valuesFrom: + - kind: ConfigMap + name: haproxy-values + valuesKey: values.yaml diff --git a/infrastructure/haproxy/kustomization.yaml b/infrastructure/haproxy/kustomization.yaml new file mode 100644 index 0000000..fb3fcba --- /dev/null +++ b/infrastructure/haproxy/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- namespace.yaml +- helmrelease.yaml +- certificate.yaml + +namespace: haproxy + +configMapGenerator: + - name: haproxy-values + files: + - values.yaml + +generatorOptions: + disableNameSuffixHash: true diff --git a/infrastructure/haproxy/namespace.yaml b/infrastructure/haproxy/namespace.yaml new file mode 100644 index 0000000..97e359a --- /dev/null +++ b/infrastructure/haproxy/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: haproxy diff --git a/infrastructure/haproxy/values.yaml b/infrastructure/haproxy/values.yaml new file mode 100644 index 0000000..c85a33a --- /dev/null +++ b/infrastructure/haproxy/values.yaml @@ -0,0 +1,55 @@ +service: + type: NodePort + nodePorts: + http: 30080 + https: 30443 + +extraVolumes: + - name: tls-source + secret: + secretName: wildcard-jethrocotton-com-tls + - name: tls-pem + emptyDir: {} + +initContainers: + - name: build-tls-pem + image: busybox:1.36 + command: + - /bin/sh + - -ec + - | + cat /certs/tls.crt /certs/tls.key > /tls/tls.pem + volumeMounts: + - name: tls-source + mountPath: /certs + readOnly: true + - name: tls-pem + mountPath: /tls + +extraVolumeMounts: + - name: tls-pem + mountPath: /usr/local/etc/ssl + +config: | + global + log stdout format raw local0 + maxconn 1024 + + defaults + log global + timeout client 60s + timeout connect 10s + timeout server 60s + + frontend fe_http + bind :80 + http-request redirect scheme https code 301 if !{ ssl_fc } + + frontend fe_https + bind :443 ssl crt /usr/local/etc/ssl/tls.pem + acl host_forgejo hdr(host) -i forgejo.jethrocotton.com + use_backend be_forgejo if host_forgejo + default_backend be_forgejo + + backend be_forgejo + server forgejo forgejo.forgejo.svc.cluster.local:80 check diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 7311fb1..b90031a 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ceph +- haproxy - bitwarden - sources - eso diff --git a/infrastructure/sources/haproxytech.yaml b/infrastructure/sources/haproxytech.yaml new file mode 100644 index 0000000..4e25779 --- /dev/null +++ b/infrastructure/sources/haproxytech.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: haproxytech + namespace: flux-system +spec: + interval: 12h + url: https://haproxytech.github.io/helm-charts diff --git a/infrastructure/sources/kustomization.yaml b/infrastructure/sources/kustomization.yaml index 1a9d055..c5ef3e5 100644 --- a/infrastructure/sources/kustomization.yaml +++ b/infrastructure/sources/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - robjuz.yaml +- haproxytech.yaml - wikijs.yaml - bitwarden.yaml - eso.yaml