1
0
Fork 0
mirror of https://code.forgejo.org/infrastructure/documentation synced 2024-11-25 12:11:10 +00:00

use traefik as a reverse proxy for ssh too

It is more uniform. It also allows to set

externalTrafficPolicy: Local

with the benefit of logging the ip of the incoming connection.
This commit is contained in:
Earl Warren 2024-10-21 20:22:45 +02:00
parent de28b83d38
commit 0ee041fb98
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
3 changed files with 29 additions and 8 deletions

View file

@ -5,18 +5,23 @@ metadata:
namespace: kube-system
spec:
valuesContent: |-
deployment:
replicas: 2
ports:
web:
port: 80
redirectTo:
port: websecure
priority: 1
deployment:
replicas: 2
ssh-next:
port: 2020
exposedPort: 2020
expose: true
service:
annotations:
metallb.universe.tf/allow-shared-ip: "key-to-share-failover"
metallb.universe.tf/loadBalancerIPs: $failover_ipv4,$failover_ipv6
spec:
externalTrafficPolicy: Local
logs:
access:
enabled: true

View file

@ -16,12 +16,11 @@ service:
http:
type: ClusterIP
ipFamilyPolicy: PreferDualStack
clusterIP: ~
port: 3000
ssh:
type: LoadBalancer
annotations:
metallb.universe.tf/loadBalancerIPs: $failover_ipv4,$failover_ipv6
metallb.universe.tf/allow-shared-ip: "key-to-share-failover"
type: ClusterIP
clusterIP: ~
ipFamilyPolicy: PreferDualStack
redis-cluster:

View file

@ -17,7 +17,24 @@ ingress:
service:
ssh:
port: 2020
port: 2222
extraDeploy:
# Route from traefik to forgejo
- apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: forgejo-next-ssh
annotations:
kubernetes.io/ingress.class: traefik
spec:
entryPoints:
- ssh-next # name from traefik port
routes:
- match: HostSNI(`*`)
services:
- name: forgejo-next-ssh
port: 2222 # forgejo ssh port on kubernetes service
persistence:
claimName: forgejo-next