From 77d96589318b24f0e4a2a7a00c1f234cb6d95f0b Mon Sep 17 00:00:00 2001 From: Tamas Kiss Date: Sun, 22 Jan 2023 13:48:10 +0100 Subject: [PATCH] lawndale is skver --- gitea.tf | 21 ++++++++++++++++++--- ssh-ingresstcproute.tf | 26 -------------------------- 2 files changed, 18 insertions(+), 29 deletions(-) delete mode 100644 ssh-ingresstcproute.tf diff --git a/gitea.tf b/gitea.tf index 8edef4f..8b5510c 100644 --- a/gitea.tf +++ b/gitea.tf @@ -22,8 +22,8 @@ resource "helm_release" "this" { "kubernetes.io/ingress.class" = "traefik" "traefik.ingress.kubernetes.io/router.entrypoints" = "websecure" "traefik.ingress.kubernetes.io/router.tls" = "true" - "traefik.ingress.kubernetes.io/router.tls.certresolver" = "acme-thomasklein-me" "traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain + "cert-manager.io/cluster-issuer" = "acme-thomasklein-me" } hosts = [ { @@ -36,6 +36,21 @@ resource "helm_release" "this" { ] } ] + tls = [ + { + secretName = "git-thomasklein-me-tls" + hosts = [ + local.ingress_domain + ] + } + ] + } + }), + jsonencode({ + service = { + ssh = { + type = "LoadBalancer" + } } }), jsonencode({ @@ -65,10 +80,10 @@ resource "helm_release" "this" { ISSUE_INDEXER_TYPE = "db" # bleve doesn't like 9p filesystems :/ } metrics = { - ENABLED = false ## the metrics not really worth it + ENABLED = false ## the metrics not really worth it } service = { - DISABLE_REGISTRATION = true + DISABLE_REGISTRATION = true } } admin = { diff --git a/ssh-ingresstcproute.tf b/ssh-ingresstcproute.tf deleted file mode 100644 index 6a5332c..0000000 --- a/ssh-ingresstcproute.tf +++ /dev/null @@ -1,26 +0,0 @@ -resource "kubernetes_manifest" "ingress_tcp_route" { - manifest = { - apiVersion = "traefik.containo.us/v1alpha1" - kind = "IngressRouteTCP" - metadata = { - name = "gitea-ssh" - namespace = kubernetes_namespace.this.metadata.0.name - } - spec = { - entryPoints = [ - "gitssh", - ] - routes: [ - { - match = "HostSNI(`*`)" - services = [ - { - name = "gitea-ssh" - port = 22 - } - ] - } - ] - } - } -}