--- apiVersion: v1 kind: Namespace metadata: name: pew --- apiVersion: v1 kind: ServiceAccount metadata: name: haproxy-ingress-service-account namespace: pew --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: haproxy-ingress-cluster-role rules: - apiGroups: - "" resources: - configmaps - endpoints - nodes - pods - services - namespaces - events - serviceaccounts verbs: - get - list - watch - apiGroups: - "extensions" resources: - ingresses - ingresses/status verbs: - get - list - watch - update - apiGroups: - "" resources: - secrets verbs: - get - list - watch - create - patch - update --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: haproxy-ingress-cluster-role-binding namespace: pew roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: haproxy-ingress-cluster-role subjects: - kind: ServiceAccount name: haproxy-ingress-service-account namespace: pew --- apiVersion: v1 kind: ConfigMap metadata: name: haproxy namespace: pew data: --- apiVersion: v1 kind: ConfigMap metadata: name: tcpservices namespace: pew data: 2223: pew/gitea:2223 25565: pew/minecraft:25565 --- apiVersion: apps/v1 kind: Deployment metadata: labels: run: haproxy-ingress name: haproxy-ingress namespace: pew spec: replicas: 1 selector: matchLabels: run: haproxy-ingress template: metadata: labels: run: haproxy-ingress spec: serviceAccountName: haproxy-ingress-service-account containers: - name: haproxy-ingress image: haproxytech/kubernetes-ingress:1.4.9 args: - --configmap=pew/haproxy - --configmap-tcp-services=pew/tcpservices ports: - name: http containerPort: 80 - name: https containerPort: 443 - name: ssh containerPort: 2223 - name: minecraft containerPort: 25565 --- apiVersion: v1 kind: Service metadata: labels: run: haproxy-ingress name: haproxy-ingress namespace: pew spec: selector: run: haproxy-ingress ports: - name: http port: 80 protocol: TCP - name: https port: 443 protocol: TCP - name: ssh port: 2223 protocol: TCP - name: minecraft port: 25565 protocol: TCP externalIPs: - 10.42.0.203 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: # set to false if doing letsencrypt validation ingress.kubernetes.io/ssl-redirect: "false" cert-manager.io/cluster-issuer: letsencrypt-prod name: haproxy-ingress namespace: pew spec: rules: - host: seaturtle.pw http: paths: - path: / pathType: "Exact" backend: service: name: nginx port: number: 80 - path: /files pathType: "Exact" backend: service: name: nginx port: number: 80 - path: /grafana pathType: "Exact" backend: service: name: grafana port: number: 3000 - host: airsonic.seaturtle.pw http: paths: - path: / pathType: "Exact" backend: service: name: airsonic port: number: 4040 - host: git.seaturtle.pw http: paths: - path: / pathType: "Exact" backend: service: name: gitea port: number: 3000 - host: nc.seaturtle.pw http: paths: - path: / pathType: "Exact" backend: service: name: nextcloud port: number: 80 - host: plex.seaturtle.pw http: paths: - path: / pathType: "Exact" backend: service: name: plex port: number: 32400 tls: - secretName: pew-cert hosts: - seaturtle.pw - airsonic.seaturtle.pw - git.seaturtle.pw - plex.seaturtle.pw --- apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: letsencrypt-prod spec: acme: email: paulsw.pw@gmail.com server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: pew-account-key # Add a ACME HTTP01 challenge solver solvers: - http01: ingress: {}