split internal & external

2025-01-19 20:14:30 +01:00
parent e6b6208876
commit ce9c7c48e8
18 changed files with 161 additions and 78 deletions
--- a/controllers/external-controller.yaml
+++ b/controllers/external-controller.yaml
--- a/external/external-policy.yaml
+++ b/external/external-policy.yaml
--- a/controllers/kustomization.yaml
+++ b/controllers/kustomization.yaml
@@ -2,5 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
+  - proxy
  - external-controller.yaml
-  - internal-controller.yaml
+  - external-policy.yaml
+  - service.yaml
--- a/external/proxy/kustomization.yaml
+++ b/external/proxy/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - proxy.yaml
+  - service.yaml
+
+configMapGenerator:
+  - name: external-proxy-config
+    files:
+      - nginx.conf
--- a/external/proxy/nginx.conf
+++ b/external/proxy/nginx.conf
@@ -18,29 +18,11 @@ http {
  upstream external_ingress {
    server nginx-external.ingress-nginx.svc.cluster.local:80;
  }
-  upstream internal_ingress {
-    server nginx-internal.ingress-nginx.svc.cluster.local:80;
-  }

  # Server block for HTTP (port 80)
  server {
    listen 80 default_server;
    server_name _;
-
-    # For infra.mrcynic.site
-    # (We do a separate server block for clarity. Could be done with if/host checks.)
-  }
-
-  # dev.mrcynic.site - allow only LAN
-  server {
-    listen 80;
-    server_name ~^(?<subdomain>.+)\.dev\.mrcynic\.site$;
-
-    location / {
-      proxy_pass http://internal_ingress;
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-    }
  }

  server {
--- a/external/proxy/proxy.yaml
+++ b/external/proxy/proxy.yaml
@@ -1,18 +1,18 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: edge-proxy
+  name: external-proxy
  annotations:
    argocd.argoproj.io/sync-wave: "100"
 spec:
  replicas: 1
  selector:
    matchLabels:
-      app: edge-proxy
+      app: external-proxy
  template:
    metadata:
      labels:
-        app: edge-proxy
+        app: external-proxy
    spec:
      containers:
        - name: nginx
--- a/external/proxy/service.yaml
+++ b/external/proxy/service.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: external-proxy-service
+spec:
+  type: LoadBalancer
+  selector:
+    app: external-proxy
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      nodePort: 30080
--- a/external/service.yaml
+++ b/external/service.yaml
@@ -0,0 +1,17 @@
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-internal
+spec:
+  type: LoadBalancer
+  selector:
+    app.kubernetes.io/name: nginx-internal
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+    - name: https
+      port: 443
+      targetPort: 443
--- a/controllers/internal-controller.yaml
+++ b/controllers/internal-controller.yaml
--- a/internal/internal-policy.yaml
+++ b/internal/internal-policy.yaml
--- a/internal/kustomization.yaml
+++ b/internal/kustomization.yaml
@@ -2,5 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
-  - external-policy.yaml
+  - proxy
+  - internal-controller.yaml
  - internal-policy.yaml
+  - service.yaml
--- a/internal/proxy/kustomization.yaml
+++ b/internal/proxy/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - proxy.yaml
+  - service.yaml
+
+configMapGenerator:
+  - name: internal-proxy-config
+    files:
+      - nginx.conf
--- a/internal/proxy/nginx.conf
+++ b/internal/proxy/nginx.conf
@@ -0,0 +1,38 @@
+user  nginx;
+worker_processes  auto;
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+  worker_connections  1024;
+}
+
+http {
+  # Basic config
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+  sendfile        on;
+  keepalive_timeout  65;
+
+  # We define internal upstreams
+  upstream internal_ingress {
+    server nginx-internal.ingress-nginx.svc.cluster.local:80;
+  }
+
+  server {
+    listen 80 default_server;
+    server_name _;
+  }
+
+  # dev.mrcynic.site - allow only LAN
+  server {
+    listen 80;
+    server_name ~^(?<subdomain>.+)\.dev\.mrcynic\.site$;
+
+    location / {
+      proxy_pass http://internal_ingress;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+    }
+  }
+}
--- a/internal/proxy/proxy.yaml
+++ b/internal/proxy/proxy.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: internal-proxy
+  annotations:
+    argocd.argoproj.io/sync-wave: "100"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: internal-proxy
+  template:
+    metadata:
+      labels:
+        app: internal-proxy
+    spec:
+      containers:
+        - name: nginx
+          image: nginx:stable-alpine
+          volumeMounts:
+            - name: config
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
+          ports:
+            - containerPort: 80
+      volumes:
+        - name: config
+          configMap:
+            name: internal-proxy-config
--- a/internal/proxy/service.yaml
+++ b/internal/proxy/service.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: internal-proxy-service
+spec:
+  type: LoadBalancer
+  selector:
+    app: internal-proxy
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      nodePort: 30080
--- a/internal/service.yaml
+++ b/internal/service.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-external
+spec:
+  type: LoadBalancer
+  selector:
+    app.kubernetes.io/name: nginx-external
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+    - name: https
+      port: 443
+      targetPort: 443
--- a/kustomization.yaml
+++ b/kustomization.yaml
@@ -5,15 +5,8 @@ namespace: ingress-nginx

 resources:
  - namespace.yaml
-  - services.yaml
-  - proxy.yaml
-  - policies
-  - controllers
-
-configMapGenerator:
-  - name: proxy-config
-    files:
-      - config/nginx.conf
+  - internal
+  - external

 generatorOptions:
  annotations:
--- a/services.yaml
+++ b/services.yaml
@@ -1,46 +0,0 @@
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx-external
-spec:
-  type: LoadBalancer
-  selector:
-    app.kubernetes.io/name: nginx-external
-  ports:
-    - name: http
-      port: 80
-      targetPort: 80
-    - name: https
-      port: 443
-      targetPort: 443
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx-internal
-spec:
-  type: LoadBalancer
-  selector:
-    app.kubernetes.io/name: nginx-internal
-  ports:
-    - name: http
-      port: 80
-      targetPort: 80
-    - name: https
-      port: 443
-      targetPort: 443
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: edge-proxy-service
-spec:
-  type: LoadBalancer
-  selector:
-    app: edge-proxy
-  ports:
-    - name: http
-      port: 80
-      targetPort: 80
-      nodePort: 30080