From 7d7bb6d4d3d2dc5e28c8bfea1ea2d89492d7ad6b Mon Sep 17 00:00:00 2001 From: Radon Rosborough Date: Thu, 29 Dec 2022 00:23:26 -0700 Subject: [PATCH] Just use nginx instead istg --- k8s/riju-proxy.yaml | 77 +++++++++++++++++--------------------- k8s/traefik-config.in.yaml | 7 ++++ k8s/traefik.yaml | 2 + 3 files changed, 44 insertions(+), 42 deletions(-) diff --git a/k8s/riju-proxy.yaml b/k8s/riju-proxy.yaml index af77258..b2bc351 100644 --- a/k8s/riju-proxy.yaml +++ b/k8s/riju-proxy.yaml @@ -5,38 +5,18 @@ metadata: namespace: riju name: riju-proxy-config data: - squid.conf: | - cache deny all + default.conf: | + server { + resolver kube-dns.kube-system.svc.cluster.local; + listen 1869 default_server; - acl riju_src src 127.0.0.1/32 - acl riju_src src 10.244.0.0/16 - http_access deny !riju_src + auth_basic "Riju administrative proxy"; + auth_basic_user_file /etc/nginx/passwd; - acl riju_dst dst 10.244.0.0/16 - http_access deny !riju_dst - - acl riju_port port 869 - http_access deny !riju_port - - acl riju_method method GET - http_access deny !riju_method - - auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd - auth_param basic children 5 startup=5 idle=1 - auth_param basic realm Riju administrative proxy - auth_param basic credentialsttl 24 hours - - acl riju_auth proxy_auth REQUIRED - http_access deny !riju_auth - - http_access allow all - http_access deny all - - http_port 3128 - - # Avoid logging TCP healthchecks as errors - acl hasRequest has request - access_log daemon:/var/log/squid/access.log hasRequest + location ~ { + proxy_pass http://$host:869; + } + } --- kind: Deployment @@ -63,11 +43,11 @@ spec: secretName: riju-proxy-auth containers: - name: nginx - image: "ubuntu/squid:5.2-22.04_beta" + image: "nginx:1.23" resources: {} readinessProbe: tcpSocket: - port: 3128 + port: 1869 failureThreshold: 1 initialDelaySeconds: 2 periodSeconds: 10 @@ -75,7 +55,7 @@ spec: timeoutSeconds: 2 livenessProbe: tcpSocket: - port: 3128 + port: 1869 failureThreshold: 3 initialDelaySeconds: 2 periodSeconds: 10 @@ -83,13 +63,12 @@ spec: timeoutSeconds: 2 ports: - name: http - containerPort: 3128 + containerPort: 1869 volumeMounts: - name: config - mountPath: /etc/squid/squid.conf - subPath: squid.conf + mountPath: /etc/nginx/conf.d - name: auth - mountPath: /etc/squid/passwd + mountPath: /etc/nginx/passwd subPath: htpasswd --- @@ -98,13 +77,27 @@ apiVersion: v1 metadata: namespace: riju name: riju-proxy - annotations: - metallb.universe.tf/allow-shared-ip: main spec: - type: LoadBalancer selector: app: riju-proxy ports: - name: http - port: 3128 - targetPort: 3128 + port: 1869 + targetPort: 1869 + +--- +kind: IngressRoute +apiVersion: traefik.containo.us/v1alpha1 +metadata: + namespace: riju + name: riju-proxy +spec: + entryPoints: + - proxy + routes: + - kind: Rule + match: "PathPrefix(`/`)" + services: + - namespace: riju + name: riju-proxy + port: 1869 diff --git a/k8s/traefik-config.in.yaml b/k8s/traefik-config.in.yaml index 041bc8c..52ff2e6 100644 --- a/k8s/traefik-config.in.yaml +++ b/k8s/traefik-config.in.yaml @@ -7,6 +7,13 @@ metadata: data: traefik.yaml: | entryPoints: + proxy: + address: ":1869" + http: + tls: + certResolver: riju + domains: + - main: k8s.riju.codes http: address: ":8000" https: diff --git a/k8s/traefik.yaml b/k8s/traefik.yaml index f3a8a0f..0a4b749 100644 --- a/k8s/traefik.yaml +++ b/k8s/traefik.yaml @@ -132,6 +132,8 @@ spec: - port: 443 name: https targetPort: 8443 + - port: 1869 + name: proxy - port: 31000 name: docker - port: 32000