Just use nginx instead istg

2022-12-29 00:23:26 -07:00 · 2022-12-29 00:23:26 -07:00 · 7d7bb6d4d3
parent 4bc1ef4591
commit 7d7bb6d4d3
3 changed files with 44 additions and 42 deletions
--- a/k8s/riju-proxy.yaml
+++ b/k8s/riju-proxy.yaml
@ -5,38 +5,18 @@ metadata:
  namespace: riju
  name: riju-proxy-config
 data:
-  squid.conf: |
+  default.conf: |
-    cache deny all
+    server {
      resolver kube-dns.kube-system.svc.cluster.local;
      listen 1869 default_server;
-    acl riju_src src 127.0.0.1/32
+      auth_basic "Riju administrative proxy";
-    acl riju_src src 10.244.0.0/16
+      auth_basic_user_file /etc/nginx/passwd;
    http_access deny !riju_src
-    acl riju_dst dst 10.244.0.0/16
+      location ~ {
-    http_access deny !riju_dst
+        proxy_pass http://$host:869;
-
+      }
-    acl riju_port port 869
+    }
    http_access deny !riju_port
    acl riju_method method GET
    http_access deny !riju_method
    auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
    auth_param basic children 5 startup=5 idle=1
    auth_param basic realm Riju administrative proxy
    auth_param basic credentialsttl 24 hours
    acl riju_auth proxy_auth REQUIRED
    http_access deny !riju_auth
    http_access allow all
    http_access deny all
    http_port 3128
    # Avoid logging TCP healthchecks as errors
    acl hasRequest has request
    access_log daemon:/var/log/squid/access.log hasRequest
 ---
 kind: Deployment
@ -63,11 +43,11 @@ spec:
            secretName: riju-proxy-auth
      containers:
        - name: nginx
-          image: "ubuntu/squid:5.2-22.04_beta"
+          image: "nginx:1.23"
          resources: {}
          readinessProbe:
            tcpSocket:
-              port: 3128
+              port: 1869
            failureThreshold: 1
            initialDelaySeconds: 2
            periodSeconds: 10
@ -75,7 +55,7 @@ spec:
            timeoutSeconds: 2
          livenessProbe:
            tcpSocket:
-              port: 3128
+              port: 1869
            failureThreshold: 3
            initialDelaySeconds: 2
            periodSeconds: 10
@ -83,13 +63,12 @@ spec:
            timeoutSeconds: 2
          ports:
            - name: http
-              containerPort: 3128
+              containerPort: 1869
          volumeMounts:
            - name: config
-              mountPath: /etc/squid/squid.conf
+              mountPath: /etc/nginx/conf.d
              subPath: squid.conf
            - name: auth
-              mountPath: /etc/squid/passwd
+              mountPath: /etc/nginx/passwd
              subPath: htpasswd
 ---
@ -98,13 +77,27 @@ apiVersion: v1
 metadata:
  namespace: riju
  name: riju-proxy
  annotations:
    metallb.universe.tf/allow-shared-ip: main
 spec:
  type: LoadBalancer
  selector:
    app: riju-proxy
  ports:
    - name: http
-      port: 3128
+      port: 1869
-      targetPort: 3128
+      targetPort: 1869
 ---
 kind: IngressRoute
 apiVersion: traefik.containo.us/v1alpha1
 metadata:
  namespace: riju
  name: riju-proxy
 spec:
  entryPoints:
    - proxy
  routes:
    - kind: Rule
      match: "PathPrefix(`/`)"
      services:
        - namespace: riju
          name: riju-proxy
          port: 1869
--- a/k8s/traefik-config.in.yaml
+++ b/k8s/traefik-config.in.yaml
@ -7,6 +7,13 @@ metadata:
 data:
  traefik.yaml: |
    entryPoints:
      proxy:
        address: ":1869"
        http:
          tls:
            certResolver: riju
            domains:
              - main: k8s.riju.codes
      http:
        address: ":8000"
      https:
--- a/k8s/traefik.yaml
+++ b/k8s/traefik.yaml
@ -132,6 +132,8 @@ spec:
    - port: 443
      name: https
      targetPort: 8443
    - port: 1869
      name: proxy
    - port: 31000
      name: docker
    - port: 32000