riju/k8s/riju-proxy.yaml

---
kind: ConfigMap
apiVersion: v1
metadata:
  namespace: riju
  name: riju-proxy-config
data:
  default.conf: |
    underscores_in_headers on;

    server {
      resolver kube-dns.kube-system.svc.cluster.local;
      listen 1869 default_server;

      auth_basic "Riju administrative proxy";
      auth_basic_user_file /etc/nginx/passwd;

      location ~ /(10\.[0-9]+\.[0-9]+\.[0-9]+)/health {
        proxy_pass http://$1:869/health;
      }

      location ~ /(10\.[0-9]+\.[0-9]+\.[0-9]+)/exec {
        proxy_pass http://$1:869/exec$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
      }

      location / {
        return 404;
      }
    }    

---
kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: riju
  name: riju-proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: riju-proxy
  template:
    metadata:
      labels:
        app: riju-proxy
    spec:
      volumes:
        - name: config
          configMap:
            name: riju-proxy-config
        - name: auth
          secret:
            secretName: riju-proxy-auth
      containers:
        - name: nginx
          image: "nginx:1.23"
          resources: {}
          readinessProbe:
            tcpSocket:
              port: 1869
            failureThreshold: 1
            initialDelaySeconds: 2
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 2
          livenessProbe:
            tcpSocket:
              port: 1869
            failureThreshold: 3
            initialDelaySeconds: 2
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 2
          ports:
            - name: http
              containerPort: 1869
          volumeMounts:
            - name: config
              mountPath: /etc/nginx/conf.d
            - name: auth
              mountPath: /etc/nginx/passwd
              subPath: htpasswd

---
kind: Service
apiVersion: v1
metadata:
  namespace: riju
  name: riju-proxy
spec:
  selector:
    app: riju-proxy
  ports:
    - name: http
      port: 1869
      targetPort: 1869

---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  namespace: riju
  name: riju-proxy
spec:
  entryPoints:
    - proxy
  routes:
    - kind: Rule
      match: "PathPrefix(`/`)"
      services:
        - namespace: riju
          name: riju-proxy
          port: 1869