feat(ingress): add external HAProxy

Signed-off-by: JJGadgets <git@jjgadgets.tech>
2026-02-05 00:15:52 +00:00 · 2023-03-07 07:33:10 +08:00
parent 962dbc3838
commit a353a70d7d
2 changed files with 94 additions and 0 deletions
--- a/kube/1-clusters/Biohazard/2-config/5-deploy.yaml
+++ b/kube/1-clusters/Biohazard/2-config/5-deploy.yaml
@@ -168,6 +168,27 @@ spec:
    - name: biohazard-1-core-05-ingress
    # - name: biohazard-1-core-05-ingress-nginx-svc
 ---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: haproxytech
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://haproxytech.github.io/helm-charts
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: biohazard-1-core-05-ingress-external
+  namespace: flux-system
+  labels:
+    prune.flux.home.arpa/disabled: "true"
+spec:
+  path: ./kube/3-deploy/1-core/05-ingress/external
+  dependsOn:
+    - name: biohazard-1-core-05-ingress
+---
 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
--- a/kube/3-deploy/1-core/05-ingress/external/install.yaml
+++ b/kube/3-deploy/1-core/05-ingress/external/install.yaml
@@ -0,0 +1,73 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: external
+  namespace: ingress
+spec:
+  chart:
+    spec:
+      chart: haproxy
+      version: 1.18.0
+      sourceRef:
+        name: haproxytech
+  values:
+    image:
+      repository: haproxytech/haproxy-debian
+      tag: "2.6.9"
+      pullPolicy: IfNotPresent
+    kind: DaemonSet
+    nodeSelector:
+      node-restriction.kubernetes.io/nodeType: awsIngress
+    tolerations:
+      - key: nodeType.jj
+        operator: Equal
+        value: awsIngress
+        effect: NoSchedule
+    containerPorts:
+      http: 80
+      https: 443
+    config: |
+      defaults
+        mode tcp
+
+      frontend https
+         mode tcp
+         bind :443
+         default_backend https_servers
+
+      backend https_servers
+         mode tcp
+         server internalnginx ingress-nginx-controller.ingress.svc.cluster.local:20443 send-proxy
+
+      frontend http
+         mode tcp
+         bind :80
+         default_backend http_servers
+
+      backend http_servers
+         mode tcp
+         server internalnginx ingress-nginx-controller.ingress.svc.cluster.local:20080 send-proxy
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: external
+  namespace: ingress
+spec:
+  externalTrafficPolicy: Local
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 80
+      nodePort: 80
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: 443
+      nodePort: 443
+  selector:
+    app.kubernetes.io/instance: external
+    app.kubernetes.io/name: haproxy
+  type: NodePort