Adding traefik to the mix

2026-06-02 16:14:56 -06:00 · 2026-06-02 16:14:56 -06:00 · 2838fe13db
parent cff162c186
commit 2838fe13db
5 changed files with 51 additions and 12 deletions
--- a/bootstrap/cluster/main.tf
+++ b/bootstrap/cluster/main.tf
@ -20,7 +20,7 @@ resource "null_resource" "kubeadm_control_plane" {
    kubeconfig_path         = var.kubeconfig_path
    kubeconfig_owner        = var.kubeconfig_owner
    registry_endpoint       = var.registry_endpoint
-    registry_config_version = "7"
+    registry_config_version = "8"
    cni_plugins_version     = "2"
    node_dns_servers        = join(" ", var.node_dns_servers)
    persistent_volume_dirs  = join(",", var.persistent_volume_dirs)
@ -175,11 +175,29 @@ ensure_containerd_cni_bin_dir() {
  config_version="$(containerd_config_version)"
  tmp="$(mktemp)"
  sudo awk -v config_version="$config_version" '
-    /^[[:space:]]*bin_dir[[:space:]]*=/ {
+    function is_table(line) {
+      return line ~ /^[[:space:]]*\[/
+    }
+    function is_cni_table(line) {
+      return is_table(line) && line ~ /[.]cni[[:space:]]*\]/
+    }
+    BEGIN {
+      in_cni = 0
+      found = 0
+    }
+    is_cni_table($0) {
+      in_cni = 1
+      print
+      next
+    }
+    in_cni && is_table($0) {
+      in_cni = 0
+    }
+    in_cni && /^[[:space:]]*bin_dir[[:space:]]*=/ {
      sub(/=.*/, "= \"/opt/cni/bin\"")
      found = 1
    }
-    /^[[:space:]]*bin_dirs[[:space:]]*=/ {
+    in_cni && /^[[:space:]]*bin_dirs[[:space:]]*=/ {
      sub(/=.*/, "= [\"/opt/cni/bin\"]")
      found = 1
    }
@ -345,7 +363,7 @@ resource "null_resource" "kubeadm_worker" {
    user                                 = each.value.user
    ssh_key_path                         = each.value.ssh_key_path
    registry_endpoint                    = var.registry_endpoint
-    registry_config_version              = "7"
+    registry_config_version              = "8"
    cni_plugins_version                  = "2"
    node_dns_servers                     = join(" ", var.node_dns_servers)
    persistent_volume_dirs               = join(",", var.persistent_volume_dirs)
@ -517,11 +535,29 @@ ensure_containerd_cni_bin_dir() {
  config_version="$(containerd_config_version)"
  tmp="$(mktemp)"
  sudo awk -v config_version="$config_version" '
-    /^[[:space:]]*bin_dir[[:space:]]*=/ {
+    function is_table(line) {
+      return line ~ /^[[:space:]]*\[/
+    }
+    function is_cni_table(line) {
+      return is_table(line) && line ~ /[.]cni[[:space:]]*\]/
+    }
+    BEGIN {
+      in_cni = 0
+      found = 0
+    }
+    is_cni_table($0) {
+      in_cni = 1
+      print
+      next
+    }
+    in_cni && is_table($0) {
+      in_cni = 0
+    }
+    in_cni && /^[[:space:]]*bin_dir[[:space:]]*=/ {
      sub(/=.*/, "= \"/opt/cni/bin\"")
      found = 1
    }
-    /^[[:space:]]*bin_dirs[[:space:]]*=/ {
+    in_cni && /^[[:space:]]*bin_dirs[[:space:]]*=/ {
      sub(/=.*/, "= [\"/opt/cni/bin\"]")
      found = 1
    }
--- a/bootstrap/edge/main.tf
+++ b/bootstrap/edge/main.tf
@ -16,6 +16,7 @@ locals {
    server_names       = join(" ", local.server_names)
    backend_host       = var.backend_host
    demos_backend_port = var.demos_backend_port
+    gitea_backend_host = var.gitea_backend_host
    gitea_backend_port = var.gitea_backend_port
  })
  default_vcl = templatefile("${path.module}/templates/default.vcl.tftpl", {
--- a/bootstrap/edge/templates/default.conf.tftpl
+++ b/bootstrap/edge/templates/default.conf.tftpl
@ -79,7 +79,7 @@ server {
        limit_req zone=one burst=20 nodelay;
        client_max_body_size 512m;

-        proxy_pass http://${backend_host}:${gitea_backend_port}/;
+        proxy_pass http://${gitea_backend_host}:${gitea_backend_port}/;
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_read_timeout 300s;
--- a/bootstrap/edge/variables.tf
+++ b/bootstrap/edge/variables.tf
@ -70,6 +70,11 @@ variable "gitea_backend_port" {
  default = 3000
 }

+variable "gitea_backend_host" {
+  type    = string
+  default = "192.168.100.89"
+}
+
 variable "haproxy_stats_user" {
  type    = string
  default = "admin"
--- a/bootstrap/platform/main.tf
+++ b/bootstrap/platform/main.tf
@ -797,15 +797,12 @@ resource "helm_release" "traefik" {
      }
      ports = {
        web = {
-          port        = 80
+          port        = 8000
          exposedPort = 80
        }
        websecure = {
-          port        = 443
+          port        = 8443
          exposedPort = 443
-          tls = {
-            enabled = true
-          }
        }
      }
      service = {