Adding traefik to the mix

Fixing cni simlinks
2026-06-02 16:14:56 -06:00 · 2026-06-02 14:33:00 -06:00
5 changed files with 59 additions and 14 deletions
--- a/bootstrap/cluster/main.tf
+++ b/bootstrap/cluster/main.tf
@ -20,7 +20,8 @@ resource "null_resource" "kubeadm_control_plane" {
    kubeconfig_path         = var.kubeconfig_path
    kubeconfig_owner        = var.kubeconfig_owner
    registry_endpoint       = var.registry_endpoint
-    registry_config_version = "7"
+    registry_config_version = "8"
+    cni_plugins_version     = "2"
    node_dns_servers        = join(" ", var.node_dns_servers)
    persistent_volume_dirs  = join(",", var.persistent_volume_dirs)
  }
@ -174,11 +175,29 @@ ensure_containerd_cni_bin_dir() {
  config_version="$(containerd_config_version)"
  tmp="$(mktemp)"
  sudo awk -v config_version="$config_version" '
-    /^[[:space:]]*bin_dir[[:space:]]*=/ {
+    function is_table(line) {
+      return line ~ /^[[:space:]]*\[/
+    }
+    function is_cni_table(line) {
+      return is_table(line) && line ~ /[.]cni[[:space:]]*\]/
+    }
+    BEGIN {
+      in_cni = 0
+      found = 0
+    }
+    is_cni_table($0) {
+      in_cni = 1
+      print
+      next
+    }
+    in_cni && is_table($0) {
+      in_cni = 0
+    }
+    in_cni && /^[[:space:]]*bin_dir[[:space:]]*=/ {
      sub(/=.*/, "= \"/opt/cni/bin\"")
      found = 1
    }
-    /^[[:space:]]*bin_dirs[[:space:]]*=/ {
+    in_cni && /^[[:space:]]*bin_dirs[[:space:]]*=/ {
      sub(/=.*/, "= [\"/opt/cni/bin\"]")
      found = 1
    }
@ -204,9 +223,11 @@ install_cni_plugins() {
  local plugin

  sudo mkdir -p /opt/cni/bin
+  sudo find /opt/cni/bin -maxdepth 1 -type f ! -perm -111 -delete
+  sudo find /opt/cni/bin -maxdepth 1 -type l ! -exec test -x {} \; -delete
  if [ -d /usr/lib/cni ]; then
    for plugin in /usr/lib/cni/*; do
-      [ -f "$plugin" ] || continue
+      [ -f "$plugin" ] && [ -x "$plugin" ] || continue
      sudo ln -sf "$plugin" "/opt/cni/bin/$(basename "$plugin")"
    done
  fi
@ -342,7 +363,8 @@ resource "null_resource" "kubeadm_worker" {
    user                                 = each.value.user
    ssh_key_path                         = each.value.ssh_key_path
    registry_endpoint                    = var.registry_endpoint
-    registry_config_version              = "7"
+    registry_config_version              = "8"
+    cni_plugins_version                  = "2"
    node_dns_servers                     = join(" ", var.node_dns_servers)
    persistent_volume_dirs               = join(",", var.persistent_volume_dirs)
    tailscale_nodeport_version           = "3"
@ -513,11 +535,29 @@ ensure_containerd_cni_bin_dir() {
  config_version="$(containerd_config_version)"
  tmp="$(mktemp)"
  sudo awk -v config_version="$config_version" '
-    /^[[:space:]]*bin_dir[[:space:]]*=/ {
+    function is_table(line) {
+      return line ~ /^[[:space:]]*\[/
+    }
+    function is_cni_table(line) {
+      return is_table(line) && line ~ /[.]cni[[:space:]]*\]/
+    }
+    BEGIN {
+      in_cni = 0
+      found = 0
+    }
+    is_cni_table($0) {
+      in_cni = 1
+      print
+      next
+    }
+    in_cni && is_table($0) {
+      in_cni = 0
+    }
+    in_cni && /^[[:space:]]*bin_dir[[:space:]]*=/ {
      sub(/=.*/, "= \"/opt/cni/bin\"")
      found = 1
    }
-    /^[[:space:]]*bin_dirs[[:space:]]*=/ {
+    in_cni && /^[[:space:]]*bin_dirs[[:space:]]*=/ {
      sub(/=.*/, "= [\"/opt/cni/bin\"]")
      found = 1
    }
@ -543,9 +583,11 @@ install_cni_plugins() {
  local plugin

  sudo mkdir -p /opt/cni/bin
+  sudo find /opt/cni/bin -maxdepth 1 -type f ! -perm -111 -delete
+  sudo find /opt/cni/bin -maxdepth 1 -type l ! -exec test -x {} \; -delete
  if [ -d /usr/lib/cni ]; then
    for plugin in /usr/lib/cni/*; do
-      [ -f "$plugin" ] || continue
+      [ -f "$plugin" ] && [ -x "$plugin" ] || continue
      sudo ln -sf "$plugin" "/opt/cni/bin/$(basename "$plugin")"
    done
  fi
--- a/bootstrap/edge/main.tf
+++ b/bootstrap/edge/main.tf
@ -16,6 +16,7 @@ locals {
    server_names       = join(" ", local.server_names)
    backend_host       = var.backend_host
    demos_backend_port = var.demos_backend_port
+    gitea_backend_host = var.gitea_backend_host
    gitea_backend_port = var.gitea_backend_port
  })
  default_vcl = templatefile("${path.module}/templates/default.vcl.tftpl", {
--- a/bootstrap/edge/templates/default.conf.tftpl
+++ b/bootstrap/edge/templates/default.conf.tftpl
@ -79,7 +79,7 @@ server {
        limit_req zone=one burst=20 nodelay;
        client_max_body_size 512m;

-        proxy_pass http://${backend_host}:${gitea_backend_port}/;
+        proxy_pass http://${gitea_backend_host}:${gitea_backend_port}/;
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_read_timeout 300s;
--- a/bootstrap/edge/variables.tf
+++ b/bootstrap/edge/variables.tf
@ -70,6 +70,11 @@ variable "gitea_backend_port" {
  default = 3000
 }

+variable "gitea_backend_host" {
+  type    = string
+  default = "192.168.100.89"
+}
+
 variable "haproxy_stats_user" {
  type    = string
  default = "admin"
--- a/bootstrap/platform/main.tf
+++ b/bootstrap/platform/main.tf
@ -797,15 +797,12 @@ resource "helm_release" "traefik" {
      }
      ports = {
        web = {
-          port        = 80
+          port        = 8000
          exposedPort = 80
        }
        websecure = {
-          port        = 443
+          port        = 8443
          exposedPort = 443
-          tls = {
-            enabled = true
-          }
        }
      }
      service = {
Author	SHA1	Message	Date
juvdiaz	2838fe13db	Adding traefik to the mix Homelab Main / deploy (push) Successful in 1m24s Details	2026-06-02 16:14:56 -06:00
juvdiaz	cff162c186	Fixing cni simlinks	2026-06-02 14:33:00 -06:00