Merge pull request #29 from phaer/ingress-no-private-ip-optional-ipv6

ingress: don't use private ip, make ipv6 optional
This commit is contained in:
Karim Naufal 2022-01-25 21:13:14 +01:00 committed by GitHub
commit 7fbf5a88d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 3 deletions

View File

@ -166,8 +166,9 @@ resource "local_file" "hetzner_csi_config" {
resource "local_file" "traefik_config" { resource "local_file" "traefik_config" {
content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", { content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
lb_server_type = var.lb_server_type lb_disable_ipv6 = var.lb_disable_ipv6
location = var.location lb_server_type = var.lb_server_type
location = var.location
}) })
filename = "${path.module}/templates/rendered/traefik_config.yaml" filename = "${path.module}/templates/rendered/traefik_config.yaml"
file_permission = "0644" file_permission = "0644"

View File

@ -10,7 +10,12 @@ spec:
type: LoadBalancer type: LoadBalancer
annotations: annotations:
"load-balancer.hetzner.cloud/name": "traefik" "load-balancer.hetzner.cloud/name": "traefik"
# make hetzners load-balancer connect to our nodes via our private k3s-net.
"load-balancer.hetzner.cloud/use-private-ip": "true" "load-balancer.hetzner.cloud/use-private-ip": "true"
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet.
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
"load-balancer.hetzner.cloud/ipv6-disabled": "${lb_disable_ipv6}"
"load-balancer.hetzner.cloud/location": "${location}" "load-balancer.hetzner.cloud/location": "${location}"
"load-balancer.hetzner.cloud/type": "${lb_server_type}" "load-balancer.hetzner.cloud/type": "${lb_server_type}"
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true" "load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
@ -18,4 +23,4 @@ spec:
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"

View File

@ -34,6 +34,12 @@ variable "lb_server_type" {
type = string type = string
} }
variable "lb_disable_ipv6" {
description = "Disable ipv6 for the load balancer"
type = bool
default = false
}
variable "servers_num" { variable "servers_num" {
description = "Number of control plane nodes." description = "Number of control plane nodes."
type = number type = number