Merge pull request #29 from phaer/ingress-no-private-ip-optional-ipv6
ingress: don't use private ip, make ipv6 optional
This commit is contained in:
commit
7fbf5a88d6
5
main.tf
5
main.tf
@ -166,8 +166,9 @@ resource "local_file" "hetzner_csi_config" {
|
|||||||
|
|
||||||
resource "local_file" "traefik_config" {
|
resource "local_file" "traefik_config" {
|
||||||
content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
|
content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
|
||||||
lb_server_type = var.lb_server_type
|
lb_disable_ipv6 = var.lb_disable_ipv6
|
||||||
location = var.location
|
lb_server_type = var.lb_server_type
|
||||||
|
location = var.location
|
||||||
})
|
})
|
||||||
filename = "${path.module}/templates/rendered/traefik_config.yaml"
|
filename = "${path.module}/templates/rendered/traefik_config.yaml"
|
||||||
file_permission = "0644"
|
file_permission = "0644"
|
||||||
|
@ -10,7 +10,12 @@ spec:
|
|||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
annotations:
|
annotations:
|
||||||
"load-balancer.hetzner.cloud/name": "traefik"
|
"load-balancer.hetzner.cloud/name": "traefik"
|
||||||
|
# make hetzners load-balancer connect to our nodes via our private k3s-net.
|
||||||
"load-balancer.hetzner.cloud/use-private-ip": "true"
|
"load-balancer.hetzner.cloud/use-private-ip": "true"
|
||||||
|
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet.
|
||||||
|
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
|
||||||
|
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
|
||||||
|
"load-balancer.hetzner.cloud/ipv6-disabled": "${lb_disable_ipv6}"
|
||||||
"load-balancer.hetzner.cloud/location": "${location}"
|
"load-balancer.hetzner.cloud/location": "${location}"
|
||||||
"load-balancer.hetzner.cloud/type": "${lb_server_type}"
|
"load-balancer.hetzner.cloud/type": "${lb_server_type}"
|
||||||
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
|
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
|
||||||
@ -18,4 +23,4 @@ spec:
|
|||||||
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
|
@ -34,6 +34,12 @@ variable "lb_server_type" {
|
|||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "lb_disable_ipv6" {
|
||||||
|
description = "Disable ipv6 for the load balancer"
|
||||||
|
type = bool
|
||||||
|
default = false
|
||||||
|
}
|
||||||
|
|
||||||
variable "servers_num" {
|
variable "servers_num" {
|
||||||
description = "Number of control plane nodes."
|
description = "Number of control plane nodes."
|
||||||
type = number
|
type = number
|
||||||
|
Loading…
Reference in New Issue
Block a user