feat(homelab): move traefik to rufus node, add rfc1918 middlewares

2025-12-27 02:20:41 -08:00
parent 037036a684
commit 402f1243a2
11 changed files with 144 additions and 69 deletions
--- a/nix/homelab/kustomize/traefik/chain.yaml
+++ b/nix/homelab/kustomize/traefik/chain.yaml
@@ -0,0 +1,32 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: rfc1918-chain
+  namespace: home
+spec:
+  chain:
+    middlewares:
+      - name: rfc1918-only
+        namespace: default
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: rfc1918-chain
+  namespace: longhorn-system
+spec:
+  chain:
+    middlewares:
+      - name: rfc1918-only
+        namespace: default
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: rfc1918-chain
+  namespace: media
+spec:
+  chain:
+    middlewares:
+      - name: rfc1918-only
+        namespace: default
--- a/nix/homelab/kustomize/traefik/config.yaml
+++ b/nix/homelab/kustomize/traefik/config.yaml
@@ -5,6 +5,13 @@ metadata:
  namespace: kube-system
 spec:
  valuesContent: |-
+    nodeSelector:
+      kubernetes.io/hostname: rufus
+
+    service:
+      annotations:
+        metallb.universe.tf/address-pool: rufus-pool
+
    ports:
      web:
        port: 80
@@ -52,6 +59,8 @@ spec:
         enabled: false
      kubernetesGateway:
         enabled: true
+      kubernetesCRD:
+        allowCrossNamespace: true
    gateway:
      listeners:
        web:
--- a/nix/homelab/kustomize/traefik/rfc1918-middleware.yaml
+++ b/nix/homelab/kustomize/traefik/rfc1918-middleware.yaml
@@ -0,0 +1,11 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: rfc1918-only
+  namespace: default
+spec:
+  ipAllowList:
+    sourceRange:
+      - "10.0.0.0/8"
+      - "172.16.0.0/12"
+      - "192.168.0.0/16"