feat(nas): Add first S3 passthrough ingress

This patch introduces a simple ingress proxy for the S3 storage located on my NAS by using a Service of type "externalName", which acts like a CNAME for an external dns entry and allows to create an ingress object, which can handle traffic for this service. This way, everything passes through the central nginx proxy and can be managed through Kubernetes instead of exposing the NAS directly to the internet. References: https://kubernetes.io/docs/concepts/services-networking/service/#externalname https://kubernetes.io/docs/concepts/services-networking/ingress/

feat(nas): Add first S3 passthrough ingress
54f3ff8f · Sheogorath · 435ec107 · 54f3ff8f · 54f3ff8f · 54f3ff8f
Verified Commit 54f3ff8f authored 2 years ago by Sheogorath
--- a/clusters/k8s01/nas/kustomization.yaml
+++ b/clusters/k8s01/nas/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- namespace.yaml
+- s3.yaml
--- a/clusters/k8s01/nas/namespace.yaml
+++ b/clusters/k8s01/nas/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nas
+  labels:
+    name: nas
--- a/clusters/k8s01/nas/s3.yaml
+++ b/clusters/k8s01/nas/s3.yaml
+apiVersion: v1
+kind: Service
+metadata:
+    name: s3
+    namespace: nas
+spec:
+    type: ExternalName
+    externalName: ENC[AES256_GCM,data:fwc8cAg/xLWURZq+/k+/eyxWEA==,iv:UAFXpKGbDIkj+ggfiATh/7l8pKXhtYF4R4eFCaNYzgY=,tag:D0FPVpUuBEI8O9OV42HKBg==,type:str]
+    ports:
+        - port: 9000
+          name: https
+          protocol: TCP
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-09-13T22:05:14Z"
+    mac: ENC[AES256_GCM,data:nEObyUfkglecL9oAMNC2717K32t0bslt9Oym2AHMg+eW5Qbl5l9RjUvjFkXeStKAUxP6WPz0i14gwp/JpUQ3wd+PTFuH0LYMQusROlyK/2LuBsxG6MAqupNRISZEKkLQr+zs+dJm0arei7AXj6p2meZuFPLlyJegID3ot6Sqeac=,iv:rcXPsc8+Xub/zQxn4eP0u+MlXcqFQ5zbr6XI3r+wMp0=,tag:Qk1jSXIFtyRchxd21MV6iA==,type:str]
+    pgp:
+        - created_at: "2022-09-13T20:16:18Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+            wcFMA7kpg2bgzVHcARAAs2wtI2PnfYFdrQMyzW9uwi06Wzi5NPO1PmRp896RrkCr
+            tqILIJoJayon4IFtoXmG99KZUqDfMWAb7wqAzw8+pwI6Qy+xJjzZ88fYnaP2m8yX
+            2ebnaliurX7+VaRwJ0jBW5DJRUkpGqy4dm3kAA3uV8oyOU6QrCfVH5nekS38PKAH
+            QDQcCA+u3ERe6meAOTXyfJw/y8WMocTNrmFTQDImornspXaakDOBnN8WPOhizlvm
+            A8SmEZI1Mp4TlNuhRZaX8vu1zGMJ2Ut3QyzCBUy45cs1BVRtLQjj7LZ6zpyMSr7v
+            wNMxNByOiW4m5Ic6LrUSAoShLmIXqb+uUFno6uG8kyP5cQc3+9fXLhvPpwT2oedY
+            cnSpTkwqx7l1/lQ0xsnKrNhr+/RU3FK27Q5BgTj4NAQF5pCXkUa0QMeSHfKXtNo6
+            +/TE+KIHzbwvPoabWXXWl8odT3Jw6mmOy66otADlxXa6s+g5FhpZfQKQlCr54Lh/
+            EdAlQc3cGxPzDCeTVmDFZu53A9cXaeR/DpzILjJkdcw8muG9aJtGhq/taudZZhAv
+            +rgJHXYKvQu05LTGQLClMrlJidO2+B0qNV3aw40sYGyZ/n73nvnODrXaRzNG1jyR
+            +j5u4KQpWAUKpljlbAw3lKUll+wBhmmnPJ6UJQ87VmDDcadXFORua+yQsplKRtrS
+            5gHPRhnLFveyK1PjYIcasVnKCoS3OiRG187uwx9iPJq95oZETk0VmnpUleiJcml5
+            kPy6qaM/qjIx7lo1ShovIfLk25sEge6NkiUwkx/WXI8b++JHZO27AA==
+            =sOCX
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2022-09-13T20:16:18Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+            hQIMA4oYbIHZIrAPAQ/+I/VVicoriCwyJ3X3RRUJ2v/hlV7DmUHNBghR6xl5Hqc6
+            KzDh/3vFYCD14aqFprgv7sBI+WpwVZh5bgqfWUiZ+ydCQZl++r/t71sGlrC0yYhU
+            IKgAoc/nCRyAnNrK+7vpcQ4tjyCrHzerSJSmE8X5x1yVi1VfE3NhtuwWhfjieW88
+            aSwIPsj4twmOMVTCjwOaCvOw/xdehJEsL4J0nOXTNUrjWO6TuNrhEBVL5avk/Vxc
+            zGL3KZBaykVH8lai+ZwpPyf5lZgjbeHb82Gl8VdEy0o0oyDWWriJOkxX5w09/ajv
+            PcpROSGXdjPvt/7jLgSQR50UY6Ekju6DsUYxaXeJ4QryPITDkcf2MbFstEA6e2np
+            HGbNTN3yMnoFBijLQPWxQotk9xufDaKLVxDFfSZXoDdMu+005DJnVykM8Pv5qck7
+            /fC+jy59mGO0eiDfltWGb1q6CRyJeXk0RTnt9X77I4EMLWjeid6zUhjCp4ZDLSK9
+            UuKlnwk5/vb0aH2w87y60M9qgaaIzwB0Be7hpSZ+/OPBhakCS3gU1LxNSMLlSw0o
+            zoNviDkFxEACkqt+YIYJ3phNRn71RUzNUObiz/LWyd2ZasN5IDnezW39t/4uKjYa
+            Y1YyZ5HvdJEGvtBYycftTY7IwqUK2DVicImSc4Dszk1PbqMDzIUUbmGN7MxR/gTU
+            aAEJAhALMJFcOgYratPE/GE+mWKliwdylZQU2pKCuX5DZD5c363wYdmLL5zx32g9
+            3O9uQjmXIvIsKLQecFvk7L9W+F5H0Ya822Be5X1eQiIiYDmRLE3IDgrLypSGW870
+            XwzIGA4wMFDY
+            =5l9E
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
+    version: 3.7.1
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+    name: s3-tls
+    namespace: nas
+spec:
+    dnsNames:
+        - ENC[AES256_GCM,data:ecegjdQgc88E/W0j+KzhpQ==,iv:ikGx+n+E+KFImkxPORNGU2cIP9/BywwetTgBJ/juVHs=,tag:gcTyQSw0XMORI6NqYNYkNg==,type:str]
+        - ENC[AES256_GCM,data:TZLnYynHEH/mqu8dZ5wVF2EUcgJm3+XU,iv:LnMGuyCqIlXzshECYkrqYU8anpK4ZyHdM0Xvj1tM30s=,tag:E+W1gUyDOOtiFCpvmiSmyw==,type:str]
+    issuerRef:
+        name: letsencrypt
+        kind: ClusterIssuer
+    secretName: ingress-s3-tls
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-09-13T22:05:14Z"
+    mac: ENC[AES256_GCM,data:nEObyUfkglecL9oAMNC2717K32t0bslt9Oym2AHMg+eW5Qbl5l9RjUvjFkXeStKAUxP6WPz0i14gwp/JpUQ3wd+PTFuH0LYMQusROlyK/2LuBsxG6MAqupNRISZEKkLQr+zs+dJm0arei7AXj6p2meZuFPLlyJegID3ot6Sqeac=,iv:rcXPsc8+Xub/zQxn4eP0u+MlXcqFQ5zbr6XI3r+wMp0=,tag:Qk1jSXIFtyRchxd21MV6iA==,type:str]
+    pgp:
+        - created_at: "2022-09-13T20:16:18Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+            wcFMA7kpg2bgzVHcARAAs2wtI2PnfYFdrQMyzW9uwi06Wzi5NPO1PmRp896RrkCr
+            tqILIJoJayon4IFtoXmG99KZUqDfMWAb7wqAzw8+pwI6Qy+xJjzZ88fYnaP2m8yX
+            2ebnaliurX7+VaRwJ0jBW5DJRUkpGqy4dm3kAA3uV8oyOU6QrCfVH5nekS38PKAH
+            QDQcCA+u3ERe6meAOTXyfJw/y8WMocTNrmFTQDImornspXaakDOBnN8WPOhizlvm
+            A8SmEZI1Mp4TlNuhRZaX8vu1zGMJ2Ut3QyzCBUy45cs1BVRtLQjj7LZ6zpyMSr7v
+            wNMxNByOiW4m5Ic6LrUSAoShLmIXqb+uUFno6uG8kyP5cQc3+9fXLhvPpwT2oedY
+            cnSpTkwqx7l1/lQ0xsnKrNhr+/RU3FK27Q5BgTj4NAQF5pCXkUa0QMeSHfKXtNo6
+            +/TE+KIHzbwvPoabWXXWl8odT3Jw6mmOy66otADlxXa6s+g5FhpZfQKQlCr54Lh/
+            EdAlQc3cGxPzDCeTVmDFZu53A9cXaeR/DpzILjJkdcw8muG9aJtGhq/taudZZhAv
+            +rgJHXYKvQu05LTGQLClMrlJidO2+B0qNV3aw40sYGyZ/n73nvnODrXaRzNG1jyR
+            +j5u4KQpWAUKpljlbAw3lKUll+wBhmmnPJ6UJQ87VmDDcadXFORua+yQsplKRtrS
+            5gHPRhnLFveyK1PjYIcasVnKCoS3OiRG187uwx9iPJq95oZETk0VmnpUleiJcml5
+            kPy6qaM/qjIx7lo1ShovIfLk25sEge6NkiUwkx/WXI8b++JHZO27AA==
+            =sOCX
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2022-09-13T20:16:18Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+            hQIMA4oYbIHZIrAPAQ/+I/VVicoriCwyJ3X3RRUJ2v/hlV7DmUHNBghR6xl5Hqc6
+            KzDh/3vFYCD14aqFprgv7sBI+WpwVZh5bgqfWUiZ+ydCQZl++r/t71sGlrC0yYhU
+            IKgAoc/nCRyAnNrK+7vpcQ4tjyCrHzerSJSmE8X5x1yVi1VfE3NhtuwWhfjieW88
+            aSwIPsj4twmOMVTCjwOaCvOw/xdehJEsL4J0nOXTNUrjWO6TuNrhEBVL5avk/Vxc
+            zGL3KZBaykVH8lai+ZwpPyf5lZgjbeHb82Gl8VdEy0o0oyDWWriJOkxX5w09/ajv
+            PcpROSGXdjPvt/7jLgSQR50UY6Ekju6DsUYxaXeJ4QryPITDkcf2MbFstEA6e2np
+            HGbNTN3yMnoFBijLQPWxQotk9xufDaKLVxDFfSZXoDdMu+005DJnVykM8Pv5qck7
+            /fC+jy59mGO0eiDfltWGb1q6CRyJeXk0RTnt9X77I4EMLWjeid6zUhjCp4ZDLSK9
+            UuKlnwk5/vb0aH2w87y60M9qgaaIzwB0Be7hpSZ+/OPBhakCS3gU1LxNSMLlSw0o
+            zoNviDkFxEACkqt+YIYJ3phNRn71RUzNUObiz/LWyd2ZasN5IDnezW39t/4uKjYa
+            Y1YyZ5HvdJEGvtBYycftTY7IwqUK2DVicImSc4Dszk1PbqMDzIUUbmGN7MxR/gTU
+            aAEJAhALMJFcOgYratPE/GE+mWKliwdylZQU2pKCuX5DZD5c363wYdmLL5zx32g9
+            3O9uQjmXIvIsKLQecFvk7L9W+F5H0Ya822Be5X1eQiIiYDmRLE3IDgrLypSGW870
+            XwzIGA4wMFDY
+            =5l9E
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
+    version: 3.7.1
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+    name: s3-pad
+    namespace: nas
+    annotations:
+        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+spec:
+    rules:
+        - host: ENC[AES256_GCM,data:ZjqjbpLbh4cYYG5/Smu/3kAxL3wHcQw/uho=,iv:HWPhwRyicK8U7cXX/L+MvIw0IoZdKXwsnrfth4GRKZE=,tag:AgOqX2HGlrMmhKXvQBqHOA==,type:str]
+          http:
+            paths:
+                - path: /pad
+                  pathType: Prefix
+                  backend:
+                    service:
+                        name: s3
+                        port:
+                            number: 9000
+    tls:
+        - hosts:
+            - ENC[AES256_GCM,data:tr1C+6Blue7ffbIub+lBjx9IsUh9biZB,iv:RtEsZsXVay4Cd/AwoFBWV1aA3gurA0yGVx+EUJoEb+M=,tag:zAxqwa6bvIDiL1PChv96nA==,type:str]
+          secretName: ingress-s3-tls
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-09-13T22:05:14Z"
+    mac: ENC[AES256_GCM,data:nEObyUfkglecL9oAMNC2717K32t0bslt9Oym2AHMg+eW5Qbl5l9RjUvjFkXeStKAUxP6WPz0i14gwp/JpUQ3wd+PTFuH0LYMQusROlyK/2LuBsxG6MAqupNRISZEKkLQr+zs+dJm0arei7AXj6p2meZuFPLlyJegID3ot6Sqeac=,iv:rcXPsc8+Xub/zQxn4eP0u+MlXcqFQ5zbr6XI3r+wMp0=,tag:Qk1jSXIFtyRchxd21MV6iA==,type:str]
+    pgp:
+        - created_at: "2022-09-13T20:16:18Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+            wcFMA7kpg2bgzVHcARAAs2wtI2PnfYFdrQMyzW9uwi06Wzi5NPO1PmRp896RrkCr
+            tqILIJoJayon4IFtoXmG99KZUqDfMWAb7wqAzw8+pwI6Qy+xJjzZ88fYnaP2m8yX
+            2ebnaliurX7+VaRwJ0jBW5DJRUkpGqy4dm3kAA3uV8oyOU6QrCfVH5nekS38PKAH
+            QDQcCA+u3ERe6meAOTXyfJw/y8WMocTNrmFTQDImornspXaakDOBnN8WPOhizlvm
+            A8SmEZI1Mp4TlNuhRZaX8vu1zGMJ2Ut3QyzCBUy45cs1BVRtLQjj7LZ6zpyMSr7v
+            wNMxNByOiW4m5Ic6LrUSAoShLmIXqb+uUFno6uG8kyP5cQc3+9fXLhvPpwT2oedY
+            cnSpTkwqx7l1/lQ0xsnKrNhr+/RU3FK27Q5BgTj4NAQF5pCXkUa0QMeSHfKXtNo6
+            +/TE+KIHzbwvPoabWXXWl8odT3Jw6mmOy66otADlxXa6s+g5FhpZfQKQlCr54Lh/
+            EdAlQc3cGxPzDCeTVmDFZu53A9cXaeR/DpzILjJkdcw8muG9aJtGhq/taudZZhAv
+            +rgJHXYKvQu05LTGQLClMrlJidO2+B0qNV3aw40sYGyZ/n73nvnODrXaRzNG1jyR
+            +j5u4KQpWAUKpljlbAw3lKUll+wBhmmnPJ6UJQ87VmDDcadXFORua+yQsplKRtrS
+            5gHPRhnLFveyK1PjYIcasVnKCoS3OiRG187uwx9iPJq95oZETk0VmnpUleiJcml5
+            kPy6qaM/qjIx7lo1ShovIfLk25sEge6NkiUwkx/WXI8b++JHZO27AA==
+            =sOCX
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2022-09-13T20:16:18Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+            hQIMA4oYbIHZIrAPAQ/+I/VVicoriCwyJ3X3RRUJ2v/hlV7DmUHNBghR6xl5Hqc6
+            KzDh/3vFYCD14aqFprgv7sBI+WpwVZh5bgqfWUiZ+ydCQZl++r/t71sGlrC0yYhU
+            IKgAoc/nCRyAnNrK+7vpcQ4tjyCrHzerSJSmE8X5x1yVi1VfE3NhtuwWhfjieW88
+            aSwIPsj4twmOMVTCjwOaCvOw/xdehJEsL4J0nOXTNUrjWO6TuNrhEBVL5avk/Vxc
+            zGL3KZBaykVH8lai+ZwpPyf5lZgjbeHb82Gl8VdEy0o0oyDWWriJOkxX5w09/ajv
+            PcpROSGXdjPvt/7jLgSQR50UY6Ekju6DsUYxaXeJ4QryPITDkcf2MbFstEA6e2np
+            HGbNTN3yMnoFBijLQPWxQotk9xufDaKLVxDFfSZXoDdMu+005DJnVykM8Pv5qck7
+            /fC+jy59mGO0eiDfltWGb1q6CRyJeXk0RTnt9X77I4EMLWjeid6zUhjCp4ZDLSK9
+            UuKlnwk5/vb0aH2w87y60M9qgaaIzwB0Be7hpSZ+/OPBhakCS3gU1LxNSMLlSw0o
+            zoNviDkFxEACkqt+YIYJ3phNRn71RUzNUObiz/LWyd2ZasN5IDnezW39t/4uKjYa
+            Y1YyZ5HvdJEGvtBYycftTY7IwqUK2DVicImSc4Dszk1PbqMDzIUUbmGN7MxR/gTU
+            aAEJAhALMJFcOgYratPE/GE+mWKliwdylZQU2pKCuX5DZD5c363wYdmLL5zx32g9
+            3O9uQjmXIvIsKLQecFvk7L9W+F5H0Ya822Be5X1eQiIiYDmRLE3IDgrLypSGW870
+            XwzIGA4wMFDY
+            =5l9E
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
+    version: 3.7.1