Skip to content

Commit

Permalink
PVC for Traefik Ingress (prevent LetsEncrypt throttling) (#2352)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kenafoster
kenafoster authored Mar 25, 2024
1 parent 9b9b6bc commit ac9ecbc
Showing 1 changed file with 27 additions and 1 deletion.
28 changes: 27 additions & 1 deletion src/_nebari/stages/kubernetes_ingress/template/modules/kubernetes/ingress/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ locals {
"--entrypoints.minio.http.tls.certResolver=letsencrypt",
"--certificatesresolvers.letsencrypt.acme.tlschallenge",
"--certificatesresolvers.letsencrypt.acme.email=${var.acme-email}",
"--certificatesresolvers.letsencrypt.acme.storage=acme.json",
"--certificatesresolvers.letsencrypt.acme.storage=/mnt/acme-certificates/acme.json",
"--certificatesresolvers.letsencrypt.acme.caserver=${var.acme-server}",
]
self-signed = local.default_cert
Expand All @@ -27,6 +27,22 @@ resource "kubernetes_service_account" "main" {
}
}

resource "kubernetes_persistent_volume_claim" "traefik_certs_pvc" {
metadata {
name = "traefik-ingress-certs"
namespace = var.namespace
}
spec {
access_modes = ["ReadWriteOnce"]
resources {
requests = {
storage = "5Gi"
}
}
}
wait_until_bound = false
}


resource "kubernetes_cluster_role" "main" {
metadata {
Expand Down Expand Up @@ -215,6 +231,10 @@ resource "kubernetes_deployment" "main" {
image = "${var.traefik-image.image}:${var.traefik-image.tag}"
name = var.name

volume_mount {
mount_path = "/mnt/acme-certificates"
name = "acme-certificates"
}
security_context {
capabilities {
drop = ["ALL"]
Expand Down Expand Up @@ -326,6 +346,12 @@ resource "kubernetes_deployment" "main" {
success_threshold = 1
}
}
volume {
name = "acme-certificates"
persistent_volume_claim {
claim_name = kubernetes_persistent_volume_claim.traefik_certs_pvc.metadata.0.name
}
}
}
}
}
Expand Down

0 comments on commit ac9ecbc

Please sign in to comment.