make traefik serve a nonpriv http/https port

it already runs on non-privileged ports, but the load balancer should serve up ports that align with the backend, so 80 can redirect to 443 and 8080 can redirect to 8443 (this seems to be required for the letsencrypt HTTP-01 challenge redirect, not sure why, might be a bug) Signed-off-by: Kingdon Barrett <[email protected]>
kingdonb · Aug 29, 2024 · 1cd4816 · 1cd4816
1 parent 407dfd1
commit 1cd4816
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 2 deletions.
diff --git a/apps/base/traefik/svc.yaml b/apps/base/traefik/svc.yaml
@@ -22,3 +22,11 @@ spec:
       name: websecure
       targetPort: websecure
       protocol: TCP
+    - port: 8080
+      name: webnonpriv
+      targetPort: webnonpriv
+      protocol: TCP
+    - port: 8443
+      name: websecurenonpriv
+      targetPort: websecurenonpriv
+      protocol: TCP
diff --git a/apps/production/traefik/traefik-patch.yaml b/apps/production/traefik/traefik-patch.yaml
@@ -10,7 +10,9 @@ spec:
         - name: traefik
           args:
             - "--entryPoints.web.address=:8000/tcp"
+            - "--entryPoints.webnonpriv.address=:8080/tcp"
             - "--entryPoints.websecure.address=:8443/tcp"
+            - "--entryPoints.websecurenonpriv.address=:8445/tcp"
             - "--entryPoints.traefik.address=:9000/tcp"
             - "--api=true"
             - "--api.dashboard=true"

diff --git a/apps/routers/urbit-ships/socryx-topled-ingressroute.yaml b/apps/routers/urbit-ships/socryx-topled-ingressroute.yaml
@@ -16,6 +16,10 @@ spec:
       namespace: traefik-staging
       port: 80
       # scheme: https
+    - kind: Service
+      name: socryx-topled
+      namespace: traefik-staging
+      port: 8080
   # tls:
   #   certResolver: prodresolver
 
@@ -34,5 +38,8 @@ spec:
     - name: socryx-topled
       namespace: traefik-staging
       port: 443
+    - name: socryx-topled
+      namespace: traefik-staging
+      port: 8443
   tls:
     passthrough: true
diff --git a/apps/routers/urbit-ships/socryx-topled-service-endpoints.yaml b/apps/routers/urbit-ships/socryx-topled-service-endpoints.yaml
@@ -8,12 +8,22 @@ spec:
     - name: urbit-https
       protocol: TCP
       port: 443
-      targetPort: 443
+      targetPort: 8443
       nodePort: 0
     - name: urbit-http
       protocol: TCP
       port: 80
-      targetPort: 80
+      targetPort: 8080
+      nodePort: 0
+    - name: urbit-https-nonpriv
+      protocol: TCP
+      port: 8443
+      targetPort: 8443
+      nodePort: 0
+    - name: urbit-http-nonpriv
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
       nodePort: 0
 ---
 kind: Endpoints
@@ -29,3 +39,7 @@ subsets:
     name: urbit-https
   - port: 80
     name: urbit-http
+  - port: 8443
+    name: urbit-https-nonpriv
+  - port: 8080
+    name: urbit-http-nonpriv