From fefbaa9991fb106dcde2d9b089f7a32df0f32ad8 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Fri, 22 Nov 2024 22:32:02 -0600
Subject: [PATCH] ingress: Use Deployment+Service with externalIPs

Now that we have `keepalived` managing the "virtual" IP address for the
ingress controller, we can change _ingress-nginx_ to run as a Deployment
rather than a DaemonSet.  It no longer needs to use the host network
namespace, as `kube-proxy` will route all traffic sent to the configured
external IP address to the controller pods.  Using the _Local_ external
traffic policy disables NAT, so incoming traffic is seen by the
nginx unmodified.
---
 ingress/kustomization.yaml | 38 ++++++++------------------------------
 ingress/tcp-services.yaml  |  7 -------
 2 files changed, 8 insertions(+), 37 deletions(-)
 delete mode 100644 ingress/tcp-services.yaml

diff --git a/ingress/kustomization.yaml b/ingress/kustomization.yaml
index 8ed75ec..cc83e3c 100644
--- a/ingress/kustomization.yaml
+++ b/ingress/kustomization.yaml
@@ -5,56 +5,34 @@ namespace: ingress-nginx
 
 resources:
 - https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.0/deploy/static/provider/cloud/deploy.yaml
-- tcp-services.yaml
+
+replicas:
+- name: ingress-nginx-controller
+  count: 2
 
 patches:
 - patch: |-
-    $patch: delete
     apiVersion: v1
     kind: Service
     metadata:
       name: ingress-nginx-controller
       namespace: ingress-nginx
+    spec:
+      externalIPs:
+      - 172.30.0.147
+      externalTrafficPolicy: Local
 
 - patch: |-
-    - op: replace
-      path: /kind
-      value: DaemonSet
-    - op: remove
-      path: /spec/template/spec/containers/0/args/1
-    - op: add
-      path: /spec/template/spec/containers/0/args/-
-      value: >-
-        --report-node-internal-ip-address
     - op: add
       path: /spec/template/spec/containers/0/args/-
       value: >-
         --default-ssl-certificate=default/pyrocufflink-cert
-    - op: add
-      path: /spec/template/spec/containers/0/args/-
-      value: >-
-        --tcp-services-configmap=ingress-nginx/tcp-services
   target:
     group: apps
     kind: Deployment
     name: ingress-nginx-controller
     version: v1
 
-- patch: |-
-    apiVersion: apps/v1
-    kind: DaemonSet
-    metadata:
-      name: ingress-nginx-controller
-      namespace: ingress-nginx
-    spec:
-      template:
-        spec:
-          dnsPolicy: ClusterFirstWithHostNet
-          hostNetwork: true
-          nodeSelector:
-            kubernetes.io/role: ingress
-
-
 - patch: |-
     apiVersion: networking.k8s.io/v1
     kind: IngressClass
diff --git a/ingress/tcp-services.yaml b/ingress/tcp-services.yaml
deleted file mode 100644
index 21cc13f..0000000
--- a/ingress/tcp-services.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: tcp-services
-data:
-  '8883': home-assistant/mosquitto:8883
-  '5671': rabbitmq/rabbitmq:5671