Merge pull request 'switch to traefik' (#39) from traefik into main
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #39
This commit is contained in:
commit
461ad06fb2
6 changed files with 83 additions and 27 deletions
|
@ -2,24 +2,24 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: nginx-ingress
|
||||
name: traefik
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: default
|
||||
sources:
|
||||
- repoURL: https://helm.nginx.com/stable
|
||||
chart: nginx-ingress
|
||||
targetRevision: 1.1.2
|
||||
- repoURL: https://traefik.github.io/charts
|
||||
chart: traefik
|
||||
targetRevision: 26.0.0
|
||||
helm:
|
||||
releaseName: nginx
|
||||
releaseName: traefik
|
||||
valueFiles:
|
||||
- $values/ingress/values.yaml
|
||||
- $values/traefik/values.yaml
|
||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: nginx-ingress
|
||||
namespace: traefik
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
|
|
|
@ -68,10 +68,8 @@ metadata:
|
|||
name: example-ingress
|
||||
namespace: example
|
||||
#annotations:
|
||||
# Use for Basic auth:
|
||||
#nginx.org/basic-auth-secret: example-basic-auth-secret
|
||||
# Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly):
|
||||
#nginx.org/ssl-services: "example-service"
|
||||
# Use for Basic auth:
|
||||
# traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||
spec:
|
||||
rules:
|
||||
- host: "example.apps.yolokube.de"
|
||||
|
@ -84,14 +82,3 @@ spec:
|
|||
name: example-service
|
||||
port:
|
||||
number: 80
|
||||
# Use for Basic auth:
|
||||
#---
|
||||
#kind: Secret
|
||||
#metadata:
|
||||
# name: example-basic-auth-secret
|
||||
# namespace: example
|
||||
#apiVersion: v1
|
||||
#type: nginx.org/htpasswd
|
||||
#stringData:
|
||||
# htpasswd: |
|
||||
#test:$apr1$2XMU6EMv$f1MJ7zxqTS079YsB7Z.CX/
|
|
@ -25,7 +25,7 @@ ingress:
|
|||
ingressClassName: nginx
|
||||
host: longhorn.services.yolokube.de
|
||||
annotations:
|
||||
nginx.org/basic-auth-secret: longhorn-basic-auth-secret
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||
metrics:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
|
|
@ -60,7 +60,7 @@ alertmanager:
|
|||
hosts:
|
||||
- alertmanager.services.yolokube.de
|
||||
annotations:
|
||||
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||
ingressPerReplica:
|
||||
pathType: ImplementationSpecific
|
||||
paths:
|
||||
|
@ -70,7 +70,7 @@ alertmanager:
|
|||
hostPrefix: alertmanager
|
||||
hostDomain: services.yolokube.de
|
||||
annotations:
|
||||
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||
servicePerReplica:
|
||||
enabled: true
|
||||
podAntiAffinity: "hard"
|
||||
|
@ -107,7 +107,7 @@ prometheus:
|
|||
hosts:
|
||||
- prometheus.services.yolokube.de
|
||||
annotations:
|
||||
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||
ingressPerReplica:
|
||||
pathType: ImplementationSpecific
|
||||
paths:
|
||||
|
@ -116,7 +116,7 @@ prometheus:
|
|||
hostPrefix: prometheus
|
||||
hostDomain: services.yolokube.de
|
||||
annotations:
|
||||
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||
prometheusSpec:
|
||||
retentionSize: "45GB"
|
||||
replicas: 2
|
||||
|
|
20
traefik/basicauth.yaml
Normal file
20
traefik/basicauth.yaml
Normal file
|
@ -0,0 +1,20 @@
|
|||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: basic-auth
|
||||
namespace: traefik
|
||||
spec:
|
||||
basicAuth:
|
||||
secret: authsecret
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: authsecret
|
||||
namespace: traefik
|
||||
data:
|
||||
users: |2
|
||||
YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly
|
||||
MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h
|
||||
S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh
|
||||
NUxqM3dhMQo=
|
49
traefik/values.yaml
Normal file
49
traefik/values.yaml
Normal file
|
@ -0,0 +1,49 @@
|
|||
deployment:
|
||||
kind: DaemonSet
|
||||
hostNetwork: true
|
||||
ports:
|
||||
web:
|
||||
port: 80
|
||||
redirectTo:
|
||||
port: "websecure"
|
||||
websecure:
|
||||
port: 443
|
||||
tls:
|
||||
certResolver: "letsencrypt"
|
||||
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop: [ALL]
|
||||
add: [NET_BIND_SERVICE]
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
|
||||
service:
|
||||
type: NodePort
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
|
||||
certResolvers:
|
||||
letsencrypt:
|
||||
email: letsencrypt@ar21.de
|
||||
tlsChallenge: true
|
||||
httpChallenge:
|
||||
entryPoint: "web"
|
||||
storage: /data/acme.json
|
||||
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
maxSurge: 0
|
||||
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
matchRule: Host(`traefik.lab.ar21.de`)
|
||||
entryPoints: ["traefik", "websecure"]
|
||||
middlewares:
|
||||
- name: basic-auth
|
Loading…
Reference in a new issue