From b5bcfff108d852982338b235acc1cd79d3912848 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sat, 17 Feb 2024 18:36:09 +0100 Subject: [PATCH 1/2] switch to traefik --- examples/example-deployment.yaml | 17 ++--------- traefik/basicauth.yaml | 20 +++++++++++++ traefik/values.yaml | 49 ++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 15 deletions(-) create mode 100644 traefik/basicauth.yaml create mode 100644 traefik/values.yaml diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml index ff2791c..35b9b7c 100644 --- a/examples/example-deployment.yaml +++ b/examples/example-deployment.yaml @@ -68,10 +68,8 @@ metadata: name: example-ingress namespace: example #annotations: - # Use for Basic auth: - #nginx.org/basic-auth-secret: example-basic-auth-secret - # Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly): - #nginx.org/ssl-services: "example-service" + # Use for Basic auth: + # traefik.ingress.kubernetes.io/router.middlewares: default-basic-auth@kubernetescrd spec: rules: - host: "example.apps.yolokube.de" @@ -84,14 +82,3 @@ spec: name: example-service port: number: 80 -# Use for Basic auth: -#--- -#kind: Secret -#metadata: -# name: example-basic-auth-secret -# namespace: example -#apiVersion: v1 -#type: nginx.org/htpasswd -#stringData: -# htpasswd: | -#test:$apr1$2XMU6EMv$f1MJ7zxqTS079YsB7Z.CX/ \ No newline at end of file diff --git a/traefik/basicauth.yaml b/traefik/basicauth.yaml new file mode 100644 index 0000000..6b68db5 --- /dev/null +++ b/traefik/basicauth.yaml @@ -0,0 +1,20 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: basic-auth + namespace: traefik +spec: + basicAuth: + secret: authsecret +--- +apiVersion: v1 +kind: Secret +metadata: + name: authsecret + namespace: traefik +data: + users: |2 + YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly + MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h + S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh + NUxqM3dhMQo= \ No newline at end of file diff --git a/traefik/values.yaml b/traefik/values.yaml new file mode 100644 index 0000000..2f9b95b --- /dev/null +++ b/traefik/values.yaml @@ -0,0 +1,49 @@ +deployment: + kind: DaemonSet +hostNetwork: true +ports: + web: + port: 80 + redirectTo: + port: "websecure" + websecure: + port: 443 + tls: + certResolver: "letsencrypt" + +securityContext: + capabilities: + drop: [ALL] + add: [NET_BIND_SERVICE] + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + +service: + type: NodePort + ipFamilyPolicy: PreferDualStack + +persistence: + enabled: true + +certResolvers: + letsencrypt: + email: letsencrypt@ar21.de + tlsChallenge: true + httpChallenge: + entryPoint: "web" + storage: /data/acme.json + +updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 0 + +ingressRoute: + dashboard: + matchRule: Host(`traefik.lab.ar21.de`) + entryPoints: ["traefik", "websecure"] + middlewares: + - name: basic-auth \ No newline at end of file From bce6e8f3155f077b1527a55586a071ac9014f43e Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sun, 18 Feb 2024 06:17:03 +0100 Subject: [PATCH 2/2] switch to traefik 2 --- app-files/core-deployments.yaml | 14 +++++++------- examples/example-deployment.yaml | 2 +- longhorn/values.yaml | 2 +- prometheus/values.yaml | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 3a3903b..2613968 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -2,24 +2,24 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: nginx-ingress + name: traefik namespace: argocd spec: project: default sources: - - repoURL: https://helm.nginx.com/stable - chart: nginx-ingress - targetRevision: 1.1.2 + - repoURL: https://traefik.github.io/charts + chart: traefik + targetRevision: 26.0.0 helm: - releaseName: nginx + releaseName: traefik valueFiles: - - $values/ingress/values.yaml + - $values/traefik/values.yaml - repoURL: https://git.ar21.de/yolokube/core-deployments.git targetRevision: HEAD ref: values destination: server: https://kubernetes.default.svc - namespace: nginx-ingress + namespace: traefik syncPolicy: syncOptions: - CreateNamespace=true diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml index 35b9b7c..df94a40 100644 --- a/examples/example-deployment.yaml +++ b/examples/example-deployment.yaml @@ -69,7 +69,7 @@ metadata: namespace: example #annotations: # Use for Basic auth: - # traefik.ingress.kubernetes.io/router.middlewares: default-basic-auth@kubernetescrd + # traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd spec: rules: - host: "example.apps.yolokube.de" diff --git a/longhorn/values.yaml b/longhorn/values.yaml index 997f65f..737bc84 100644 --- a/longhorn/values.yaml +++ b/longhorn/values.yaml @@ -25,7 +25,7 @@ ingress: ingressClassName: nginx host: longhorn.services.yolokube.de annotations: - nginx.org/basic-auth-secret: longhorn-basic-auth-secret + traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd metrics: serviceMonitor: enabled: true diff --git a/prometheus/values.yaml b/prometheus/values.yaml index fd72a50..dbf3935 100644 --- a/prometheus/values.yaml +++ b/prometheus/values.yaml @@ -60,7 +60,7 @@ alertmanager: hosts: - alertmanager.services.yolokube.de annotations: - nginx.org/basic-auth-secret: prometheus-basic-auth-secret + traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd ingressPerReplica: pathType: ImplementationSpecific paths: @@ -70,7 +70,7 @@ alertmanager: hostPrefix: alertmanager hostDomain: services.yolokube.de annotations: - nginx.org/basic-auth-secret: prometheus-basic-auth-secret + traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd servicePerReplica: enabled: true podAntiAffinity: "hard" @@ -107,7 +107,7 @@ prometheus: hosts: - prometheus.services.yolokube.de annotations: - nginx.org/basic-auth-secret: prometheus-basic-auth-secret + traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd ingressPerReplica: pathType: ImplementationSpecific paths: @@ -116,7 +116,7 @@ prometheus: hostPrefix: prometheus hostDomain: services.yolokube.de annotations: - nginx.org/basic-auth-secret: prometheus-basic-auth-secret + traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd prometheusSpec: retentionSize: "45GB" replicas: 2