Merge pull request 'switch to traefik' (#39) from traefik into main
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #39
This commit is contained in:
commit
461ad06fb2
6 changed files with 83 additions and 27 deletions
|
@ -2,24 +2,24 @@
|
||||||
apiVersion: argoproj.io/v1alpha1
|
apiVersion: argoproj.io/v1alpha1
|
||||||
kind: Application
|
kind: Application
|
||||||
metadata:
|
metadata:
|
||||||
name: nginx-ingress
|
name: traefik
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
sources:
|
sources:
|
||||||
- repoURL: https://helm.nginx.com/stable
|
- repoURL: https://traefik.github.io/charts
|
||||||
chart: nginx-ingress
|
chart: traefik
|
||||||
targetRevision: 1.1.2
|
targetRevision: 26.0.0
|
||||||
helm:
|
helm:
|
||||||
releaseName: nginx
|
releaseName: traefik
|
||||||
valueFiles:
|
valueFiles:
|
||||||
- $values/ingress/values.yaml
|
- $values/traefik/values.yaml
|
||||||
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
- repoURL: https://git.ar21.de/yolokube/core-deployments.git
|
||||||
targetRevision: HEAD
|
targetRevision: HEAD
|
||||||
ref: values
|
ref: values
|
||||||
destination:
|
destination:
|
||||||
server: https://kubernetes.default.svc
|
server: https://kubernetes.default.svc
|
||||||
namespace: nginx-ingress
|
namespace: traefik
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
syncOptions:
|
syncOptions:
|
||||||
- CreateNamespace=true
|
- CreateNamespace=true
|
||||||
|
|
|
@ -68,10 +68,8 @@ metadata:
|
||||||
name: example-ingress
|
name: example-ingress
|
||||||
namespace: example
|
namespace: example
|
||||||
#annotations:
|
#annotations:
|
||||||
# Use for Basic auth:
|
# Use for Basic auth:
|
||||||
#nginx.org/basic-auth-secret: example-basic-auth-secret
|
# traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
# Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly):
|
|
||||||
#nginx.org/ssl-services: "example-service"
|
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: "example.apps.yolokube.de"
|
- host: "example.apps.yolokube.de"
|
||||||
|
@ -84,14 +82,3 @@ spec:
|
||||||
name: example-service
|
name: example-service
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
# Use for Basic auth:
|
|
||||||
#---
|
|
||||||
#kind: Secret
|
|
||||||
#metadata:
|
|
||||||
# name: example-basic-auth-secret
|
|
||||||
# namespace: example
|
|
||||||
#apiVersion: v1
|
|
||||||
#type: nginx.org/htpasswd
|
|
||||||
#stringData:
|
|
||||||
# htpasswd: |
|
|
||||||
#test:$apr1$2XMU6EMv$f1MJ7zxqTS079YsB7Z.CX/
|
|
|
@ -25,7 +25,7 @@ ingress:
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
host: longhorn.services.yolokube.de
|
host: longhorn.services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
nginx.org/basic-auth-secret: longhorn-basic-auth-secret
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
metrics:
|
metrics:
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -60,7 +60,7 @@ alertmanager:
|
||||||
hosts:
|
hosts:
|
||||||
- alertmanager.services.yolokube.de
|
- alertmanager.services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
ingressPerReplica:
|
ingressPerReplica:
|
||||||
pathType: ImplementationSpecific
|
pathType: ImplementationSpecific
|
||||||
paths:
|
paths:
|
||||||
|
@ -70,7 +70,7 @@ alertmanager:
|
||||||
hostPrefix: alertmanager
|
hostPrefix: alertmanager
|
||||||
hostDomain: services.yolokube.de
|
hostDomain: services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
servicePerReplica:
|
servicePerReplica:
|
||||||
enabled: true
|
enabled: true
|
||||||
podAntiAffinity: "hard"
|
podAntiAffinity: "hard"
|
||||||
|
@ -107,7 +107,7 @@ prometheus:
|
||||||
hosts:
|
hosts:
|
||||||
- prometheus.services.yolokube.de
|
- prometheus.services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
ingressPerReplica:
|
ingressPerReplica:
|
||||||
pathType: ImplementationSpecific
|
pathType: ImplementationSpecific
|
||||||
paths:
|
paths:
|
||||||
|
@ -116,7 +116,7 @@ prometheus:
|
||||||
hostPrefix: prometheus
|
hostPrefix: prometheus
|
||||||
hostDomain: services.yolokube.de
|
hostDomain: services.yolokube.de
|
||||||
annotations:
|
annotations:
|
||||||
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd
|
||||||
prometheusSpec:
|
prometheusSpec:
|
||||||
retentionSize: "45GB"
|
retentionSize: "45GB"
|
||||||
replicas: 2
|
replicas: 2
|
||||||
|
|
20
traefik/basicauth.yaml
Normal file
20
traefik/basicauth.yaml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: basic-auth
|
||||||
|
namespace: traefik
|
||||||
|
spec:
|
||||||
|
basicAuth:
|
||||||
|
secret: authsecret
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: authsecret
|
||||||
|
namespace: traefik
|
||||||
|
data:
|
||||||
|
users: |2
|
||||||
|
YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly
|
||||||
|
MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h
|
||||||
|
S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh
|
||||||
|
NUxqM3dhMQo=
|
49
traefik/values.yaml
Normal file
49
traefik/values.yaml
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
deployment:
|
||||||
|
kind: DaemonSet
|
||||||
|
hostNetwork: true
|
||||||
|
ports:
|
||||||
|
web:
|
||||||
|
port: 80
|
||||||
|
redirectTo:
|
||||||
|
port: "websecure"
|
||||||
|
websecure:
|
||||||
|
port: 443
|
||||||
|
tls:
|
||||||
|
certResolver: "letsencrypt"
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
drop: [ALL]
|
||||||
|
add: [NET_BIND_SERVICE]
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsGroup: 0
|
||||||
|
runAsNonRoot: false
|
||||||
|
runAsUser: 0
|
||||||
|
|
||||||
|
service:
|
||||||
|
type: NodePort
|
||||||
|
ipFamilyPolicy: PreferDualStack
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
certResolvers:
|
||||||
|
letsencrypt:
|
||||||
|
email: letsencrypt@ar21.de
|
||||||
|
tlsChallenge: true
|
||||||
|
httpChallenge:
|
||||||
|
entryPoint: "web"
|
||||||
|
storage: /data/acme.json
|
||||||
|
|
||||||
|
updateStrategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
rollingUpdate:
|
||||||
|
maxUnavailable: 1
|
||||||
|
maxSurge: 0
|
||||||
|
|
||||||
|
ingressRoute:
|
||||||
|
dashboard:
|
||||||
|
matchRule: Host(`traefik.lab.ar21.de`)
|
||||||
|
entryPoints: ["traefik", "websecure"]
|
||||||
|
middlewares:
|
||||||
|
- name: basic-auth
|
Loading…
Reference in a new issue