From b5bcfff108d852982338b235acc1cd79d3912848 Mon Sep 17 00:00:00 2001 From: Aaron Riedel Date: Sat, 17 Feb 2024 18:36:09 +0100 Subject: [PATCH] switch to traefik --- examples/example-deployment.yaml | 17 ++--------- traefik/basicauth.yaml | 20 +++++++++++++ traefik/values.yaml | 49 ++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 15 deletions(-) create mode 100644 traefik/basicauth.yaml create mode 100644 traefik/values.yaml diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml index ff2791c..35b9b7c 100644 --- a/examples/example-deployment.yaml +++ b/examples/example-deployment.yaml @@ -68,10 +68,8 @@ metadata: name: example-ingress namespace: example #annotations: - # Use for Basic auth: - #nginx.org/basic-auth-secret: example-basic-auth-secret - # Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly): - #nginx.org/ssl-services: "example-service" + # Use for Basic auth: + # traefik.ingress.kubernetes.io/router.middlewares: default-basic-auth@kubernetescrd spec: rules: - host: "example.apps.yolokube.de" @@ -84,14 +82,3 @@ spec: name: example-service port: number: 80 -# Use for Basic auth: -#--- -#kind: Secret -#metadata: -# name: example-basic-auth-secret -# namespace: example -#apiVersion: v1 -#type: nginx.org/htpasswd -#stringData: -# htpasswd: | -#test:$apr1$2XMU6EMv$f1MJ7zxqTS079YsB7Z.CX/ \ No newline at end of file diff --git a/traefik/basicauth.yaml b/traefik/basicauth.yaml new file mode 100644 index 0000000..6b68db5 --- /dev/null +++ b/traefik/basicauth.yaml @@ -0,0 +1,20 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: basic-auth + namespace: traefik +spec: + basicAuth: + secret: authsecret +--- +apiVersion: v1 +kind: Secret +metadata: + name: authsecret + namespace: traefik +data: + users: |2 + YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly + MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h + S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh + NUxqM3dhMQo= \ No newline at end of file diff --git a/traefik/values.yaml b/traefik/values.yaml new file mode 100644 index 0000000..2f9b95b --- /dev/null +++ b/traefik/values.yaml @@ -0,0 +1,49 @@ +deployment: + kind: DaemonSet +hostNetwork: true +ports: + web: + port: 80 + redirectTo: + port: "websecure" + websecure: + port: 443 + tls: + certResolver: "letsencrypt" + +securityContext: + capabilities: + drop: [ALL] + add: [NET_BIND_SERVICE] + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + +service: + type: NodePort + ipFamilyPolicy: PreferDualStack + +persistence: + enabled: true + +certResolvers: + letsencrypt: + email: letsencrypt@ar21.de + tlsChallenge: true + httpChallenge: + entryPoint: "web" + storage: /data/acme.json + +updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 0 + +ingressRoute: + dashboard: + matchRule: Host(`traefik.lab.ar21.de`) + entryPoints: ["traefik", "websecure"] + middlewares: + - name: basic-auth \ No newline at end of file