From b5bcfff108d852982338b235acc1cd79d3912848 Mon Sep 17 00:00:00 2001
From: Aaron Riedel <git@ar21.de>
Date: Sat, 17 Feb 2024 18:36:09 +0100
Subject: [PATCH] switch to traefik

---
 examples/example-deployment.yaml | 17 ++---------
 traefik/basicauth.yaml           | 20 +++++++++++++
 traefik/values.yaml              | 49 ++++++++++++++++++++++++++++++++
 3 files changed, 71 insertions(+), 15 deletions(-)
 create mode 100644 traefik/basicauth.yaml
 create mode 100644 traefik/values.yaml

diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml
index ff2791c..35b9b7c 100644
--- a/examples/example-deployment.yaml
+++ b/examples/example-deployment.yaml
@@ -68,10 +68,8 @@ metadata:
   name: example-ingress
   namespace: example
   #annotations:
-    # Use for Basic auth:
-    #nginx.org/basic-auth-secret: example-basic-auth-secret
-    # Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly):
-    #nginx.org/ssl-services: "example-service"
+  # Use for Basic auth:
+  #  traefik.ingress.kubernetes.io/router.middlewares: default-basic-auth@kubernetescrd
 spec:
   rules:
   - host: "example.apps.yolokube.de"
@@ -84,14 +82,3 @@ spec:
             name: example-service
             port:
               number: 80
-# Use for Basic auth:
-#---
-#kind: Secret
-#metadata:
-#  name: example-basic-auth-secret
-#  namespace: example
-#apiVersion: v1
-#type: nginx.org/htpasswd
-#stringData:
-#  htpasswd: |
-#test:$apr1$2XMU6EMv$f1MJ7zxqTS079YsB7Z.CX/
\ No newline at end of file
diff --git a/traefik/basicauth.yaml b/traefik/basicauth.yaml
new file mode 100644
index 0000000..6b68db5
--- /dev/null
+++ b/traefik/basicauth.yaml
@@ -0,0 +1,20 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: basic-auth
+  namespace: traefik
+spec:
+  basicAuth:
+    secret: authsecret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authsecret
+  namespace: traefik
+data:
+  users: |2
+    YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly
+    MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h
+    S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh
+    NUxqM3dhMQo=
\ No newline at end of file
diff --git a/traefik/values.yaml b/traefik/values.yaml
new file mode 100644
index 0000000..2f9b95b
--- /dev/null
+++ b/traefik/values.yaml
@@ -0,0 +1,49 @@
+deployment:
+  kind: DaemonSet
+hostNetwork: true
+ports:
+  web:
+    port: 80
+    redirectTo:
+      port: "websecure"
+  websecure:
+    port: 443
+    tls:
+      certResolver: "letsencrypt"
+
+securityContext:
+  capabilities:
+    drop: [ALL]
+    add: [NET_BIND_SERVICE]
+  readOnlyRootFilesystem: true
+  runAsGroup: 0
+  runAsNonRoot: false
+  runAsUser: 0
+
+service:
+  type: NodePort
+  ipFamilyPolicy: PreferDualStack
+
+persistence:
+  enabled: true
+
+certResolvers:
+  letsencrypt:
+    email: letsencrypt@ar21.de
+    tlsChallenge: true
+    httpChallenge:
+      entryPoint: "web"
+    storage: /data/acme.json
+
+updateStrategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxUnavailable: 1
+    maxSurge: 0
+
+ingressRoute:
+  dashboard:
+    matchRule: Host(`traefik.lab.ar21.de`)
+    entryPoints: ["traefik", "websecure"]
+    middlewares:
+      - name: basic-auth
\ No newline at end of file