switch to traefik
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Aaron Riedel 2024-02-17 18:36:09 +01:00
parent 3467a8fb01
commit b5bcfff108
Signed by: aaron
GPG key ID: 643004654D40D577
3 changed files with 71 additions and 15 deletions

View file

@ -68,10 +68,8 @@ metadata:
name: example-ingress name: example-ingress
namespace: example namespace: example
#annotations: #annotations:
# Use for Basic auth: # Use for Basic auth:
#nginx.org/basic-auth-secret: example-basic-auth-secret # traefik.ingress.kubernetes.io/router.middlewares: default-basic-auth@kubernetescrd
# Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly):
#nginx.org/ssl-services: "example-service"
spec: spec:
rules: rules:
- host: "example.apps.yolokube.de" - host: "example.apps.yolokube.de"
@ -84,14 +82,3 @@ spec:
name: example-service name: example-service
port: port:
number: 80 number: 80
# Use for Basic auth:
#---
#kind: Secret
#metadata:
# name: example-basic-auth-secret
# namespace: example
#apiVersion: v1
#type: nginx.org/htpasswd
#stringData:
# htpasswd: |
#test:$apr1$2XMU6EMv$f1MJ7zxqTS079YsB7Z.CX/

20
traefik/basicauth.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: basic-auth
namespace: traefik
spec:
basicAuth:
secret: authsecret
---
apiVersion: v1
kind: Secret
metadata:
name: authsecret
namespace: traefik
data:
users: |2
YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly
MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h
S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh
NUxqM3dhMQo=

49
traefik/values.yaml Normal file
View file

@ -0,0 +1,49 @@
deployment:
kind: DaemonSet
hostNetwork: true
ports:
web:
port: 80
redirectTo:
port: "websecure"
websecure:
port: 443
tls:
certResolver: "letsencrypt"
securityContext:
capabilities:
drop: [ALL]
add: [NET_BIND_SERVICE]
readOnlyRootFilesystem: true
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
service:
type: NodePort
ipFamilyPolicy: PreferDualStack
persistence:
enabled: true
certResolvers:
letsencrypt:
email: letsencrypt@ar21.de
tlsChallenge: true
httpChallenge:
entryPoint: "web"
storage: /data/acme.json
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
ingressRoute:
dashboard:
matchRule: Host(`traefik.lab.ar21.de`)
entryPoints: ["traefik", "websecure"]
middlewares:
- name: basic-auth