diff --git a/app-files/core-deployments.yaml b/app-files/core-deployments.yaml index 2613968..3a3903b 100644 --- a/app-files/core-deployments.yaml +++ b/app-files/core-deployments.yaml @@ -2,24 +2,24 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: traefik + name: nginx-ingress namespace: argocd spec: project: default sources: - - repoURL: https://traefik.github.io/charts - chart: traefik - targetRevision: 26.0.0 + - repoURL: https://helm.nginx.com/stable + chart: nginx-ingress + targetRevision: 1.1.2 helm: - releaseName: traefik + releaseName: nginx valueFiles: - - $values/traefik/values.yaml + - $values/ingress/values.yaml - repoURL: https://git.ar21.de/yolokube/core-deployments.git targetRevision: HEAD ref: values destination: server: https://kubernetes.default.svc - namespace: traefik + namespace: nginx-ingress syncPolicy: syncOptions: - CreateNamespace=true diff --git a/examples/example-deployment.yaml b/examples/example-deployment.yaml index df94a40..ff2791c 100644 --- a/examples/example-deployment.yaml +++ b/examples/example-deployment.yaml @@ -68,8 +68,10 @@ metadata: name: example-ingress namespace: example #annotations: - # Use for Basic auth: - # traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + # Use for Basic auth: + #nginx.org/basic-auth-secret: example-basic-auth-secret + # Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly): + #nginx.org/ssl-services: "example-service" spec: rules: - host: "example.apps.yolokube.de" @@ -82,3 +84,14 @@ spec: name: example-service port: number: 80 +# Use for Basic auth: +#--- +#kind: Secret +#metadata: +# name: example-basic-auth-secret +# namespace: example +#apiVersion: v1 +#type: nginx.org/htpasswd +#stringData: +# htpasswd: | +#test:$apr1$2XMU6EMv$f1MJ7zxqTS079YsB7Z.CX/ \ No newline at end of file diff --git a/longhorn/values.yaml b/longhorn/values.yaml index 737bc84..997f65f 100644 --- a/longhorn/values.yaml +++ b/longhorn/values.yaml @@ -25,7 +25,7 @@ ingress: ingressClassName: nginx host: longhorn.services.yolokube.de annotations: - traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + nginx.org/basic-auth-secret: longhorn-basic-auth-secret metrics: serviceMonitor: enabled: true diff --git a/prometheus/values.yaml b/prometheus/values.yaml index dbf3935..fd72a50 100644 --- a/prometheus/values.yaml +++ b/prometheus/values.yaml @@ -60,7 +60,7 @@ alertmanager: hosts: - alertmanager.services.yolokube.de annotations: - traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + nginx.org/basic-auth-secret: prometheus-basic-auth-secret ingressPerReplica: pathType: ImplementationSpecific paths: @@ -70,7 +70,7 @@ alertmanager: hostPrefix: alertmanager hostDomain: services.yolokube.de annotations: - traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + nginx.org/basic-auth-secret: prometheus-basic-auth-secret servicePerReplica: enabled: true podAntiAffinity: "hard" @@ -107,7 +107,7 @@ prometheus: hosts: - prometheus.services.yolokube.de annotations: - traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + nginx.org/basic-auth-secret: prometheus-basic-auth-secret ingressPerReplica: pathType: ImplementationSpecific paths: @@ -116,7 +116,7 @@ prometheus: hostPrefix: prometheus hostDomain: services.yolokube.de annotations: - traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd + nginx.org/basic-auth-secret: prometheus-basic-auth-secret prometheusSpec: retentionSize: "45GB" replicas: 2 diff --git a/traefik/basicauth.yaml b/traefik/basicauth.yaml deleted file mode 100644 index 6b68db5..0000000 --- a/traefik/basicauth.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: basic-auth - namespace: traefik -spec: - basicAuth: - secret: authsecret ---- -apiVersion: v1 -kind: Secret -metadata: - name: authsecret - namespace: traefik -data: - users: |2 - YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly - MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h - S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh - NUxqM3dhMQo= \ No newline at end of file diff --git a/traefik/values.yaml b/traefik/values.yaml deleted file mode 100644 index 2f9b95b..0000000 --- a/traefik/values.yaml +++ /dev/null @@ -1,49 +0,0 @@ -deployment: - kind: DaemonSet -hostNetwork: true -ports: - web: - port: 80 - redirectTo: - port: "websecure" - websecure: - port: 443 - tls: - certResolver: "letsencrypt" - -securityContext: - capabilities: - drop: [ALL] - add: [NET_BIND_SERVICE] - readOnlyRootFilesystem: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - -service: - type: NodePort - ipFamilyPolicy: PreferDualStack - -persistence: - enabled: true - -certResolvers: - letsencrypt: - email: letsencrypt@ar21.de - tlsChallenge: true - httpChallenge: - entryPoint: "web" - storage: /data/acme.json - -updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - maxSurge: 0 - -ingressRoute: - dashboard: - matchRule: Host(`traefik.lab.ar21.de`) - entryPoints: ["traefik", "websecure"] - middlewares: - - name: basic-auth \ No newline at end of file