yolokube/core-deployments
yolokube/core-deployments
3
3
Fork 0
Code Issues 3 Pull requests Projects Wiki Activity

Compare commits

base: yolokube:461ad06fb25d0aa2e30be22b35de168f653eeb5b
Branches Tags
yolokube:main
yolokube:appflowy
..
compare: yolokube:3467a8fb01d5c5037ed59cc6539bbe1b1a0dc4c1
Branches Tags
yolokube:main
yolokube:appflowy

No commits in common. "461ad06fb25d0aa2e30be22b35de168f653eeb5b" and "3467a8fb01d5c5037ed59cc6539bbe1b1a0dc4c1" have entirely different histories.
461ad06fb2 ... 3467a8fb01

6 changed files with 27 additions and 83 deletions
Show stats Expand all files Collapse all files

14
app-files/core-deployments.yaml
View file

@ -2,24 +2,24 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: traefik name: nginx-ingress
namespace: argocd namespace: argocd
spec: spec:
project: default project: default
sources: sources:
- repoURL: https://traefik.github.io/charts - repoURL: https://helm.nginx.com/stable
chart: traefik chart: nginx-ingress
targetRevision: 26.0.0 targetRevision: 1.1.2
helm: helm:
releaseName: traefik releaseName: nginx
valueFiles: valueFiles:
- $values/traefik/values.yaml - $values/ingress/values.yaml
- repoURL: https://git.ar21.de/yolokube/core-deployments.git - repoURL: https://git.ar21.de/yolokube/core-deployments.git
targetRevision: HEAD targetRevision: HEAD
ref: values ref: values
destination: destination:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
namespace: traefik namespace: nginx-ingress
syncPolicy: syncPolicy:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true

17
examples/example-deployment.yaml
View file

@ -68,8 +68,10 @@ metadata:
name: example-ingress name: example-ingress
namespace: example namespace: example
#annotations: #annotations:
# Use for Basic auth: # Use for Basic auth:
# traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd #nginx.org/basic-auth-secret: example-basic-auth-secret
# Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly):
#nginx.org/ssl-services: "example-service"
spec: spec:
rules: rules:
- host: "example.apps.yolokube.de" - host: "example.apps.yolokube.de"
@ -82,3 +84,14 @@ spec:
name: example-service name: example-service
port: port:
number: 80 number: 80
# Use for Basic auth:
#---
#kind: Secret
#metadata:
# name: example-basic-auth-secret
# namespace: example
#apiVersion: v1
#type: nginx.org/htpasswd
#stringData:
# htpasswd: |
#test:$apr1$2XMU6EMv$f1MJ7zxqTS079YsB7Z.CX/

2
longhorn/values.yaml
View file

@ -25,7 +25,7 @@ ingress:
ingressClassName: nginx ingressClassName: nginx
host: longhorn.services.yolokube.de host: longhorn.services.yolokube.de
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd nginx.org/basic-auth-secret: longhorn-basic-auth-secret
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: true enabled: true

8
prometheus/values.yaml
View file

@ -60,7 +60,7 @@ alertmanager:
hosts: hosts:
- alertmanager.services.yolokube.de - alertmanager.services.yolokube.de
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd nginx.org/basic-auth-secret: prometheus-basic-auth-secret
ingressPerReplica: ingressPerReplica:
pathType: ImplementationSpecific pathType: ImplementationSpecific
paths: paths:
@ -70,7 +70,7 @@ alertmanager:
hostPrefix: alertmanager hostPrefix: alertmanager
hostDomain: services.yolokube.de hostDomain: services.yolokube.de
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd nginx.org/basic-auth-secret: prometheus-basic-auth-secret
servicePerReplica: servicePerReplica:
enabled: true enabled: true
podAntiAffinity: "hard" podAntiAffinity: "hard"
@ -107,7 +107,7 @@ prometheus:
hosts: hosts:
- prometheus.services.yolokube.de - prometheus.services.yolokube.de
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd nginx.org/basic-auth-secret: prometheus-basic-auth-secret
ingressPerReplica: ingressPerReplica:
pathType: ImplementationSpecific pathType: ImplementationSpecific
paths: paths:
@ -116,7 +116,7 @@ prometheus:
hostPrefix: prometheus hostPrefix: prometheus
hostDomain: services.yolokube.de hostDomain: services.yolokube.de
annotations: annotations:
traefik.ingress.kubernetes.io/router.middlewares: traefik-basic-auth@kubernetescrd nginx.org/basic-auth-secret: prometheus-basic-auth-secret
prometheusSpec: prometheusSpec:
retentionSize: "45GB" retentionSize: "45GB"
replicas: 2 replicas: 2

20
traefik/basicauth.yaml
View file

@ -1,20 +0,0 @@
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: basic-auth
namespace: traefik
spec:
basicAuth:
secret: authsecret
---
apiVersion: v1
kind: Secret
metadata:
name: authsecret
namespace: traefik
data:
users: |2
YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly
MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h
S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh
NUxqM3dhMQo=

49
traefik/values.yaml
View file

@ -1,49 +0,0 @@
deployment:
kind: DaemonSet
hostNetwork: true
ports:
web:
port: 80
redirectTo:
port: "websecure"
websecure:
port: 443
tls:
certResolver: "letsencrypt"
securityContext:
capabilities:
drop: [ALL]
add: [NET_BIND_SERVICE]
readOnlyRootFilesystem: true
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
service:
type: NodePort
ipFamilyPolicy: PreferDualStack
persistence:
enabled: true
certResolvers:
letsencrypt:
email: letsencrypt@ar21.de
tlsChallenge: true
httpChallenge:
entryPoint: "web"
storage: /data/acme.json
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
ingressRoute:
dashboard:
matchRule: Host(`traefik.lab.ar21.de`)
entryPoints: ["traefik", "websecure"]
middlewares:
- name: basic-auth