switch to traefik #39
3 changed files with 71 additions and 15 deletions
|
@ -68,10 +68,8 @@ metadata:
|
|||
name: example-ingress
|
||||
namespace: example
|
||||
#annotations:
|
||||
# Use for Basic auth:
|
||||
#nginx.org/basic-auth-secret: example-basic-auth-secret
|
||||
# Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly):
|
||||
#nginx.org/ssl-services: "example-service"
|
||||
# Use for Basic auth:
|
||||
# traefik.ingress.kubernetes.io/router.middlewares: default-basic-auth@kubernetescrd
|
||||
spec:
|
||||
rules:
|
||||
- host: "example.apps.yolokube.de"
|
||||
|
@ -84,14 +82,3 @@ spec:
|
|||
name: example-service
|
||||
port:
|
||||
number: 80
|
||||
# Use for Basic auth:
|
||||
#---
|
||||
#kind: Secret
|
||||
#metadata:
|
||||
# name: example-basic-auth-secret
|
||||
# namespace: example
|
||||
#apiVersion: v1
|
||||
#type: nginx.org/htpasswd
|
||||
#stringData:
|
||||
# htpasswd: |
|
||||
#test:$apr1$2XMU6EMv$f1MJ7zxqTS079YsB7Z.CX/
|
20
traefik/basicauth.yaml
Normal file
20
traefik/basicauth.yaml
Normal file
|
@ -0,0 +1,20 @@
|
|||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: basic-auth
|
||||
namespace: traefik
|
||||
spec:
|
||||
basicAuth:
|
||||
secret: authsecret
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: authsecret
|
||||
namespace: traefik
|
||||
data:
|
||||
users: |2
|
||||
YWFyb246JDJ5JDA1JEIyLlEuOS9lNFZFWHNub2UueXBqWU9raXlrbXJGMmhwQXBFN0NZYzJEUEly
|
||||
MHBGSWRETzFPCnRvbTokMnkkMDUkQnNNN2Z2bWYzR3B1em5hazVPU2dyZTB4ODFLNC52eFVRTy9h
|
||||
S1c1Y1k0Z21RT3p2c3NQTE8KYmFzdGk6JCRhcHIxJCRYYUdERnByYiQkTzlZMW9SaFROWTdVNWFh
|
||||
NUxqM3dhMQo=
|
49
traefik/values.yaml
Normal file
49
traefik/values.yaml
Normal file
|
@ -0,0 +1,49 @@
|
|||
deployment:
|
||||
kind: DaemonSet
|
||||
hostNetwork: true
|
||||
ports:
|
||||
web:
|
||||
port: 80
|
||||
redirectTo:
|
||||
port: "websecure"
|
||||
websecure:
|
||||
port: 443
|
||||
tls:
|
||||
certResolver: "letsencrypt"
|
||||
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop: [ALL]
|
||||
add: [NET_BIND_SERVICE]
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
|
||||
service:
|
||||
type: NodePort
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
|
||||
certResolvers:
|
||||
letsencrypt:
|
||||
email: letsencrypt@ar21.de
|
||||
tlsChallenge: true
|
||||
httpChallenge:
|
||||
entryPoint: "web"
|
||||
storage: /data/acme.json
|
||||
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
maxSurge: 0
|
||||
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
matchRule: Host(`traefik.lab.ar21.de`)
|
||||
entryPoints: ["traefik", "websecure"]
|
||||
middlewares:
|
||||
- name: basic-auth
|
Loading…
Reference in a new issue