dos4dev/kube
1
0
Fork 0
forked from k-space/kube
Code Pull Requests Activity

traefik: upgrade to 3.1, migrate dashboard via ingressroute

Browse Source
This commit is contained in:
Erki Aas
2024-07-27 00:06:07 +03:00
parent 3e52f37cde
commit 047cbb5c6b
6 changed files with 33 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
camtiler/ingress.yml
View File

@@ -67,7 +67,7 @@ spec:
- hosts: - hosts:
- "*.k-space.ee" - "*.k-space.ee"
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: redirect name: redirect

2
nextcloud/application.yaml
View File

@@ -240,7 +240,7 @@ spec:
- hosts: - hosts:
- "*.k-space.ee" - "*.k-space.ee"
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: nextcloud-block-external-cron name: nextcloud-block-external-cron

6
oidc-gateway/proxmox.yaml
View File

@@ -32,7 +32,7 @@ spec:
- openid - openid
- profile - profile
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: ServersTransport kind: ServersTransport
metadata: metadata:
name: proxmox-servers-transport name: proxmox-servers-transport
@@ -182,7 +182,7 @@ spec:
- hosts: - hosts:
- "*.k-space.ee" - "*.k-space.ee"
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: proxmox-redirect name: proxmox-redirect
@@ -232,7 +232,7 @@ spec:
- hosts: - hosts:
- "*.k-space.ee" - "*.k-space.ee"
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: codemowers-cloud-ip-whitelist name: codemowers-cloud-ip-whitelist

65
traefik/application-extras.yml
View File

@@ -1,20 +1,6 @@
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata:
name: traefik-dashboard
namespace: traefik
spec:
selector:
app.kubernetes.io/instance: k6-traefik
app.kubernetes.io/name: traefik
ports:
- protocol: TCP
port: 9000
targetPort: 9000
---
apiVersion: v1
kind: Service
metadata: metadata:
name: traefik-metrics name: traefik-metrics
namespace: traefik namespace: traefik
@@ -35,35 +21,7 @@ spec:
displayName: Traefik dashboard displayName: Traefik dashboard
uri: 'https://traefik.k-space.ee' uri: 'https://traefik.k-space.ee'
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: traefik.io/v1alpha1
kind: Ingress
metadata:
name: traefik-dashboard
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik
# Keep IP address in sync with values.yaml
external-dns.alpha.kubernetes.io/target: 193.40.103.36
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-dashboard@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: traefik.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: traefik-dashboard
port:
number: 9000
tls:
- hosts:
- "*.k-space.ee"
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore kind: TLSStore
metadata: metadata:
name: default name: default
@@ -71,7 +29,24 @@ spec:
defaultCertificate: defaultCertificate:
secretName: wildcard-tls secretName: wildcard-tls
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-tls
namespace: traefik
spec:
dnsNames:
- '*.k-space.ee'
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: default
secretName: wildcard-tls
usages:
- digital signature
- key encipherment
---
apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: dashboard-redirect name: dashboard-redirect
@@ -112,7 +87,7 @@ spec:
egress: egress:
- {} - {}
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: block-metrics name: block-metrics

10
traefik/values.yml
View File

@@ -1,6 +1,6 @@
image: image:
registry: mirror.gcr.io/library registry: mirror.gcr.io/library
tag: "2.10.4@sha256:bbdacc7c3bec50bd2a4430e8a967df44376419634b733185a80ed79388134bdb" tag: "3.1.0"
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
websecure: websecure:
@@ -34,15 +34,19 @@ globalArguments:
- --entryPoints.web.http.redirections.entryPoint.scheme=https - --entryPoints.web.http.redirections.entryPoint.scheme=https
service: service:
annotations:
external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee
spec: spec:
# Keep sync with ingress.yml
loadBalancerIP: 193.40.103.36
externalTrafficPolicy: Local externalTrafficPolicy: Local
ingressRoute: ingressRoute:
dashboard: dashboard:
enabled: true enabled: true
domain: traefik.k-space.ee domain: traefik.k-space.ee
matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
entryPoints: ["websecure"]
#middlewares:
# - name: "sso"
tlsOptions: tlsOptions:
default: default:

2
wildduck/webmail.yaml
View File

@@ -145,7 +145,7 @@ spec:
- hosts: - hosts:
- "*.k-space.ee" - "*.k-space.ee"
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.io/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: webmail-redirect name: webmail-redirect