forked from k-space/kube
traefik: upgrade to 3.1, migrate dashboard via ingressroute
This commit is contained in:
parent
3e52f37cde
commit
047cbb5c6b
@ -67,7 +67,7 @@ spec:
|
|||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: redirect
|
name: redirect
|
||||||
|
@ -240,7 +240,7 @@ spec:
|
|||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: nextcloud-block-external-cron
|
name: nextcloud-block-external-cron
|
||||||
|
@ -32,7 +32,7 @@ spec:
|
|||||||
- openid
|
- openid
|
||||||
- profile
|
- profile
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: ServersTransport
|
kind: ServersTransport
|
||||||
metadata:
|
metadata:
|
||||||
name: proxmox-servers-transport
|
name: proxmox-servers-transport
|
||||||
@ -182,7 +182,7 @@ spec:
|
|||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: proxmox-redirect
|
name: proxmox-redirect
|
||||||
@ -232,7 +232,7 @@ spec:
|
|||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: codemowers-cloud-ip-whitelist
|
name: codemowers-cloud-ip-whitelist
|
||||||
|
@ -1,20 +1,6 @@
|
|||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
|
||||||
name: traefik-dashboard
|
|
||||||
namespace: traefik
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
app.kubernetes.io/instance: k6-traefik
|
|
||||||
app.kubernetes.io/name: traefik
|
|
||||||
ports:
|
|
||||||
- protocol: TCP
|
|
||||||
port: 9000
|
|
||||||
targetPort: 9000
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
metadata:
|
||||||
name: traefik-metrics
|
name: traefik-metrics
|
||||||
namespace: traefik
|
namespace: traefik
|
||||||
@ -35,35 +21,7 @@ spec:
|
|||||||
displayName: Traefik dashboard
|
displayName: Traefik dashboard
|
||||||
uri: 'https://traefik.k-space.ee'
|
uri: 'https://traefik.k-space.ee'
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: traefik-dashboard
|
|
||||||
namespace: traefik
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: traefik
|
|
||||||
# Keep IP address in sync with values.yaml
|
|
||||||
external-dns.alpha.kubernetes.io/target: 193.40.103.36
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-dashboard@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
|
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: traefik.k-space.ee
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: "/"
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: traefik-dashboard
|
|
||||||
port:
|
|
||||||
number: 9000
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- "*.k-space.ee"
|
|
||||||
---
|
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: TLSStore
|
kind: TLSStore
|
||||||
metadata:
|
metadata:
|
||||||
name: default
|
name: default
|
||||||
@ -71,7 +29,24 @@ spec:
|
|||||||
defaultCertificate:
|
defaultCertificate:
|
||||||
secretName: wildcard-tls
|
secretName: wildcard-tls
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: wildcard-tls
|
||||||
|
namespace: traefik
|
||||||
|
spec:
|
||||||
|
dnsNames:
|
||||||
|
- '*.k-space.ee'
|
||||||
|
issuerRef:
|
||||||
|
group: cert-manager.io
|
||||||
|
kind: ClusterIssuer
|
||||||
|
name: default
|
||||||
|
secretName: wildcard-tls
|
||||||
|
usages:
|
||||||
|
- digital signature
|
||||||
|
- key encipherment
|
||||||
|
---
|
||||||
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: dashboard-redirect
|
name: dashboard-redirect
|
||||||
@ -112,7 +87,7 @@ spec:
|
|||||||
egress:
|
egress:
|
||||||
- {}
|
- {}
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: block-metrics
|
name: block-metrics
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
image:
|
image:
|
||||||
registry: mirror.gcr.io/library
|
registry: mirror.gcr.io/library
|
||||||
tag: "2.10.4@sha256:bbdacc7c3bec50bd2a4430e8a967df44376419634b733185a80ed79388134bdb"
|
tag: "3.1.0"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
websecure:
|
websecure:
|
||||||
@ -34,15 +34,19 @@ globalArguments:
|
|||||||
- --entryPoints.web.http.redirections.entryPoint.scheme=https
|
- --entryPoints.web.http.redirections.entryPoint.scheme=https
|
||||||
|
|
||||||
service:
|
service:
|
||||||
|
annotations:
|
||||||
|
external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee
|
||||||
spec:
|
spec:
|
||||||
# Keep sync with ingress.yml
|
|
||||||
loadBalancerIP: 193.40.103.36
|
|
||||||
externalTrafficPolicy: Local
|
externalTrafficPolicy: Local
|
||||||
|
|
||||||
ingressRoute:
|
ingressRoute:
|
||||||
dashboard:
|
dashboard:
|
||||||
enabled: true
|
enabled: true
|
||||||
domain: traefik.k-space.ee
|
domain: traefik.k-space.ee
|
||||||
|
matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
|
||||||
|
entryPoints: ["websecure"]
|
||||||
|
#middlewares:
|
||||||
|
# - name: "sso"
|
||||||
|
|
||||||
tlsOptions:
|
tlsOptions:
|
||||||
default:
|
default:
|
||||||
|
@ -145,7 +145,7 @@ spec:
|
|||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: webmail-redirect
|
name: webmail-redirect
|
||||||
|
Loading…
Reference in New Issue
Block a user