traefik: upgrade to 3.1, migrate dashboard via ingressroute
This commit is contained in:
parent
3e52f37cde
commit
047cbb5c6b
@ -67,7 +67,7 @@ spec:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: redirect
|
||||
|
@ -240,7 +240,7 @@ spec:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: nextcloud-block-external-cron
|
||||
|
@ -32,7 +32,7 @@ spec:
|
||||
- openid
|
||||
- profile
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: ServersTransport
|
||||
metadata:
|
||||
name: proxmox-servers-transport
|
||||
@ -182,7 +182,7 @@ spec:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: proxmox-redirect
|
||||
@ -232,7 +232,7 @@ spec:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: codemowers-cloud-ip-whitelist
|
||||
|
@ -1,20 +1,6 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: traefik-dashboard
|
||||
namespace: traefik
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/instance: k6-traefik
|
||||
app.kubernetes.io/name: traefik
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: traefik-metrics
|
||||
namespace: traefik
|
||||
@ -35,35 +21,7 @@ spec:
|
||||
displayName: Traefik dashboard
|
||||
uri: 'https://traefik.k-space.ee'
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: traefik-dashboard
|
||||
namespace: traefik
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
# Keep IP address in sync with values.yaml
|
||||
external-dns.alpha.kubernetes.io/target: 193.40.103.36
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-dashboard@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
spec:
|
||||
rules:
|
||||
- host: traefik.k-space.ee
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: traefik-dashboard
|
||||
port:
|
||||
number: 9000
|
||||
tls:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: TLSStore
|
||||
metadata:
|
||||
name: default
|
||||
@ -71,7 +29,24 @@ spec:
|
||||
defaultCertificate:
|
||||
secretName: wildcard-tls
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: wildcard-tls
|
||||
namespace: traefik
|
||||
spec:
|
||||
dnsNames:
|
||||
- '*.k-space.ee'
|
||||
issuerRef:
|
||||
group: cert-manager.io
|
||||
kind: ClusterIssuer
|
||||
name: default
|
||||
secretName: wildcard-tls
|
||||
usages:
|
||||
- digital signature
|
||||
- key encipherment
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: dashboard-redirect
|
||||
@ -112,7 +87,7 @@ spec:
|
||||
egress:
|
||||
- {}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: block-metrics
|
||||
|
@ -1,6 +1,6 @@
|
||||
image:
|
||||
registry: mirror.gcr.io/library
|
||||
tag: "2.10.4@sha256:bbdacc7c3bec50bd2a4430e8a967df44376419634b733185a80ed79388134bdb"
|
||||
tag: "3.1.0"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
websecure:
|
||||
@ -34,15 +34,19 @@ globalArguments:
|
||||
- --entryPoints.web.http.redirections.entryPoint.scheme=https
|
||||
|
||||
service:
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee
|
||||
spec:
|
||||
# Keep sync with ingress.yml
|
||||
loadBalancerIP: 193.40.103.36
|
||||
externalTrafficPolicy: Local
|
||||
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: true
|
||||
domain: traefik.k-space.ee
|
||||
matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
|
||||
entryPoints: ["websecure"]
|
||||
#middlewares:
|
||||
# - name: "sso"
|
||||
|
||||
tlsOptions:
|
||||
default:
|
||||
|
@ -145,7 +145,7 @@ spec:
|
||||
- hosts:
|
||||
- "*.k-space.ee"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: webmail-redirect
|
||||
|
Loading…
Reference in New Issue
Block a user