traefik: upgrade to 3.1, migrate dashboard via ingressroute

camtiler/ingress.yml

@@ -67,7 +67,7 @@ spec:
     - hosts:
         - "*.k-space.ee"
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: redirect

nextcloud/application.yaml

@@ -240,7 +240,7 @@ spec:
   - hosts:
     - "*.k-space.ee"
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: nextcloud-block-external-cron

oidc-gateway/proxmox.yaml

@@ -32,7 +32,7 @@ spec:
     - openid
     - profile
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: ServersTransport
 metadata:
   name: proxmox-servers-transport
@@ -182,7 +182,7 @@ spec:
   - hosts:
     - "*.k-space.ee"
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: proxmox-redirect
@@ -232,7 +232,7 @@ spec:
   - hosts:
     - "*.k-space.ee"
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: codemowers-cloud-ip-whitelist

traefik/application-extras.yml

@@ -1,20 +1,6 @@
 ---
 apiVersion: v1
 kind: Service
-metadata:
-  name: traefik-dashboard
-  namespace: traefik
-spec:
-  selector:
-    app.kubernetes.io/instance: k6-traefik
-    app.kubernetes.io/name: traefik
-  ports:
-    - protocol: TCP
-      port: 9000
-      targetPort: 9000
----
-apiVersion: v1
-kind: Service
 metadata:
   name: traefik-metrics
   namespace: traefik
@@ -35,35 +21,7 @@ spec:
   displayName: Traefik dashboard
   uri: 'https://traefik.k-space.ee'
 ---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: traefik-dashboard
-  namespace: traefik
-  annotations:
-    kubernetes.io/ingress.class: traefik
-    # Keep IP address in sync with values.yaml
-    external-dns.alpha.kubernetes.io/target: 193.40.103.36
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.middlewares: traefik-dashboard@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
-    traefik.ingress.kubernetes.io/router.tls: "true"
-spec:
-  rules:
-  - host: traefik.k-space.ee
-    http:
-      paths:
-      - pathType: Prefix
-        path: "/"
-        backend:
-          service:
-            name: traefik-dashboard
-            port:
-              number: 9000
-  tls:
-    - hosts:
-        - "*.k-space.ee"
----
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSStore
 metadata:
   name: default
@@ -71,7 +29,24 @@ spec:
   defaultCertificate:
     secretName: wildcard-tls
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-tls
+  namespace: traefik
+spec:
+  dnsNames:
+    - '*.k-space.ee'
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: default
+  secretName: wildcard-tls
+  usages:
+    - digital signature
+    - key encipherment
+---
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: dashboard-redirect
@@ -112,7 +87,7 @@ spec:
   egress:
   - {}
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: block-metrics

traefik/values.yml

@@ -1,6 +1,6 @@
 image:
   registry: mirror.gcr.io/library
-  tag: "2.10.4@sha256:bbdacc7c3bec50bd2a4430e8a967df44376419634b733185a80ed79388134bdb"
+  tag: "3.1.0"
   pullPolicy: IfNotPresent
 
 websecure:
@@ -34,15 +34,19 @@ globalArguments:
  - --entryPoints.web.http.redirections.entryPoint.scheme=https
 
 service:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee
   spec:
-    # Keep sync with ingress.yml
-    loadBalancerIP: 193.40.103.36
     externalTrafficPolicy: Local
 
 ingressRoute:
   dashboard:
     enabled: true
     domain: traefik.k-space.ee
+    matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
+    entryPoints: ["websecure"]
+    #middlewares: 
+     # - name: "sso"
 
 tlsOptions:
   default:

wildduck/webmail.yaml

@@ -145,7 +145,7 @@ spec:
   - hosts:
     - "*.k-space.ee"
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: webmail-redirect