From 047cbb5c6b3368422b2180db921810ecdf8cae22 Mon Sep 17 00:00:00 2001 From: Erki Aas Date: Sat, 27 Jul 2024 00:06:07 +0300 Subject: [PATCH] traefik: upgrade to 3.1, migrate dashboard via ingressroute --- camtiler/ingress.yml | 2 +- nextcloud/application.yaml | 2 +- oidc-gateway/proxmox.yaml | 6 ++-- traefik/application-extras.yml | 65 +++++++++++----------------------- traefik/values.yml | 10 ++++-- wildduck/webmail.yaml | 2 +- 6 files changed, 33 insertions(+), 54 deletions(-) diff --git a/camtiler/ingress.yml b/camtiler/ingress.yml index 8ebb2d6..6575150 100644 --- a/camtiler/ingress.yml +++ b/camtiler/ingress.yml @@ -67,7 +67,7 @@ spec: - hosts: - "*.k-space.ee" --- -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: redirect diff --git a/nextcloud/application.yaml b/nextcloud/application.yaml index c0dc509..d07aeb7 100644 --- a/nextcloud/application.yaml +++ b/nextcloud/application.yaml @@ -240,7 +240,7 @@ spec: - hosts: - "*.k-space.ee" --- -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: nextcloud-block-external-cron diff --git a/oidc-gateway/proxmox.yaml b/oidc-gateway/proxmox.yaml index 850beed..d11554d 100644 --- a/oidc-gateway/proxmox.yaml +++ b/oidc-gateway/proxmox.yaml @@ -32,7 +32,7 @@ spec: - openid - profile --- -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: ServersTransport metadata: name: proxmox-servers-transport @@ -182,7 +182,7 @@ spec: - hosts: - "*.k-space.ee" --- -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: proxmox-redirect @@ -232,7 +232,7 @@ spec: - hosts: - "*.k-space.ee" --- -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: codemowers-cloud-ip-whitelist diff --git a/traefik/application-extras.yml b/traefik/application-extras.yml index e8a8645..c303447 100644 --- a/traefik/application-extras.yml +++ b/traefik/application-extras.yml @@ -1,20 +1,6 @@ --- apiVersion: v1 kind: Service -metadata: - name: traefik-dashboard - namespace: traefik -spec: - selector: - app.kubernetes.io/instance: k6-traefik - app.kubernetes.io/name: traefik - ports: - - protocol: TCP - port: 9000 - targetPort: 9000 ---- -apiVersion: v1 -kind: Service metadata: name: traefik-metrics namespace: traefik @@ -35,35 +21,7 @@ spec: displayName: Traefik dashboard uri: 'https://traefik.k-space.ee' --- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: traefik-dashboard - namespace: traefik - annotations: - kubernetes.io/ingress.class: traefik - # Keep IP address in sync with values.yaml - external-dns.alpha.kubernetes.io/target: 193.40.103.36 - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: traefik-dashboard@kubernetescrd,traefik-dashboard-redirect@kubernetescrd - traefik.ingress.kubernetes.io/router.tls: "true" -spec: - rules: - - host: traefik.k-space.ee - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: traefik-dashboard - port: - number: 9000 - tls: - - hosts: - - "*.k-space.ee" ---- -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: TLSStore metadata: name: default @@ -71,7 +29,24 @@ spec: defaultCertificate: secretName: wildcard-tls --- -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-tls + namespace: traefik +spec: + dnsNames: + - '*.k-space.ee' + issuerRef: + group: cert-manager.io + kind: ClusterIssuer + name: default + secretName: wildcard-tls + usages: + - digital signature + - key encipherment +--- +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: dashboard-redirect @@ -112,7 +87,7 @@ spec: egress: - {} --- -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: block-metrics diff --git a/traefik/values.yml b/traefik/values.yml index d5f0f3b..4a884aa 100644 --- a/traefik/values.yml +++ b/traefik/values.yml @@ -1,6 +1,6 @@ image: registry: mirror.gcr.io/library - tag: "2.10.4@sha256:bbdacc7c3bec50bd2a4430e8a967df44376419634b733185a80ed79388134bdb" + tag: "3.1.0" pullPolicy: IfNotPresent websecure: @@ -34,15 +34,19 @@ globalArguments: - --entryPoints.web.http.redirections.entryPoint.scheme=https service: + annotations: + external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee spec: - # Keep sync with ingress.yml - loadBalancerIP: 193.40.103.36 externalTrafficPolicy: Local ingressRoute: dashboard: enabled: true domain: traefik.k-space.ee + matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)) + entryPoints: ["websecure"] + #middlewares: + # - name: "sso" tlsOptions: default: diff --git a/wildduck/webmail.yaml b/wildduck/webmail.yaml index 5519a1b..9c6339f 100644 --- a/wildduck/webmail.yaml +++ b/wildduck/webmail.yaml @@ -145,7 +145,7 @@ spec: - hosts: - "*.k-space.ee" --- -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: webmail-redirect