134 lines
2.7 KiB
YAML
134 lines
2.7 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: traefik-dashboard
|
|
namespace: traefik
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/instance: k6-traefik
|
|
app.kubernetes.io/name: traefik
|
|
ports:
|
|
- protocol: TCP
|
|
port: 9000
|
|
targetPort: 9000
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: traefik-metrics
|
|
namespace: traefik
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/instance: k6-traefik
|
|
app.kubernetes.io/name: traefik
|
|
ports:
|
|
- protocol: TCP
|
|
port: 9100
|
|
targetPort: 9100
|
|
---
|
|
apiVersion: codemowers.io/v1alpha1
|
|
kind: OIDCGWMiddlewareClient
|
|
metadata:
|
|
name: dashboard
|
|
spec:
|
|
displayName: Traefik dashboard
|
|
uri: 'https://traefik.k-space.ee'
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: traefik-dashboard
|
|
namespace: traefik
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
# Keep IP address in sync with values.yaml
|
|
external-dns.alpha.kubernetes.io/target: 193.40.103.36
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-dashboard@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
spec:
|
|
rules:
|
|
- host: traefik.k-space.ee
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: traefik-dashboard
|
|
port:
|
|
number: 9000
|
|
tls:
|
|
- hosts:
|
|
- "*.k-space.ee"
|
|
---
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
kind: TLSStore
|
|
metadata:
|
|
name: default
|
|
spec:
|
|
defaultCertificate:
|
|
secretName: wildcard-tls
|
|
---
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: dashboard-redirect
|
|
spec:
|
|
redirectRegex:
|
|
regex: ^https://traefik.k-space.ee/?$
|
|
replacement: https://traefik.k-space.ee/dashboard/
|
|
permanent: false
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: traefik
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: prometheus-operator
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: prometheus
|
|
ports:
|
|
- protocol: TCP
|
|
port: 9100
|
|
- from:
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
- ports:
|
|
- port: 80
|
|
- port: 443
|
|
egress:
|
|
- {}
|
|
---
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: block-metrics
|
|
spec:
|
|
replacePathRegex:
|
|
regex: ^/metrics
|
|
replacement: /
|
|
---
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: PodMonitor
|
|
metadata:
|
|
name: traefik
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
podMetricsEndpoints:
|
|
- port: metrics
|