1
0
forked from k-space/kube

traefik: upgrade to 3.1, migrate dashboard via ingressroute

This commit is contained in:
Erki Aas 2024-07-27 00:06:07 +03:00
parent 3e52f37cde
commit 047cbb5c6b
6 changed files with 33 additions and 54 deletions

View File

@ -67,7 +67,7 @@ spec:
- hosts:
- "*.k-space.ee"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect

View File

@ -240,7 +240,7 @@ spec:
- hosts:
- "*.k-space.ee"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-block-external-cron

View File

@ -32,7 +32,7 @@ spec:
- openid
- profile
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: proxmox-servers-transport
@ -182,7 +182,7 @@ spec:
- hosts:
- "*.k-space.ee"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: proxmox-redirect
@ -232,7 +232,7 @@ spec:
- hosts:
- "*.k-space.ee"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: codemowers-cloud-ip-whitelist

View File

@ -1,20 +1,6 @@
---
apiVersion: v1
kind: Service
metadata:
name: traefik-dashboard
namespace: traefik
spec:
selector:
app.kubernetes.io/instance: k6-traefik
app.kubernetes.io/name: traefik
ports:
- protocol: TCP
port: 9000
targetPort: 9000
---
apiVersion: v1
kind: Service
metadata:
name: traefik-metrics
namespace: traefik
@ -35,35 +21,7 @@ spec:
displayName: Traefik dashboard
uri: 'https://traefik.k-space.ee'
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik-dashboard
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik
# Keep IP address in sync with values.yaml
external-dns.alpha.kubernetes.io/target: 193.40.103.36
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-dashboard@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: traefik.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: traefik-dashboard
port:
number: 9000
tls:
- hosts:
- "*.k-space.ee"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
@ -71,7 +29,24 @@ spec:
defaultCertificate:
secretName: wildcard-tls
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-tls
namespace: traefik
spec:
dnsNames:
- '*.k-space.ee'
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: default
secretName: wildcard-tls
usages:
- digital signature
- key encipherment
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: dashboard-redirect
@ -112,7 +87,7 @@ spec:
egress:
- {}
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: block-metrics

View File

@ -1,6 +1,6 @@
image:
registry: mirror.gcr.io/library
tag: "2.10.4@sha256:bbdacc7c3bec50bd2a4430e8a967df44376419634b733185a80ed79388134bdb"
tag: "3.1.0"
pullPolicy: IfNotPresent
websecure:
@ -34,15 +34,19 @@ globalArguments:
- --entryPoints.web.http.redirections.entryPoint.scheme=https
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee
spec:
# Keep sync with ingress.yml
loadBalancerIP: 193.40.103.36
externalTrafficPolicy: Local
ingressRoute:
dashboard:
enabled: true
domain: traefik.k-space.ee
matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
entryPoints: ["websecure"]
#middlewares:
# - name: "sso"
tlsOptions:
default:

View File

@ -145,7 +145,7 @@ spec:
- hosts:
- "*.k-space.ee"
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: webmail-redirect