kube/traefik/application-extras.yml

109 lines
2.0 KiB
YAML

---
apiVersion: v1
kind: Service
metadata:
name: traefik-metrics
namespace: traefik
spec:
selector:
app.kubernetes.io/instance: k6-traefik
app.kubernetes.io/name: traefik
ports:
- protocol: TCP
port: 9100
targetPort: 9100
---
apiVersion: codemowers.io/v1alpha1
kind: OIDCGWMiddlewareClient
metadata:
name: dashboard
spec:
displayName: Traefik dashboard
uri: 'https://traefik.k-space.ee'
---
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
spec:
defaultCertificate:
secretName: wildcard-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-tls
namespace: traefik
spec:
dnsNames:
- '*.k-space.ee'
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: default
secretName: wildcard-tls
usages:
- digital signature
- key encipherment
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: dashboard-redirect
spec:
redirectRegex:
regex: ^https://traefik.k-space.ee/?$
replacement: https://traefik.k-space.ee/dashboard/
permanent: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: traefik
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: traefik
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: prometheus-operator
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
ports:
- protocol: TCP
port: 9100
- from:
- ipBlock:
cidr: 0.0.0.0/0
- ports:
- port: 80
- port: 443
egress:
- {}
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: block-metrics
spec:
replacePathRegex:
regex: ^/metrics
replacement: /
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: traefik
spec:
selector:
matchLabels:
app.kubernetes.io/name: traefik
podMetricsEndpoints:
- port: metrics