forked from k-space/kube
130 lines
2.6 KiB
YAML
130 lines
2.6 KiB
YAML
---
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: sso
|
|
spec:
|
|
chain:
|
|
middlewares:
|
|
- name: chain-k6-authelia-auth
|
|
namespace: authelia
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: traefik-dashboard
|
|
namespace: traefik
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/name: traefik
|
|
app.kubernetes.io/instance: k6
|
|
ports:
|
|
- protocol: TCP
|
|
port: 9000
|
|
targetPort: 9000
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: traefik-metrics
|
|
namespace: traefik
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/name: traefik
|
|
app.kubernetes.io/instance: k6
|
|
ports:
|
|
- protocol: TCP
|
|
port: 9100
|
|
targetPort: 9100
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: traefik-dashboard
|
|
namespace: traefik
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
cert-manager.io/cluster-issuer: default
|
|
# Keep IP address in sync with values.yaml
|
|
external-dns.alpha.kubernetes.io/target: 193.40.103.36
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
spec:
|
|
rules:
|
|
- host: traefik.k-space.ee
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: traefik-dashboard
|
|
port:
|
|
number: 9000
|
|
tls:
|
|
- hosts:
|
|
- traefik.k-space.ee
|
|
secretName: traefik-tls
|
|
---
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: dashboard-redirect
|
|
spec:
|
|
redirectRegex:
|
|
regex: ^https://traefik.k-space.ee/?$
|
|
replacement: https://traefik.k-space.ee/dashboard/
|
|
permanent: false
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: NetworkPolicy
|
|
metadata:
|
|
name: traefik
|
|
spec:
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
policyTypes:
|
|
- Ingress
|
|
- Egress
|
|
ingress:
|
|
- from:
|
|
- namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: prometheus-operator
|
|
podSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: prometheus
|
|
ports:
|
|
- protocol: TCP
|
|
port: 9100
|
|
- from:
|
|
- ipBlock:
|
|
cidr: 0.0.0.0/0
|
|
- ports:
|
|
- port: 80
|
|
- port: 443
|
|
egress:
|
|
- {}
|
|
---
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: block-metrics
|
|
spec:
|
|
replacePathRegex:
|
|
regex: ^/metrics
|
|
replacement: /
|
|
---
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: PodMonitor
|
|
metadata:
|
|
name: traefik
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
podMetricsEndpoints:
|
|
- port: metrics
|