kube/traefik/application-extras.yml

138 lines
2.8 KiB
YAML

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: sso
spec:
chain:
middlewares:
- name: chain-k6-authelia-auth
namespace: authelia
---
apiVersion: v1
kind: Service
metadata:
name: traefik-dashboard
namespace: traefik
spec:
selector:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: k6
ports:
- protocol: TCP
port: 9000
targetPort: 9000
---
apiVersion: v1
kind: Service
metadata:
name: traefik-metrics
namespace: traefik
spec:
selector:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: k6
ports:
- protocol: TCP
port: 9100
targetPort: 9100
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik-dashboard
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: default
# Keep IP address in sync with values.yaml
external-dns.alpha.kubernetes.io/target: 193.40.103.36
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
rules:
- host: traefik.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: traefik-dashboard
port:
number: 9000
tls:
- hosts:
- "*.k-space.ee"
secretName: wildcard-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
name: default
spec:
defaultCertificate:
secretName: wildcard-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: dashboard-redirect
spec:
redirectRegex:
regex: ^https://traefik.k-space.ee/?$
replacement: https://traefik.k-space.ee/dashboard/
permanent: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: traefik
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: traefik
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: prometheus-operator
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
ports:
- protocol: TCP
port: 9100
- from:
- ipBlock:
cidr: 0.0.0.0/0
- ports:
- port: 80
- port: 443
egress:
- {}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: block-metrics
spec:
replacePathRegex:
regex: ^/metrics
replacement: /
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: traefik
spec:
selector:
matchLabels:
app.kubernetes.io/name: traefik
podMetricsEndpoints:
- port: metrics