fix email

010-crd_rbac.yaml

@@ -0,0 +1,173 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutes.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRoute
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutetcps.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRouteTCP
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: middlewares.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: Middleware
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: tlsoptions.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSOption
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: traefikservices.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TraefikService
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: tlsstores.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSStore
+    plural: tlsstores
+    singular: tlsstore
+  scope: Namespaced
+
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressrouteudps.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRouteUDP
+    plural: ingressrouteudps
+    singular: ingressrouteudp
+  scope: Namespaced
+
+
+
+
+
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - traefik.containo.us
+    resources:
+      - middlewares
+      - ingressroutes
+      - traefikservices
+      - ingressroutetcps
+      - ingressrouteudps
+      - tlsoptions
+      - tlsstores
+    verbs:
+      - get
+      - list
+      - watch
+
+
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+  - kind: ServiceAccount
+    name: traefik
+    namespace: kube-system
+
+    

011-persistencevolume.yaml

@@ -0,0 +1,43 @@
+###############################
+# acme.json storage
+# This configuration obejct is optional and can be used to store the traefik acme.json file 
+# in a longhorn persistence volume named 'traefik-data'
+# To enable the persistence storage you need to uncomment the volumeMouns in the 002-deployment.yml file. 
+###############################
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: traefik-data
+  namespace: kube-system
+spec:
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  claimRef:
+    namespace: kube-system
+    name: traefik-data
+  csi:
+    driver: driver.longhorn.io
+    fsType: ext4
+    volumeHandle: traefik-data
+  storageClassName: longhorn-durable
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: traefik-data
+  namespace: kube-system
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn-durable
+  resources:
+    requests:
+      storage: 1Gi
+  volumeName: "traefik-data"
+
+
+

020-deployment.yaml

@@ -0,0 +1,244 @@
+###############################
+# ServiceAccount
+###############################
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: traefik
+  namespace: kube-system
+
+###############################
+# Deployment
+###############################
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: traefik
+    release: traefik
+  name: traefik
+  namespace: kube-system
+
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: traefik
+      release: traefik
+  template:
+    metadata:
+      labels:
+        app: traefik
+        release: traefik
+    spec:
+      containers:
+      - args:
+        - --api
+        - --api.insecure=true
+        # Set insecure to fals to enable basic auth
+        #- --api.insecure=false
+        - --api.dashboard=true
+        - --accesslog
+        - --global.checknewversion=true
+        - --entryPoints.traefik.address=:8100
+        - --entryPoints.web.address=:80
+        - --entryPoints.websecure.address=:443
+
+        # permanent redirecting of all requests on http (80) to https (443)
+        - --entrypoints.web.http.redirections.entryPoint.to=websecure
+        - --entrypoints.websecure.http.tls.certResolver=default
+
+        # Let's Encrypt Configurtion:
+        # Please note that this is the staging Let's Encrypt server configuration.
+        # Once you get things working, you should remove that following line.
+        - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+        - --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com
+        - --certificatesresolvers.default.acme.storage=/var/lib/traefik/acme.json
+        - --certificatesresolvers.default.acme.tlschallenge=true
+
+        - --ping=true
+        - --providers.kubernetescrd=true
+        - --providers.kubernetesingress=true
+
+        # Use log level= INFO or DEBUG
+        - --log.level=INFO
+        image: traefik:2.2.1
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /ping
+            port: 8100
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 2
+        name: traefik
+        ports:
+        - containerPort: 8100
+          name: admin
+          protocol: TCP
+        - containerPort: 80
+          name: web
+          protocol: TCP
+        - containerPort: 443
+          name: websecure
+          protocol: TCP
+
+        # optional storage 
+        # enable this option only in case you have defined a persistence volume claim
+        #volumeMounts:
+        #- name: traefik-data
+        #  mountPath: /var/lib/traefik
+
+        readinessProbe:
+          failureThreshold: 1
+          httpGet:
+            path: /ping
+            port: 8100
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 2
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccount: traefik
+      serviceAccountName: traefik
+      terminationGracePeriodSeconds: 60
+      
+      # optional storage
+      # enable this option only in case you have defined a persistence volume claim
+      #volumes:
+      #  - name: traefik-data
+      #    persistentVolumeClaim:
+      #      claimName: traefik-data
+
+
+
+###############################
+# Service
+###############################
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: traefik
+    release: traefik
+  name: traefik
+  namespace: kube-system
+spec:
+  externalIPs:
+  - "10.128.0.8"
+  externalTrafficPolicy: Cluster
+  ports:
+  - name: web
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  - name: websecure
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  - name: admin
+    port: 8100
+    protocol: TCP
+    targetPort: 8100
+  selector:
+    app: traefik
+    release: traefik
+  sessionAffinity: None
+  type: LoadBalancer
+status:
+  loadBalancer: {}
+
+
+
+
+
+
+#########################################################
+# The Middleware configuration contains middleware componenst
+# for a HTTP->HTTS redirection and a BasicAuth example. 
+#########################################################
+
+
+
+###############################
+# Middleware for basicAuth 
+###############################
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: basic-auth
+spec:
+  basicAuth:
+    secret: authsecret
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authsecret
+  namespace: default
+
+#------------ Paste your own password file content here (default user/password=admin/adminadmin)--------------
+data:
+  users: |2
+    YWRtaW46JGFwcjEkWXdmLkF6Um0kc3owTkpQMi55cy56V2svek43aENtLwoKdXNl
+    cjokYXByMSRaU2VKQW1pOSRVV1AvcDdsQy9KSzdrbXBIMXdGL28uCgo=
+
+
+###############################
+# Middleware for HTTP->HTTPS
+# This middleware is not needed in case of: 
+#      entrypoints.web.http.redirections.entryPoint.to=websecure
+###############################
+#---
+#apiVersion: traefik.containo.us/v1alpha1
+#kind: Middleware
+#metadata:
+#  name: https-redirect
+#spec:
+#  redirectScheme:
+#    scheme: https
+#    permanent: true
+#    #port: 443
+
+
+###############################
+# Middleware for CORS
+###############################
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: cors-all
+spec:
+  headers:
+    accessControlAllowMethods:
+      - "GET"
+      - "OPTIONS"
+      - "PUT"
+      - "POST"
+    accessControlAllowOriginList: 
+      - "origin-list-or-null"
+    accessControlMaxAge: 100
+    accessControlAllowHeaders:
+      - "Content-Type"
+    addVaryHeader: true
+    customRequestHeaders:
+      X-Forwarded-Proto: "https"
+
+
+

030-ingress.yaml

@@ -0,0 +1,21 @@
+#####################################################
+# Secure traefik dashboard with https and basic auth
+#####################################################
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: traefik-dashboard
+spec:
+  routes:
+  - match: Host(`traefik.eugeniocarvalho.dev`)
+    kind: Rule
+    services:
+    - name: api@internal
+      kind: TraefikService
+    # optional: add basic auth
+    #middlewares: 
+    #- name: basic-auth
+
+
+

traefik.yaml

@@ -1,449 +0,0 @@
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: ingressroutes.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: IngressRoute
-    plural: ingressroutes
-    singular: ingressroute
-  scope: Namespaced
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: ingressroutetcps.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: IngressRouteTCP
-    plural: ingressroutetcps
-    singular: ingressroutetcp
-  scope: Namespaced
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: middlewares.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: Middleware
-    plural: middlewares
-    singular: middleware
-  scope: Namespaced
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: tlsoptions.traefik.containo.us
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: TLSOption
-    plural: tlsoptions
-    singular: tlsoption
-  scope: Namespaced
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: traefikservices.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: TraefikService
-    plural: traefikservices
-    singular: traefikservice
-  scope: Namespaced
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: tlsstores.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: TLSStore
-    plural: tlsstores
-    singular: tlsstore
-  scope: Namespaced
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: ingressrouteudps.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: IngressRouteUDP
-    plural: ingressrouteudps
-    singular: ingressrouteudp
-  scope: Namespaced
-
-#RBAC  --------------------------------------------
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: traefik-ingress-controller
-
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - services
-      - endpoints
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - ingresses/status
-    verbs:
-      - update
-  - apiGroups:
-      - traefik.containo.us
-    resources:
-      - middlewares
-      - ingressroutes
-      - traefikservices
-      - ingressroutetcps
-      - ingressrouteudps  #-------------
-      - tlsoptions
-      - tlsstores #-------------
-    verbs:
-      - get
-      - list
-      - watch
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: traefik-ingress-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: traefik-ingress-controller
-subjects:
-  - kind: ServiceAccount
-    name: traefik
-    namespace: kube-system
-
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
-  name: traefik-data
-  namespace: kube-system
-spec:
-  capacity:
-    storage: 1Gi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce
-  claimRef:
-    namespace: kube-system
-    name: traefik-data
-  csi:
-    driver: driver.longhorn.io
-    fsType: ext4
-    volumeHandle: traefik-data
-  storageClassName: longhorn-durable
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: traefik-data
-  namespace: kube-system
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: longhorn-durable
-  resources:
-    requests:
-      storage: 1Gi
-  volumeName: "traefik-data"
-#INGRESS --------------------------------------------
----
-#####################################################
-# Secure traefik dashboard with https and basic auth
-#####################################################
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: traefik-dashboard
-spec:
-  routes:
-    - match: Host(`traefik.eugeniocarvalho.dev`)
-      kind: Rule
-      services:
-        - name: api@internal
-          kind: TraefikService
-      # optional: add basic auth
-      #middlewares:
-      #  - name: basic-auth
-
-###############################
-# ServiceAccount
-###############################
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: traefik
-  namespace: kube-system
-
-###############################
-# Deployment
-###############################
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: traefik
-    release: traefik
-  name: traefik
-  namespace: kube-system
-
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: traefik
-      release: traefik
-  template:
-    metadata:
-      labels:
-        app: traefik
-        release: traefik
-    spec:
-      containers:
-        - args:
-            - --api
-            - --api.insecure=true
-            # Set insecure to fals to enable basic auth
-            #- --api.insecure=false
-            - --api.dashboard=true
-            - --accesslog
-            - --global.checknewversion=true
-            - --entryPoints.traefik.address=:8100
-            - --entryPoints.web.address=:80
-            - --entryPoints.websecure.address=:443
-
-            # permanent redirecting of all requests on http (80) to https (443)
-            - --entrypoints.web.http.redirections.entryPoint.to=websecure
-            - --entrypoints.websecure.http.tls.certResolver=default
-
-            # Let's Encrypt Configurtion:
-            # Please note that this is the staging Let's Encrypt server configuration.
-            # Once you get things working, you should remove that following line.
-            - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
-            - --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com
-            - --certificatesresolvers.default.acme.storage=/var/lib/traefik/acme.json
-            - --certificatesresolvers.default.acme.tlschallenge=true
-
-            - --ping=true
-            - --providers.kubernetescrd=true
-            - --providers.kubernetesingress=true
-
-            # Use log level= INFO or DEBUG
-            - --log.level=INFO
-          image: traefik:2.2.1
-          imagePullPolicy: IfNotPresent
-          livenessProbe:
-            failureThreshold: 3
-            httpGet:
-              path: /ping
-              port: 8100
-              scheme: HTTP
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            successThreshold: 1
-            timeoutSeconds: 2
-          name: traefik
-          ports:
-            - containerPort: 8100
-              name: admin
-              protocol: TCP
-            - containerPort: 80
-              name: web
-              protocol: TCP
-            - containerPort: 443
-              name: websecure
-              protocol: TCP
-
-          # optional storage
-          # enable this option only in case you have defined a persistence volume claim
-          volumeMounts:
-            - name: traefik-data
-              mountPath: /var/lib/traefik
-
-          readinessProbe:
-            failureThreshold: 1
-            httpGet:
-              path: /ping
-              port: 8100
-              scheme: HTTP
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            successThreshold: 1
-            timeoutSeconds: 2
-          resources: {}
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      securityContext: {}
-      serviceAccount: traefik
-      serviceAccountName: traefik
-      terminationGracePeriodSeconds: 60
-
-      # optional storage
-      # enable this option only in case you have defined a persistence volume claim
-      volumes:
-        - name: traefik-data
-          persistentVolumeClaim:
-            claimName: traefik-data
-
-###############################
-# Service
-###############################
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: traefik
-    release: traefik
-  name: traefik
-  namespace: kube-system
-spec:
-  externalIPs:
-    - 10.128.0.8
-  externalTrafficPolicy: Cluster
-  ports:
-    - name: web
-      port: 80
-      protocol: TCP
-      targetPort: 80
-    - name: websecure
-      port: 443
-      protocol: TCP
-      targetPort: 443
-    - name: admin
-      port: 8100
-      protocol: TCP
-      targetPort: 8100
-  selector:
-    app: traefik
-    release: traefik
-  sessionAffinity: None
-  type: LoadBalancer
-status:
-  loadBalancer: {}
-
-#########################################################
-# The Middleware configuration contains middleware componenst
-# for a HTTP->HTTS redirection and a BasicAuth example.
-#########################################################
-
-###############################
-# Middleware for basicAuth
-###############################
----
-# apiVersion: traefik.containo.us/v1alpha1
-# kind: Middleware
-# metadata:
-#   name: basic-auth
-# spec:
-#   basicAuth:
-#     secret: authsecret
-
-# ---
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: authsecret
-#   namespace: default
-
-# #------------ Paste your own password file content here (default user/password=admin/adminadmin)--------------
-# data:
-#   users: |2
-#     YWRtaW46JGFwcjEkWXdmLkF6Um0kc3owTkpQMi55cy56V2svek43aENtLwoKdXNl
-#     cjokYXByMSRaU2VKQW1pOSRVV1AvcDdsQy9KSzdrbXBIMXdGL28uCgo=
-
-###############################
-# Middleware for HTTP->HTTPS
-# This middleware is not needed in case of:
-#      entrypoints.web.http.redirections.entryPoint.to=websecure
-###############################
-#---
-#apiVersion: traefik.containo.us/v1alpha1
-#kind: Middleware
-#metadata:
-#  name: https-redirect
-#spec:
-#  redirectScheme:
-#    scheme: https
-#    permanent: true
-#    #port: 443
-
-###############################
-# Middleware for CORS
-###############################
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: cors-all
-spec:
-  headers:
-    accessControlAllowMethods:
-      - "GET"
-      - "OPTIONS"
-      - "PUT"
-      - "POST"
-    accessControlAllowOriginList:
-      - "origin-list-or-null"
-    accessControlMaxAge: 100
-    accessControlAllowHeaders:
-      - "Content-Type"
-    addVaryHeader: true
-    customRequestHeaders:
-      X-Forwarded-Proto: "https"