Home Explore Help
Register Sign In
eugeniucarvalho
/
traefik
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

mod

EUGENIO SOUZA CARVALHO 4 years ago
parent
8ba554384d
commit
94defb44b3
6 changed files with 76 additions and 16 deletions
Split View Show Diff Stats
  1. 5 5
      020-deployment.yaml
  2. 8 9
      030-ingress.yaml
  3. 1 2
      argocd/ingress.yaml
  4. 39 0
      cert-manager/cluster-cert.yaml
  5. 21 0
      cert-manager/cluster-issuer.yaml
  6. 2 0
      monitoring/009-grafana-ingress.yaml

+ 5 - 5
020-deployment.yaml
View File 

@@ -66,8 +66,8 @@ spec:
 
           # permanent redirecting of all requests on http (80) to https (443)
 
           - --entrypoints.web.http.redirections.entryPoint.to=websecure
 
           - --entrypoints.websecure.http.tls.certResolver=default
 
-          - --entrypoints.websecure.http.tls.domains[0].main=*.monteasua.com.br
 
-          - --entrypoints.websecure.http.tls.domains[1].main=monteasua.com.br
 
+          # - --entrypoints.websecure.http.tls.domains[0].main=*.monteasua.com.br
 
+          # - --entrypoints.websecure.http.tls.domains[1].main=monteasua.com.br
 
           # - --entrypoints.websecure.http.tls.domains[0].sans=monteasua.com.br
 
           #- --entrypoints.websecure.http.tls.certResolver=letsencrypt
 
 
@@ -80,9 +80,9 @@ spec:
 
 
           # - --certificatesresolvers.default.acme.dnsChallenge.provider=duckdns
 
           - --certificatesresolvers.default.acme.dnsChallenge=true
 
-          - --certificatesresolvers.default.acme.dnsChallenge.provider=gcloud
 
-          - --certificatesresolvers.default.acme.dnsChallenge.delaybeforecheck=180
 
-          - --certificatesresolvers.default.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
 
+          # - --certificatesresolvers.default.acme.dnsChallenge.provider=gcloud
 
+          # - --certificatesresolvers.default.acme.dnsChallenge.delaybeforecheck=0
 
+          # - --certificatesresolvers.default.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
 
           # - --certificatesresolvers.default.acme.dnsChallenge.entryPoint=http
 
           - --ping=true
 
           - --providers.kubernetescrd=true

+ 8 - 9
030-ingress.yaml
View File 

@@ -8,14 +8,13 @@ metadata:
 
   name: traefik-dashboard
 
 spec:
 
   routes:
 
-  - match: Host(`traefik.monteasua.com.br`)
 
-    kind: Rule
 
-    services:
 
-    - name: api@internal
 
-      kind: TraefikService
 
+    - match: Host(`traefik.monteasua.com.br`)
 
+      kind: Rule
 
+      services:
 
+        - name: api@internal
 
+          kind: TraefikService
 
+  tls:
 
+    secretName: monteasua-com-br-tls
 
     # optional: add basic auth
 
-    #middlewares: 
+    #middlewares:
 
     #- name: basic-auth
 
-
 
-
 
-

+ 1 - 2
argocd/ingress.yaml
View File 

@@ -15,5 +15,4 @@ spec:
 
         - name: argocd-server
 
           port: 80
 
   tls:
 
-    certResolver: default
 
-    options: {}
 
+    secretName: monteasua-com-br-tls

+ 39 - 0
cert-manager/cluster-cert.yaml
View File 

@@ -0,0 +1,39 @@
 
+apiVersion: cert-manager.io/v1alpha2
 
+kind: Certificate
 
+metadata:
 
+  name: monteasua-com-br
 
+  namespace: kube-system
 
+spec:
 
+  # Secret names are always required.
 
+  secretName: monteasua-com-br-tls
 
+  duration: 2160h # 90d
 
+  renewBefore: 360h # 15d
 
+  organization:
 
+    - jetstack
 
+  # The use of the common name field has been deprecated since 2000 and is
 
+  # discouraged from being used.
 
+  commonName: monteasua.com.br
 
+  # isCA: false
 
+  # keySize: 2048
 
+  # keyAlgorithm: rsa
 
+  # keyEncoding: pkcs1
 
+  # usages:
 
+  #   - server auth
 
+  #   - client auth
 
+  # At least one of a DNS Name, URI, or IP address is required.
 
+  dnsNames:
 
+    - "monteasua.com.br"
 
+    - "*.monteasua.com.br"
 
+  # uriSANs:
 
+  # - spiffe://cluster.local/ns/sandbox/sa/example
 
+  # ipAddresses:
 
+  # - 192.168.0.5
 
+  # Issuer references are always required.
 
+  issuerRef:
 
+    name: le-clusterissuer
 
+    kind: ClusterIssuer
 
+    # We can reference ClusterIssuers by changing the kind here.
 
+    # The default value is Issuer (i.e. a locally namespaced Issuer)
 
+    # This is optional since cert-manager will default to this value however
 
+    # if you are using an external issuer, change this to that issuer group.
 
+    # group: cert-manager.io

+ 21 - 0
cert-manager/cluster-issuer.yaml
View File 

@@ -0,0 +1,21 @@
 
+apiVersion: cert-manager.io/v1alpha2
 
+kind: ClusterIssuer
 
+metadata:
 
+  name: le-clusterissuer
 
+  namespace: kube-system
 
+spec:
 
+  acme:
 
+    # server: https://acme-v02.api.letsencrypt.org/directory
 
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
 
+    email: eugeniucarvalho@gmail.com
 
+    privateKeySecretRef:
 
+      name: le-clusterissuer
 
+    solvers:
 
+      - dns01:
 
+          clouddns:
 
+            # The ID of the GCP project
 
+            project: myroot-283603
 
+            # This is the secret used to access the service account
 
+            serviceAccountSecretRef:
 
+              name: clouddns-dns01-solver-svc-acct
 
+              key: key.json

+ 2 - 0
monitoring/009-grafana-ingress.yaml
View File 

@@ -36,3 +36,5 @@ spec:
 
             backend:
 
               serviceName: grafana
 
               servicePort: 3000
 
+  tls:
 
+    secretName: monteasua-com-br-tls