###############################
# ServiceAccount
###############################
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik
namespace: kube-system
---
apiVersion: v1
kind: Secret
metadata:
name: google-crendential
labels:
name: google-crendential
namespace: kube-system
type: Opaque
data:
gcloud-credentials.json: "ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAibXlyb290LTI4MzYwMyIsCiAgInByaXZhdGVfa2V5X2lkIjogIjliYzkwODA4ODlmZjAxMDRiODI1ODE1ZTkwMGNjNGU0ZmVmNWNmYmQiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ2ZxWHgzT2xtUmhyRWNcbmx2TXRnTnJ2QXdHTldSS0l0cmRPTDQ4QXFCd2xYTU9KYldyVURScWw2RHE5QTlZekVlWGRia0dVSm9UWDdSR2hcbnFqc2dHWjRtRWR3aWkybVpJNHIxajEwOXdUeGVBMkIwNjRlSXR6TXlGWGMrVXk1a3N5S3BzVWxHczBqWWdPUjVcbnY0QkE0NTBYZTBMYk9BWi8yMmhNNGRSNGRnRXcyNnBqMUVYMEc2d0lEaS8zM0dVYjAyZTRTbTRLNWU0T3VHSWVcblRzVHZzc2I3aHF1VzlsZ2VpZERPd3hYcXlIdHAzWFVENjJLK2ZZV2ZZYmhWbXhlWkFRK1NTaGpFSFArT0s1SUdcbkpJVmd3eEwvaTdaby82dnZyYytZRXlFMnF1eWNlZXRnQjJqUWorQllwYVYyWEphNWdOUHFGYWFpZStWeDBhN0NcbnJHRnlpYTUvQWdNQkFBRUNnZ0VBQS96RkxmMnFXWTNxbGlWOEZQZEV0MUtITHE1ZThFU094TkdJckFiUDZiVStcbjhPYjVwZUU1NW02SEJaVWt6ZVRaaU9wT2JVQlZCQ0pZaTZwVTFhNkppQ1VCd1dnK3hab3FXaDJkZUtoYVdiNGtcbnRCMnNBZHFBUnZUdC8wem1ndjlOdCtIRWxTVktoZ05qTVZvTTJjamVsaktLU25peDNXNG1WUjAwL3hBRWlIUHdcbnRNSHAwS1VCdnlkMnJWRFduRlZlNy9qT1RRUm52WEpic3NVRlRaZ2lXUG5EQXVhZlhsbU04ZTlQZ2lnVURtTU5cbnI4b1oxNlNHR2N0OXZsUktZdjVJSmNDWVRXMlV5MHdKWmtBbmw1S0R0bktIdnA4dzBKZmcyTFkrdEdkTytTQStcbkpEWFBaQ3BYU251VzVLOTl2L3VMclB0cHEyLysya09SQmZ1allZOVhVUUtCZ1FEVXpXQWxQYk9qK3NyOHV3RkNcbkNKUG5iZkpnN2VSeFVHR0VJWUFWdkxRc1NYRGRKVVE0OEpabEtTZjZuWUNOMXljVkQ2aS9ENmJIemkwaW9weExcbmZjbm5ZaEk0NEk1Y3h5dy9EK3BoVlNOK1ZMRVpuZm1iNFlGQjFGN2wwV293ODBOVHB5Nnl6NU9BSzBBUVBibjVcbmUySmdUMmpuZ0lJbHpjZHg1OUFjNHVndGlRS0JnUURBRXBkNSt3Z1hJYWNFU0N2S0hoYUdGMDRGUnBjTjJWYWVcbitvY0phMDBXUS9SdEI5RnpndnZvOGcwRUphTzY5UTR0UjN0WER6S2QvbHc2bTFQRjJhUkpsb0d4SkFuOHFtYU9cbjNmRUNnU05wdEgyNEV2dWFzUXU2WWlKTmNCREVoK0xrc2R3OGxvNTdRNVRJVXhrUG1DU2duTm5IeC9VbEhHTjFcbmJ6YVlFMnJCeHdLQmdRREFHOWdjUnFPUithcWVsY1FBOVBWeERCU3Y1Sk5DcUtvZ09vNERFYVFtQnZiWTdmZTBcbjM1MG1IZzExZGhMRCtlUFNZNXlYUDIzMUd2QXNRRmlRM2pJVHJMbCtsMXB0NzNER1RYdnQrb3BjVmVDN201M25cblY2RDA2Ti95NFNiWW9nTzUxVWVYTFVXZmcyd0dQWE5UQWt4QlhlNzZiMDBQQzhKdDFqUk9uNW15NFFLQmdBVkJcbi9RZUh5YWJvY3V2NUZjbkluUkU2bmhZaTRvdXNnV1NFc3lHYzRGVlZzdUV4TDVpYjQwMXpJc3dVUTdFZ2VDemhcbklnMDJDMHFyNWRaczNoUXlhdjdnc2RncGhtUjJQYXgzZ3R0d3NZbDVPVi9LbFR5YzBCZGdERlJXVnY4cVFSbkZcbmpLUFQ4ejZJa1JBU3hrTFpCVmVvTTRYMmdVMXN3NFE1Y1NNa2xPMk5Bb0dCQUlMbTNkVXoxSk5lS1RDeDBMdVVcbkVoaWJNTTJZY0k3VEdzdlBMUzFSTWlGMW1QS2lNL0RRbU1HeTdOUjZ5THE0dnJYZ2VLS2dEUXlMUUtCaklJYVlcbkpaVS9SdXdxVVN0SVp6MTBIa09GOHB2UEtOYWdkVDlLU1hjUnJjUVZLTWFTVlo4Wno2T2hXSUVjd093MXh6NHBcbitlSG41ZkFKdUNYSnpHR3JBd1lhNXVnZVxuLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogInRyYWVmaWtAbXlyb290LTI4MzYwMy5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgImNsaWVudF9pZCI6ICIxMDM1MDEzNzgwMDg2ODQ1MjIwNjkiLAogICJhdXRoX3VyaSI6ICJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvYXV0aCIsCiAgInRva2VuX3VyaSI6ICJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlbiIsCiAgImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjEvY2VydHMiLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L3RyYWVmaWslNDBteXJvb3QtMjgzNjAzLmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9Cgo="
###############################
# Deployment
###############################
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: traefik
release: traefik
name: traefik
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: traefik
release: traefik
template:
metadata:
labels:
app: traefik
release: traefik
spec:
volumes:
- name: google-crendential
secret:
secretName: google-crendential
containers:
- args:
- --api
#- --api.insecure=true
# Set insecure to fals to enable basic auth
- --api.insecure=false
- --api.dashboard=true
- --accesslog
- --global.checknewversion=true
- --entryPoints.traefik.address=:8100
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
# permanent redirecting of all requests on http (80) to https (443)
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.websecure.http.tls.certResolver=default
- --entrypoints.websecure.http.tls.domains[0].main=eugeniocarvalho.dev
- --entrypoints.websecure.http.tls.domains[0].sans=*.k8s.eugeniocarvalho.dev
#- --entrypoints.websecure.http.tls.certResolver=letsencrypt
# Let's Encrypt Configurtion:
# Please note that this is the staging Let's Encrypt server configuration.
# Once you get things working, you should remove that following line.
- --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com
- --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.default.acme.storage=acme.json
# - --certificatesresolvers.default.acme.tlschallenge=true
- --certificatesresolvers.default.acme.dnsChallenge.provider=gcloud
- --certificatesresolvers.default.acme.dnschallenge.delaybeforecheck=0
- --certificatesresolvers.default.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
# - --certificatesresolvers.default.acme.dnsChallenge.entryPoint=http
- --ping=true
- --providers.kubernetescrd=true
- --providers.kubernetesingress=true
# Use log level= INFO or DEBUG
- --log.level=INFO
image: traefik:2.2.1
env:
- name: GCE_PROJECT
value: "myroot-283603"
# - name: GCE_SERVICE_ACCOUNT
# value: "traefik@myroot-283603.iam.gserviceaccount.com"
- name: GCE_SERVICE_ACCOUNT_FILE
value: /secrets/gcloud-credentials.json
- name: GCE_DEBUG
value: "true"
volumeMounts:
- mountPath: /secrets
name: google-crendential
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: 8100
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
name: traefik
ports:
- containerPort: 8100
name: admin
protocol: TCP
- containerPort: 80
name: web
protocol: TCP
- containerPort: 443
name: websecure
protocol: TCP
# optional storage
# enable this option only in case you have defined a persistence volume claim
#volumeMounts:
#- name: traefik-data
# mountPath: /var/lib/traefik
readinessProbe:
failureThreshold: 1
httpGet:
path: /ping
port: 8100
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: traefik
serviceAccountName: traefik
terminationGracePeriodSeconds: 60
# optional storage
# enable this option only in case you have defined a persistence volume claim
#volumes:
# - name: traefik-data
# persistentVolumeClaim:
# claimName: traefik-data
###############################
# Service
###############################
---
apiVersion: v1
kind: Service
metadata:
labels:
app: traefik
release: traefik
name: traefik
namespace: kube-system
spec:
externalIPs:
- "10.128.0.8"
externalTrafficPolicy: Cluster
ports:
- name: web
port: 80
protocol: TCP
targetPort: 80
- name: websecure
port: 443
protocol: TCP
targetPort: 443
- name: admin
port: 8100
protocol: TCP
targetPort: 8100
selector:
app: traefik
release: traefik
sessionAffinity: None
type: LoadBalancer
status:
loadBalancer: {}
#########################################################
# The Middleware configuration contains middleware componenst
# for a HTTP->HTTS redirection and a BasicAuth example.
#########################################################
###############################
# Middleware for basicAuth
###############################
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: basic-auth
spec:
basicAuth:
secret: authsecret
---
apiVersion: v1
kind: Secret
metadata:
name: authsecret
namespace: default
#------------ Paste your own password file content here (default user/password=admin/adminadmin)--------------
data:
users: |2
YWRtaW46JGFwcjEkWXdmLkF6Um0kc3owTkpQMi55cy56V2svek43aENtLwoKdXNl
cjokYXByMSRaU2VKQW1pOSRVV1AvcDdsQy9KSzdrbXBIMXdGL28uCgo=
###############################
# Middleware for HTTP->HTTPS
# This middleware is not needed in case of:
# entrypoints.web.http.redirections.entryPoint.to=websecure
###############################
#---
#apiVersion: traefik.containo.us/v1alpha1
#kind: Middleware
#metadata:
# name: https-redirect
#spec:
# redirectScheme:
# scheme: https
# permanent: true
# #port: 443
###############################
# Middleware for CORS
###############################
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: cors-all
spec:
headers:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
- "POST"
accessControlAllowOriginList:
- "origin-list-or-null"
accessControlMaxAge: 100
accessControlAllowHeaders:
- "Content-Type"
addVaryHeader: true
customRequestHeaders:
X-Forwarded-Proto: "https"