############################### # ServiceAccount ############################### --- apiVersion: v1 kind: ServiceAccount metadata: name: traefik namespace: kube-system # --- # apiVersion: v1 # kind: Secret # metadata: # name: GCE_ACCOUNT_SECRET # data: ############################### # Deployment ############################### --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: traefik release: traefik name: traefik namespace: kube-system spec: replicas: 1 selector: matchLabels: app: traefik release: traefik template: metadata: labels: app: traefik release: traefik spec: containers: - args: - --api #- --api.insecure=true # Set insecure to fals to enable basic auth - --api.insecure=false - --api.dashboard=true - --accesslog - --global.checknewversion=true - --entryPoints.traefik.address=:8100 - --entryPoints.web.address=:80 - --entryPoints.websecure.address=:443 # permanent redirecting of all requests on http (80) to https (443) - --entrypoints.web.http.redirections.entryPoint.to=websecure - --entrypoints.websecure.http.tls.certResolver=default - --entrypoints.websecure.http.tls.domains[0].main=k8s.eugeniocarvalho.dev - --entrypoints.websecure.http.tls.domains[0].sans=*.k8s.eugeniocarvalho.dev #- --entrypoints.websecure.http.tls.certResolver=letsencrypt # Let's Encrypt Configurtion: # Please note that this is the staging Let's Encrypt server configuration. # Once you get things working, you should remove that following line. - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory - --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com - --certificatesresolvers.default.acme.storage=acme.json # - --certificatesresolvers.default.acme.tlschallenge=true - --certificatesresolvers.default.acme.dnsChallenge.provider=gcloud - --certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0 # - --certificatesresolvers.default.acme.dnsChallenge.entryPoint=http - --ping=true - --providers.kubernetescrd=true - --providers.kubernetesingress=true # Use log level= INFO or DEBUG - --log.level=INFO image: traefik:2.2.1 env: - name: GCE_PROJECT value: 'myroot-283603' - name: GCE_SERVICE_ACCOUNT value: 'traefik@myroot-283603.iam.gserviceaccount.com' - name: GCE_SERVICE_ACCOUNT_FILE value: '{ "type": "service_account", "project_id": "myroot-283603", "private_key_id": "9bc9080889ff0104b825815e900cc4e4fef5cfbd", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCfqXx3OlmRhrEc\nlvMtgNrvAwGNWRKItrdOL48AqBwlXMOJbWrUDRql6Dq9A9YzEeXdbkGUJoTX7RGh\nqjsgGZ4mEdwii2mZI4r1j109wTxeA2B064eItzMyFXc+Uy5ksyKpsUlGs0jYgOR5\nv4BA450Xe0LbOAZ/22hM4dR4dgEw26pj1EX0G6wIDi/33GUb02e4Sm4K5e4OuGIe\nTsTvssb7hquW9lgeidDOwxXqyHtp3XUD62K+fYWfYbhVmxeZAQ+SShjEHP+OK5IG\nJIVgwxL/i7Zo/6vvrc+YEyE2quyceetgB2jQj+BYpaV2XJa5gNPqFaaie+Vx0a7C\nrGFyia5/AgMBAAECggEAA/zFLf2qWY3qliV8FPdEt1KHLq5e8ESOxNGIrAbP6bU+\n8Ob5peE55m6HBZUkzeTZiOpObUBVBCJYi6pU1a6JiCUBwWg+xZoqWh2deKhaWb4k\ntB2sAdqARvTt/0zmgv9Nt+HElSVKhgNjMVoM2cjeljKKSnix3W4mVR00/xAEiHPw\ntMHp0KUBvyd2rVDWnFVe7/jOTQRnvXJbssUFTZgiWPnDAuafXlmM8e9PgigUDmMN\nr8oZ16SGGct9vlRKYv5IJcCYTW2Uy0wJZkAnl5KDtnKHvp8w0Jfg2LY+tGdO+SA+\nJDXPZCpXSnuW5K99v/uLrPtpq2/+2kORBfujYY9XUQKBgQDUzWAlPbOj+sr8uwFC\nCJPnbfJg7eRxUGGEIYAVvLQsSXDdJUQ48JZlKSf6nYCN1ycVD6i/D6bHzi0iopxL\nfcnnYhI44I5cxyw/D+phVSN+VLEZnfmb4YFB1F7l0Wow80NTpy6yz5OAK0AQPbn5\ne2JgT2jngIIlzcdx59Ac4ugtiQKBgQDAEpd5+wgXIacESCvKHhaGF04FRpcN2Vae\n+ocJa00WQ/RtB9Fzgvvo8g0EJaO69Q4tR3tXDzKd/lw6m1PF2aRJloGxJAn8qmaO\n3fECgSNptH24EvuasQu6YiJNcBDEh+Lksdw8lo57Q5TIUxkPmCSgnNnHx/UlHGN1\nbzaYE2rBxwKBgQDAG9gcRqOR+aqelcQA9PVxDBSv5JNCqKogOo4DEaQmBvbY7fe0\n350mHg11dhLD+ePSY5yXP231GvAsQFiQ3jITrLl+l1pt73DGTXvt+opcVeC7m53n\nV6D06N/y4SbYogO51UeXLUWfg2wGPXNTAkxBXe76b00PC8Jt1jROn5my4QKBgAVB\n/QeHyabocuv5FcnInRE6nhYi4ousgWSEsyGc4FVVsuExL5ib401zIswUQ7EgeCzh\nIg02C0qr5dZs3hQyav7gsdgphmR2Pax3gttwsYl5OV/KlTyc0BdgDFRWVv8qQRnF\njKPT8z6IkRASxkLZBVeoM4X2gU1sw4Q5cSMklO2NAoGBAILm3dUz1JNeKTCx0LuU\nEhibMM2YcI7TGsvPLS1RMiF1mPKiM/DQmMGy7NR6yLq4vrXgeKKgDQyLQKBjIIaY\nJZU/RuwqUStIZz10HkOF8pvPKNagdT9KSXcRrcQVKMaSVZ8Zz6OhWIEcwOw1xz4p\n+eHn5fAJuCXJzGGrAwYa5uge\n-----END PRIVATE KEY-----\n", "client_email": "traefik@myroot-283603.iam.gserviceaccount.com", "client_id": "103501378008684522069", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/traefik%40myroot-283603.iam.gserviceaccount.com" }' imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: 8100 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 name: traefik ports: - containerPort: 8100 name: admin protocol: TCP - containerPort: 80 name: web protocol: TCP - containerPort: 443 name: websecure protocol: TCP # optional storage # enable this option only in case you have defined a persistence volume claim #volumeMounts: #- name: traefik-data # mountPath: /var/lib/traefik readinessProbe: failureThreshold: 1 httpGet: path: /ping port: 8100 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: traefik serviceAccountName: traefik terminationGracePeriodSeconds: 60 # optional storage # enable this option only in case you have defined a persistence volume claim #volumes: # - name: traefik-data # persistentVolumeClaim: # claimName: traefik-data ############################### # Service ############################### --- apiVersion: v1 kind: Service metadata: labels: app: traefik release: traefik name: traefik namespace: kube-system spec: externalIPs: - "10.128.0.8" externalTrafficPolicy: Cluster ports: - name: web port: 80 protocol: TCP targetPort: 80 - name: websecure port: 443 protocol: TCP targetPort: 443 - name: admin port: 8100 protocol: TCP targetPort: 8100 selector: app: traefik release: traefik sessionAffinity: None type: LoadBalancer status: loadBalancer: {} ######################################################### # The Middleware configuration contains middleware componenst # for a HTTP->HTTS redirection and a BasicAuth example. ######################################################### ############################### # Middleware for basicAuth ############################### --- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: basic-auth spec: basicAuth: secret: authsecret --- apiVersion: v1 kind: Secret metadata: name: authsecret namespace: default #------------ Paste your own password file content here (default user/password=admin/adminadmin)-------------- data: users: |2 YWRtaW46JGFwcjEkWXdmLkF6Um0kc3owTkpQMi55cy56V2svek43aENtLwoKdXNl cjokYXByMSRaU2VKQW1pOSRVV1AvcDdsQy9KSzdrbXBIMXdGL28uCgo= ############################### # Middleware for HTTP->HTTPS # This middleware is not needed in case of: # entrypoints.web.http.redirections.entryPoint.to=websecure ############################### #--- #apiVersion: traefik.containo.us/v1alpha1 #kind: Middleware #metadata: # name: https-redirect #spec: # redirectScheme: # scheme: https # permanent: true # #port: 443 ############################### # Middleware for CORS ############################### --- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: cors-all spec: headers: accessControlAllowMethods: - "GET" - "OPTIONS" - "PUT" - "POST" accessControlAllowOriginList: - "origin-list-or-null" accessControlMaxAge: 100 accessControlAllowHeaders: - "Content-Type" addVaryHeader: true customRequestHeaders: X-Forwarded-Proto: "https"