############################### # ServiceAccount ############################### --- apiVersion: v1 kind: ServiceAccount metadata: name: traefik namespace: kube-system # --- # apiVersion: v1 # kind: Secret # metadata: # name: google-crendential # labels: # name: google-crendential # namespace: kube-system # type: Opaque # data: # gcloud-credentials.json: "ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAibXlyb290LTI4MzYwMyIsCiAgInByaXZhdGVfa2V5X2lkIjogIjliYzkwODA4ODlmZjAxMDRiODI1ODE1ZTkwMGNjNGU0ZmVmNWNmYmQiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ2ZxWHgzT2xtUmhyRWNcbmx2TXRnTnJ2QXdHTldSS0l0cmRPTDQ4QXFCd2xYTU9KYldyVURScWw2RHE5QTlZekVlWGRia0dVSm9UWDdSR2hcbnFqc2dHWjRtRWR3aWkybVpJNHIxajEwOXdUeGVBMkIwNjRlSXR6TXlGWGMrVXk1a3N5S3BzVWxHczBqWWdPUjVcbnY0QkE0NTBYZTBMYk9BWi8yMmhNNGRSNGRnRXcyNnBqMUVYMEc2d0lEaS8zM0dVYjAyZTRTbTRLNWU0T3VHSWVcblRzVHZzc2I3aHF1VzlsZ2VpZERPd3hYcXlIdHAzWFVENjJLK2ZZV2ZZYmhWbXhlWkFRK1NTaGpFSFArT0s1SUdcbkpJVmd3eEwvaTdaby82dnZyYytZRXlFMnF1eWNlZXRnQjJqUWorQllwYVYyWEphNWdOUHFGYWFpZStWeDBhN0NcbnJHRnlpYTUvQWdNQkFBRUNnZ0VBQS96RkxmMnFXWTNxbGlWOEZQZEV0MUtITHE1ZThFU094TkdJckFiUDZiVStcbjhPYjVwZUU1NW02SEJaVWt6ZVRaaU9wT2JVQlZCQ0pZaTZwVTFhNkppQ1VCd1dnK3hab3FXaDJkZUtoYVdiNGtcbnRCMnNBZHFBUnZUdC8wem1ndjlOdCtIRWxTVktoZ05qTVZvTTJjamVsaktLU25peDNXNG1WUjAwL3hBRWlIUHdcbnRNSHAwS1VCdnlkMnJWRFduRlZlNy9qT1RRUm52WEpic3NVRlRaZ2lXUG5EQXVhZlhsbU04ZTlQZ2lnVURtTU5cbnI4b1oxNlNHR2N0OXZsUktZdjVJSmNDWVRXMlV5MHdKWmtBbmw1S0R0bktIdnA4dzBKZmcyTFkrdEdkTytTQStcbkpEWFBaQ3BYU251VzVLOTl2L3VMclB0cHEyLysya09SQmZ1allZOVhVUUtCZ1FEVXpXQWxQYk9qK3NyOHV3RkNcbkNKUG5iZkpnN2VSeFVHR0VJWUFWdkxRc1NYRGRKVVE0OEpabEtTZjZuWUNOMXljVkQ2aS9ENmJIemkwaW9weExcbmZjbm5ZaEk0NEk1Y3h5dy9EK3BoVlNOK1ZMRVpuZm1iNFlGQjFGN2wwV293ODBOVHB5Nnl6NU9BSzBBUVBibjVcbmUySmdUMmpuZ0lJbHpjZHg1OUFjNHVndGlRS0JnUURBRXBkNSt3Z1hJYWNFU0N2S0hoYUdGMDRGUnBjTjJWYWVcbitvY0phMDBXUS9SdEI5RnpndnZvOGcwRUphTzY5UTR0UjN0WER6S2QvbHc2bTFQRjJhUkpsb0d4SkFuOHFtYU9cbjNmRUNnU05wdEgyNEV2dWFzUXU2WWlKTmNCREVoK0xrc2R3OGxvNTdRNVRJVXhrUG1DU2duTm5IeC9VbEhHTjFcbmJ6YVlFMnJCeHdLQmdRREFHOWdjUnFPUithcWVsY1FBOVBWeERCU3Y1Sk5DcUtvZ09vNERFYVFtQnZiWTdmZTBcbjM1MG1IZzExZGhMRCtlUFNZNXlYUDIzMUd2QXNRRmlRM2pJVHJMbCtsMXB0NzNER1RYdnQrb3BjVmVDN201M25cblY2RDA2Ti95NFNiWW9nTzUxVWVYTFVXZmcyd0dQWE5UQWt4QlhlNzZiMDBQQzhKdDFqUk9uNW15NFFLQmdBVkJcbi9RZUh5YWJvY3V2NUZjbkluUkU2bmhZaTRvdXNnV1NFc3lHYzRGVlZzdUV4TDVpYjQwMXpJc3dVUTdFZ2VDemhcbklnMDJDMHFyNWRaczNoUXlhdjdnc2RncGhtUjJQYXgzZ3R0d3NZbDVPVi9LbFR5YzBCZGdERlJXVnY4cVFSbkZcbmpLUFQ4ejZJa1JBU3hrTFpCVmVvTTRYMmdVMXN3NFE1Y1NNa2xPMk5Bb0dCQUlMbTNkVXoxSk5lS1RDeDBMdVVcbkVoaWJNTTJZY0k3VEdzdlBMUzFSTWlGMW1QS2lNL0RRbU1HeTdOUjZ5THE0dnJYZ2VLS2dEUXlMUUtCaklJYVlcbkpaVS9SdXdxVVN0SVp6MTBIa09GOHB2UEtOYWdkVDlLU1hjUnJjUVZLTWFTVlo4Wno2T2hXSUVjd093MXh6NHBcbitlSG41ZkFKdUNYSnpHR3JBd1lhNXVnZVxuLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogInRyYWVmaWtAbXlyb290LTI4MzYwMy5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgImNsaWVudF9pZCI6ICIxMDM1MDEzNzgwMDg2ODQ1MjIwNjkiLAogICJhdXRoX3VyaSI6ICJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvYXV0aCIsCiAgInRva2VuX3VyaSI6ICJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlbiIsCiAgImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjEvY2VydHMiLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L3RyYWVmaWslNDBteXJvb3QtMjgzNjAzLmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9Cgo=" ############################### # Deployment ############################### --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: traefik release: traefik name: traefik namespace: kube-system spec: replicas: 1 selector: matchLabels: app: traefik release: traefik template: metadata: labels: app: traefik release: traefik spec: # volumes: # - name: google-crendential # secret: # secretName: google-crendential containers: - args: - --api #- --api.insecure=true # Set insecure to fals to enable basic auth - --api.insecure=false - --api.dashboard=true - --accesslog - --serversTransport.insecureSkipVerify=true - --global.checknewversion=true - --entryPoints.traefik.address=:8100 - --entryPoints.web.address=:80 - --entryPoints.websecure.address=:443 # - --acme.domains=*.eugeniocarvalho.dev,eugeniocarvalho.dev # permanent redirecting of all requests on http (80) to https (443) - --entrypoints.web.http.redirections.entryPoint.to=websecure - --entrypoints.websecure.http.tls.certResolver=default # - --entrypoints.websecure.http.tls.domains[0].main=*.monteasua.com.br # - --entrypoints.websecure.http.tls.domains[1].main=monteasua.com.br # - --entrypoints.websecure.http.tls.domains[0].sans=monteasua.com.br #- --entrypoints.websecure.http.tls.certResolver=letsencrypt # Let's Encrypt Configurtion: # Please note that this is the staging Let's Encrypt server configuration. # Once you get things working, you should remove that following line. - --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory - --certificatesresolvers.default.acme.storage=acme.json - --certificatesresolvers.default.acme.dnsChallenge=true # - --certificatesresolvers.default.acme.dnsChallenge.provider=duckdns # - --certificatesresolvers.default.acme.dnsChallenge.provider=gcloud # - --certificatesresolvers.default.acme.dnsChallenge.delaybeforecheck=0 # - --certificatesresolvers.default.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53 # - --certificatesresolvers.default.acme.dnsChallenge.entryPoint=http - --ping=true - --providers.kubernetescrd=true - --providers.kubernetesingress=true # Use log level= INFO or DEBUG - --log.level=INFO image: traefik:2.2.1 env: # - name: DUCKDNS_TOKEN # value: d0d100c1-8b52-452e-b066-5bdabb99a204 # - name: GCE_PROJECT # value: myroot-283603 # # - name: GCE_SERVICE_ACCOUNT # # value: "traefik@myroot-283603.iam.gserviceaccount.com" # - name: GCE_SERVICE_ACCOUNT_FILE # value: /secrets/gcloud-credentials.json # - name: GCE_DEBUG # value: "true" # volumeMounts: # - mountPath: /secrets # name: google-crendential imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: 8100 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 name: traefik ports: - containerPort: 8100 name: admin protocol: TCP - containerPort: 80 name: web protocol: TCP - containerPort: 443 name: websecure protocol: TCP # optional storage # enable this option only in case you have defined a persistence volume claim #volumeMounts: #- name: traefik-data # mountPath: /var/lib/traefik readinessProbe: failureThreshold: 1 httpGet: path: /ping port: 8100 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: traefik serviceAccountName: traefik terminationGracePeriodSeconds: 60 # optional storage # enable this option only in case you have defined a persistence volume claim #volumes: # - name: traefik-data # persistentVolumeClaim: # claimName: traefik-data ############################### # Service ############################### --- apiVersion: v1 kind: Service metadata: labels: app: traefik release: traefik name: traefik namespace: kube-system spec: externalIPs: - "10.128.0.8" externalTrafficPolicy: Cluster ports: - name: web port: 80 protocol: TCP targetPort: 80 - name: websecure port: 443 protocol: TCP targetPort: 443 - name: admin port: 8100 protocol: TCP targetPort: 8100 selector: app: traefik release: traefik sessionAffinity: None type: LoadBalancer status: loadBalancer: {}