020-deployment.yaml 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272
  1. ###############################
  2. # ServiceAccount
  3. ###############################
  4. ---
  5. apiVersion: v1
  6. kind: ServiceAccount
  7. metadata:
  8. name: traefik
  9. namespace: kube-system
  10. ---
  11. apiVersion: v1
  12. kind: Secret
  13. metadata:
  14. name: google-crendential
  15. labels:
  16. name: google-crendential
  17. namespace: kube-system
  18. type: Opaque
  19. data:
  20. gcloud-credentials.json: "ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAibXlyb290LTI4MzYwMyIsCiAgInByaXZhdGVfa2V5X2lkIjogIjliYzkwODA4ODlmZjAxMDRiODI1ODE1ZTkwMGNjNGU0ZmVmNWNmYmQiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ2ZxWHgzT2xtUmhyRWNcbmx2TXRnTnJ2QXdHTldSS0l0cmRPTDQ4QXFCd2xYTU9KYldyVURScWw2RHE5QTlZekVlWGRia0dVSm9UWDdSR2hcbnFqc2dHWjRtRWR3aWkybVpJNHIxajEwOXdUeGVBMkIwNjRlSXR6TXlGWGMrVXk1a3N5S3BzVWxHczBqWWdPUjVcbnY0QkE0NTBYZTBMYk9BWi8yMmhNNGRSNGRnRXcyNnBqMUVYMEc2d0lEaS8zM0dVYjAyZTRTbTRLNWU0T3VHSWVcblRzVHZzc2I3aHF1VzlsZ2VpZERPd3hYcXlIdHAzWFVENjJLK2ZZV2ZZYmhWbXhlWkFRK1NTaGpFSFArT0s1SUdcbkpJVmd3eEwvaTdaby82dnZyYytZRXlFMnF1eWNlZXRnQjJqUWorQllwYVYyWEphNWdOUHFGYWFpZStWeDBhN0NcbnJHRnlpYTUvQWdNQkFBRUNnZ0VBQS96RkxmMnFXWTNxbGlWOEZQZEV0MUtITHE1ZThFU094TkdJckFiUDZiVStcbjhPYjVwZUU1NW02SEJaVWt6ZVRaaU9wT2JVQlZCQ0pZaTZwVTFhNkppQ1VCd1dnK3hab3FXaDJkZUtoYVdiNGtcbnRCMnNBZHFBUnZUdC8wem1ndjlOdCtIRWxTVktoZ05qTVZvTTJjamVsaktLU25peDNXNG1WUjAwL3hBRWlIUHdcbnRNSHAwS1VCdnlkMnJWRFduRlZlNy9qT1RRUm52WEpic3NVRlRaZ2lXUG5EQXVhZlhsbU04ZTlQZ2lnVURtTU5cbnI4b1oxNlNHR2N0OXZsUktZdjVJSmNDWVRXMlV5MHdKWmtBbmw1S0R0bktIdnA4dzBKZmcyTFkrdEdkTytTQStcbkpEWFBaQ3BYU251VzVLOTl2L3VMclB0cHEyLysya09SQmZ1allZOVhVUUtCZ1FEVXpXQWxQYk9qK3NyOHV3RkNcbkNKUG5iZkpnN2VSeFVHR0VJWUFWdkxRc1NYRGRKVVE0OEpabEtTZjZuWUNOMXljVkQ2aS9ENmJIemkwaW9weExcbmZjbm5ZaEk0NEk1Y3h5dy9EK3BoVlNOK1ZMRVpuZm1iNFlGQjFGN2wwV293ODBOVHB5Nnl6NU9BSzBBUVBibjVcbmUySmdUMmpuZ0lJbHpjZHg1OUFjNHVndGlRS0JnUURBRXBkNSt3Z1hJYWNFU0N2S0hoYUdGMDRGUnBjTjJWYWVcbitvY0phMDBXUS9SdEI5RnpndnZvOGcwRUphTzY5UTR0UjN0WER6S2QvbHc2bTFQRjJhUkpsb0d4SkFuOHFtYU9cbjNmRUNnU05wdEgyNEV2dWFzUXU2WWlKTmNCREVoK0xrc2R3OGxvNTdRNVRJVXhrUG1DU2duTm5IeC9VbEhHTjFcbmJ6YVlFMnJCeHdLQmdRREFHOWdjUnFPUithcWVsY1FBOVBWeERCU3Y1Sk5DcUtvZ09vNERFYVFtQnZiWTdmZTBcbjM1MG1IZzExZGhMRCtlUFNZNXlYUDIzMUd2QXNRRmlRM2pJVHJMbCtsMXB0NzNER1RYdnQrb3BjVmVDN201M25cblY2RDA2Ti95NFNiWW9nTzUxVWVYTFVXZmcyd0dQWE5UQWt4QlhlNzZiMDBQQzhKdDFqUk9uNW15NFFLQmdBVkJcbi9RZUh5YWJvY3V2NUZjbkluUkU2bmhZaTRvdXNnV1NFc3lHYzRGVlZzdUV4TDVpYjQwMXpJc3dVUTdFZ2VDemhcbklnMDJDMHFyNWRaczNoUXlhdjdnc2RncGhtUjJQYXgzZ3R0d3NZbDVPVi9LbFR5YzBCZGdERlJXVnY4cVFSbkZcbmpLUFQ4ejZJa1JBU3hrTFpCVmVvTTRYMmdVMXN3NFE1Y1NNa2xPMk5Bb0dCQUlMbTNkVXoxSk5lS1RDeDBMdVVcbkVoaWJNTTJZY0k3VEdzdlBMUzFSTWlGMW1QS2lNL0RRbU1HeTdOUjZ5THE0dnJYZ2VLS2dEUXlMUUtCaklJYVlcbkpaVS9SdXdxVVN0SVp6MTBIa09GOHB2UEtOYWdkVDlLU1hjUnJjUVZLTWFTVlo4Wno2T2hXSUVjd093MXh6NHBcbitlSG41ZkFKdUNYSnpHR3JBd1lhNXVnZVxuLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogInRyYWVmaWtAbXlyb290LTI4MzYwMy5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgImNsaWVudF9pZCI6ICIxMDM1MDEzNzgwMDg2ODQ1MjIwNjkiLAogICJhdXRoX3VyaSI6ICJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvYXV0aCIsCiAgInRva2VuX3VyaSI6ICJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlbiIsCiAgImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjEvY2VydHMiLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L3RyYWVmaWslNDBteXJvb3QtMjgzNjAzLmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9Cgo="
  21. ###############################
  22. # Deployment
  23. ###############################
  24. ---
  25. apiVersion: apps/v1
  26. kind: Deployment
  27. metadata:
  28. labels:
  29. app: traefik
  30. release: traefik
  31. name: traefik
  32. namespace: kube-system
  33. spec:
  34. replicas: 1
  35. selector:
  36. matchLabels:
  37. app: traefik
  38. release: traefik
  39. template:
  40. metadata:
  41. labels:
  42. app: traefik
  43. release: traefik
  44. spec:
  45. volumes:
  46. - name: google-crendential
  47. secret:
  48. secretName: google-crendential
  49. containers:
  50. - args:
  51. - --api
  52. #- --api.insecure=true
  53. # Set insecure to fals to enable basic auth
  54. - --api.insecure=false
  55. - --api.dashboard=true
  56. - --accesslog
  57. - --global.checknewversion=true
  58. - --entryPoints.traefik.address=:8100
  59. - --entryPoints.web.address=:80
  60. - --entryPoints.websecure.address=:443
  61. # - --acme.domains=*.eugeniocarvalho.dev,eugeniocarvalho.dev
  62. # permanent redirecting of all requests on http (80) to https (443)
  63. - --entrypoints.web.http.redirections.entryPoint.to=websecure
  64. - --entrypoints.websecure.http.tls.certResolver=default
  65. - --entrypoints.websecure.http.tls.domains[0].main=*.monteasua.com.br
  66. - --entrypoints.websecure.http.tls.domains[1].main=monteasua.com.br
  67. # - --entrypoints.websecure.http.tls.domains[0].sans=monteasua.com.br
  68. #- --entrypoints.websecure.http.tls.certResolver=letsencrypt
  69. # Let's Encrypt Configurtion:
  70. # Please note that this is the staging Let's Encrypt server configuration.
  71. # Once you get things working, you should remove that following line.
  72. - --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com
  73. - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
  74. - --certificatesresolvers.default.acme.storage=acme.json
  75. # - --certificatesresolvers.default.acme.dnsChallenge.provider=duckdns
  76. - --certificatesresolvers.default.acme.dnsChallenge=true
  77. - --certificatesresolvers.default.acme.dnsChallenge.provider=gcloud
  78. - --certificatesresolvers.default.acme.dnsChallenge.delaybeforecheck=180
  79. - --certificatesresolvers.default.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
  80. # - --certificatesresolvers.default.acme.dnsChallenge.entryPoint=http
  81. - --ping=true
  82. - --providers.kubernetescrd=true
  83. - --providers.kubernetesingress=true
  84. # Use log level= INFO or DEBUG
  85. - --log.level=INFO
  86. image: traefik:2.2.1
  87. env:
  88. # - name: DUCKDNS_TOKEN
  89. # value: d0d100c1-8b52-452e-b066-5bdabb99a204
  90. - name: GCE_PROJECT
  91. value: myroot-283603
  92. # - name: GCE_SERVICE_ACCOUNT
  93. # value: "traefik@myroot-283603.iam.gserviceaccount.com"
  94. - name: GCE_SERVICE_ACCOUNT_FILE
  95. value: /secrets/gcloud-credentials.json
  96. - name: GCE_DEBUG
  97. value: "true"
  98. volumeMounts:
  99. - mountPath: /secrets
  100. name: google-crendential
  101. imagePullPolicy: IfNotPresent
  102. livenessProbe:
  103. failureThreshold: 3
  104. httpGet:
  105. path: /ping
  106. port: 8100
  107. scheme: HTTP
  108. initialDelaySeconds: 10
  109. periodSeconds: 10
  110. successThreshold: 1
  111. timeoutSeconds: 2
  112. name: traefik
  113. ports:
  114. - containerPort: 8100
  115. name: admin
  116. protocol: TCP
  117. - containerPort: 80
  118. name: web
  119. protocol: TCP
  120. - containerPort: 443
  121. name: websecure
  122. protocol: TCP
  123. # optional storage
  124. # enable this option only in case you have defined a persistence volume claim
  125. #volumeMounts:
  126. #- name: traefik-data
  127. # mountPath: /var/lib/traefik
  128. readinessProbe:
  129. failureThreshold: 1
  130. httpGet:
  131. path: /ping
  132. port: 8100
  133. scheme: HTTP
  134. initialDelaySeconds: 10
  135. periodSeconds: 10
  136. successThreshold: 1
  137. timeoutSeconds: 2
  138. resources: {}
  139. terminationMessagePath: /dev/termination-log
  140. terminationMessagePolicy: File
  141. dnsPolicy: ClusterFirst
  142. restartPolicy: Always
  143. schedulerName: default-scheduler
  144. securityContext: {}
  145. serviceAccount: traefik
  146. serviceAccountName: traefik
  147. terminationGracePeriodSeconds: 60
  148. # optional storage
  149. # enable this option only in case you have defined a persistence volume claim
  150. #volumes:
  151. # - name: traefik-data
  152. # persistentVolumeClaim:
  153. # claimName: traefik-data
  154. ###############################
  155. # Service
  156. ###############################
  157. ---
  158. apiVersion: v1
  159. kind: Service
  160. metadata:
  161. labels:
  162. app: traefik
  163. release: traefik
  164. name: traefik
  165. namespace: kube-system
  166. spec:
  167. externalIPs:
  168. - "10.128.0.8"
  169. externalTrafficPolicy: Cluster
  170. ports:
  171. - name: web
  172. port: 80
  173. protocol: TCP
  174. targetPort: 80
  175. - name: websecure
  176. port: 443
  177. protocol: TCP
  178. targetPort: 443
  179. - name: admin
  180. port: 8100
  181. protocol: TCP
  182. targetPort: 8100
  183. selector:
  184. app: traefik
  185. release: traefik
  186. sessionAffinity: None
  187. type: LoadBalancer
  188. status:
  189. loadBalancer: {}
  190. #########################################################
  191. # The Middleware configuration contains middleware componenst
  192. # for a HTTP->HTTS redirection and a BasicAuth example.
  193. #########################################################
  194. ###############################
  195. # Middleware for basicAuth
  196. ###############################
  197. ---
  198. apiVersion: traefik.containo.us/v1alpha1
  199. kind: Middleware
  200. metadata:
  201. name: basic-auth
  202. spec:
  203. basicAuth:
  204. secret: authsecret
  205. ---
  206. apiVersion: v1
  207. kind: Secret
  208. metadata:
  209. name: authsecret
  210. namespace: default
  211. #------------ Paste your own password file content here (default user/password=admin/adminadmin)--------------
  212. data:
  213. users: |2
  214. YWRtaW46JGFwcjEkWXdmLkF6Um0kc3owTkpQMi55cy56V2svek43aENtLwoKdXNl
  215. cjokYXByMSRaU2VKQW1pOSRVV1AvcDdsQy9KSzdrbXBIMXdGL28uCgo=
  216. ###############################
  217. # Middleware for HTTP->HTTPS
  218. # This middleware is not needed in case of:
  219. # entrypoints.web.http.redirections.entryPoint.to=websecure
  220. ###############################
  221. #---
  222. #apiVersion: traefik.containo.us/v1alpha1
  223. #kind: Middleware
  224. #metadata:
  225. # name: https-redirect
  226. #spec:
  227. # redirectScheme:
  228. # scheme: https
  229. # permanent: true
  230. # #port: 443
  231. ###############################
  232. # Middleware for CORS
  233. ###############################
  234. ---
  235. apiVersion: traefik.containo.us/v1alpha1
  236. kind: Middleware
  237. metadata:
  238. name: cors-all
  239. spec:
  240. headers:
  241. accessControlAllowMethods:
  242. - "GET"
  243. - "OPTIONS"
  244. - "PUT"
  245. - "POST"
  246. accessControlAllowOriginList:
  247. - "origin-list-or-null"
  248. accessControlMaxAge: 100
  249. accessControlAllowHeaders:
  250. - "Content-Type"
  251. addVaryHeader: true
  252. customRequestHeaders:
  253. X-Forwarded-Proto: "https"