123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272 |
- ###############################
- # ServiceAccount
- ###############################
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: traefik
- namespace: kube-system
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- name: google-crendential
- labels:
- name: google-crendential
- namespace: kube-system
- type: Opaque
- data:
- gcloud-credentials.json: "ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAibXlyb290LTI4MzYwMyIsCiAgInByaXZhdGVfa2V5X2lkIjogIjliYzkwODA4ODlmZjAxMDRiODI1ODE1ZTkwMGNjNGU0ZmVmNWNmYmQiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS1cbk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ2ZxWHgzT2xtUmhyRWNcbmx2TXRnTnJ2QXdHTldSS0l0cmRPTDQ4QXFCd2xYTU9KYldyVURScWw2RHE5QTlZekVlWGRia0dVSm9UWDdSR2hcbnFqc2dHWjRtRWR3aWkybVpJNHIxajEwOXdUeGVBMkIwNjRlSXR6TXlGWGMrVXk1a3N5S3BzVWxHczBqWWdPUjVcbnY0QkE0NTBYZTBMYk9BWi8yMmhNNGRSNGRnRXcyNnBqMUVYMEc2d0lEaS8zM0dVYjAyZTRTbTRLNWU0T3VHSWVcblRzVHZzc2I3aHF1VzlsZ2VpZERPd3hYcXlIdHAzWFVENjJLK2ZZV2ZZYmhWbXhlWkFRK1NTaGpFSFArT0s1SUdcbkpJVmd3eEwvaTdaby82dnZyYytZRXlFMnF1eWNlZXRnQjJqUWorQllwYVYyWEphNWdOUHFGYWFpZStWeDBhN0NcbnJHRnlpYTUvQWdNQkFBRUNnZ0VBQS96RkxmMnFXWTNxbGlWOEZQZEV0MUtITHE1ZThFU094TkdJckFiUDZiVStcbjhPYjVwZUU1NW02SEJaVWt6ZVRaaU9wT2JVQlZCQ0pZaTZwVTFhNkppQ1VCd1dnK3hab3FXaDJkZUtoYVdiNGtcbnRCMnNBZHFBUnZUdC8wem1ndjlOdCtIRWxTVktoZ05qTVZvTTJjamVsaktLU25peDNXNG1WUjAwL3hBRWlIUHdcbnRNSHAwS1VCdnlkMnJWRFduRlZlNy9qT1RRUm52WEpic3NVRlRaZ2lXUG5EQXVhZlhsbU04ZTlQZ2lnVURtTU5cbnI4b1oxNlNHR2N0OXZsUktZdjVJSmNDWVRXMlV5MHdKWmtBbmw1S0R0bktIdnA4dzBKZmcyTFkrdEdkTytTQStcbkpEWFBaQ3BYU251VzVLOTl2L3VMclB0cHEyLysya09SQmZ1allZOVhVUUtCZ1FEVXpXQWxQYk9qK3NyOHV3RkNcbkNKUG5iZkpnN2VSeFVHR0VJWUFWdkxRc1NYRGRKVVE0OEpabEtTZjZuWUNOMXljVkQ2aS9ENmJIemkwaW9weExcbmZjbm5ZaEk0NEk1Y3h5dy9EK3BoVlNOK1ZMRVpuZm1iNFlGQjFGN2wwV293ODBOVHB5Nnl6NU9BSzBBUVBibjVcbmUySmdUMmpuZ0lJbHpjZHg1OUFjNHVndGlRS0JnUURBRXBkNSt3Z1hJYWNFU0N2S0hoYUdGMDRGUnBjTjJWYWVcbitvY0phMDBXUS9SdEI5RnpndnZvOGcwRUphTzY5UTR0UjN0WER6S2QvbHc2bTFQRjJhUkpsb0d4SkFuOHFtYU9cbjNmRUNnU05wdEgyNEV2dWFzUXU2WWlKTmNCREVoK0xrc2R3OGxvNTdRNVRJVXhrUG1DU2duTm5IeC9VbEhHTjFcbmJ6YVlFMnJCeHdLQmdRREFHOWdjUnFPUithcWVsY1FBOVBWeERCU3Y1Sk5DcUtvZ09vNERFYVFtQnZiWTdmZTBcbjM1MG1IZzExZGhMRCtlUFNZNXlYUDIzMUd2QXNRRmlRM2pJVHJMbCtsMXB0NzNER1RYdnQrb3BjVmVDN201M25cblY2RDA2Ti95NFNiWW9nTzUxVWVYTFVXZmcyd0dQWE5UQWt4QlhlNzZiMDBQQzhKdDFqUk9uNW15NFFLQmdBVkJcbi9RZUh5YWJvY3V2NUZjbkluUkU2bmhZaTRvdXNnV1NFc3lHYzRGVlZzdUV4TDVpYjQwMXpJc3dVUTdFZ2VDemhcbklnMDJDMHFyNWRaczNoUXlhdjdnc2RncGhtUjJQYXgzZ3R0d3NZbDVPVi9LbFR5YzBCZGdERlJXVnY4cVFSbkZcbmpLUFQ4ejZJa1JBU3hrTFpCVmVvTTRYMmdVMXN3NFE1Y1NNa2xPMk5Bb0dCQUlMbTNkVXoxSk5lS1RDeDBMdVVcbkVoaWJNTTJZY0k3VEdzdlBMUzFSTWlGMW1QS2lNL0RRbU1HeTdOUjZ5THE0dnJYZ2VLS2dEUXlMUUtCaklJYVlcbkpaVS9SdXdxVVN0SVp6MTBIa09GOHB2UEtOYWdkVDlLU1hjUnJjUVZLTWFTVlo4Wno2T2hXSUVjd093MXh6NHBcbitlSG41ZkFKdUNYSnpHR3JBd1lhNXVnZVxuLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLVxuIiwKICAiY2xpZW50X2VtYWlsIjogInRyYWVmaWtAbXlyb290LTI4MzYwMy5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgImNsaWVudF9pZCI6ICIxMDM1MDEzNzgwMDg2ODQ1MjIwNjkiLAogICJhdXRoX3VyaSI6ICJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvYXV0aCIsCiAgInRva2VuX3VyaSI6ICJodHRwczovL29hdXRoMi5nb29nbGVhcGlzLmNvbS90b2tlbiIsCiAgImF1dGhfcHJvdmlkZXJfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjEvY2VydHMiLAogICJjbGllbnRfeDUwOV9jZXJ0X3VybCI6ICJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9yb2JvdC92MS9tZXRhZGF0YS94NTA5L3RyYWVmaWslNDBteXJvb3QtMjgzNjAzLmlhbS5nc2VydmljZWFjY291bnQuY29tIgp9Cgo="
- ###############################
- # Deployment
- ###############################
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- labels:
- app: traefik
- release: traefik
- name: traefik
- namespace: kube-system
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: traefik
- release: traefik
- template:
- metadata:
- labels:
- app: traefik
- release: traefik
- spec:
- volumes:
- - name: google-crendential
- secret:
- secretName: google-crendential
- containers:
- - args:
- - --api
- #- --api.insecure=true
- # Set insecure to fals to enable basic auth
- - --api.insecure=false
- - --api.dashboard=true
- - --accesslog
- - --global.checknewversion=true
- - --entryPoints.traefik.address=:8100
- - --entryPoints.web.address=:80
- - --entryPoints.websecure.address=:443
- # - --acme.domains=*.eugeniocarvalho.dev,eugeniocarvalho.dev
- # permanent redirecting of all requests on http (80) to https (443)
- - --entrypoints.web.http.redirections.entryPoint.to=websecure
- - --entrypoints.websecure.http.tls.certResolver=default
- - --entrypoints.websecure.http.tls.domains[0].main=*.monteasua.com.br
- - --entrypoints.websecure.http.tls.domains[1].main=monteasua.com.br
- # - --entrypoints.websecure.http.tls.domains[0].sans=monteasua.com.br
- #- --entrypoints.websecure.http.tls.certResolver=letsencrypt
- # Let's Encrypt Configurtion:
- # Please note that this is the staging Let's Encrypt server configuration.
- # Once you get things working, you should remove that following line.
- - --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com
- - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- - --certificatesresolvers.default.acme.storage=acme.json
- # - --certificatesresolvers.default.acme.dnsChallenge.provider=duckdns
- - --certificatesresolvers.default.acme.dnsChallenge=true
- - --certificatesresolvers.default.acme.dnsChallenge.provider=gcloud
- - --certificatesresolvers.default.acme.dnsChallenge.delaybeforecheck=180
- - --certificatesresolvers.default.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
- # - --certificatesresolvers.default.acme.dnsChallenge.entryPoint=http
- - --ping=true
- - --providers.kubernetescrd=true
- - --providers.kubernetesingress=true
- # Use log level= INFO or DEBUG
- - --log.level=INFO
- image: traefik:2.2.1
- env:
- # - name: DUCKDNS_TOKEN
- # value: d0d100c1-8b52-452e-b066-5bdabb99a204
- - name: GCE_PROJECT
- value: myroot-283603
- # - name: GCE_SERVICE_ACCOUNT
- # value: "traefik@myroot-283603.iam.gserviceaccount.com"
- - name: GCE_SERVICE_ACCOUNT_FILE
- value: /secrets/gcloud-credentials.json
- - name: GCE_DEBUG
- value: "true"
- volumeMounts:
- - mountPath: /secrets
- name: google-crendential
- imagePullPolicy: IfNotPresent
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /ping
- port: 8100
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 2
- name: traefik
- ports:
- - containerPort: 8100
- name: admin
- protocol: TCP
- - containerPort: 80
- name: web
- protocol: TCP
- - containerPort: 443
- name: websecure
- protocol: TCP
- # optional storage
- # enable this option only in case you have defined a persistence volume claim
- #volumeMounts:
- #- name: traefik-data
- # mountPath: /var/lib/traefik
- readinessProbe:
- failureThreshold: 1
- httpGet:
- path: /ping
- port: 8100
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 2
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- dnsPolicy: ClusterFirst
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- serviceAccount: traefik
- serviceAccountName: traefik
- terminationGracePeriodSeconds: 60
-
- # optional storage
- # enable this option only in case you have defined a persistence volume claim
- #volumes:
- # - name: traefik-data
- # persistentVolumeClaim:
- # claimName: traefik-data
- ###############################
- # Service
- ###############################
- ---
- apiVersion: v1
- kind: Service
- metadata:
- labels:
- app: traefik
- release: traefik
- name: traefik
- namespace: kube-system
- spec:
- externalIPs:
- - "10.128.0.8"
- externalTrafficPolicy: Cluster
- ports:
- - name: web
- port: 80
- protocol: TCP
- targetPort: 80
- - name: websecure
- port: 443
- protocol: TCP
- targetPort: 443
- - name: admin
- port: 8100
- protocol: TCP
- targetPort: 8100
- selector:
- app: traefik
- release: traefik
- sessionAffinity: None
- type: LoadBalancer
- status:
- loadBalancer: {}
- #########################################################
- # The Middleware configuration contains middleware componenst
- # for a HTTP->HTTS redirection and a BasicAuth example.
- #########################################################
- ###############################
- # Middleware for basicAuth
- ###############################
- ---
- apiVersion: traefik.containo.us/v1alpha1
- kind: Middleware
- metadata:
- name: basic-auth
- spec:
- basicAuth:
- secret: authsecret
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- name: authsecret
- namespace: default
- #------------ Paste your own password file content here (default user/password=admin/adminadmin)--------------
- data:
- users: |2
- YWRtaW46JGFwcjEkWXdmLkF6Um0kc3owTkpQMi55cy56V2svek43aENtLwoKdXNl
- cjokYXByMSRaU2VKQW1pOSRVV1AvcDdsQy9KSzdrbXBIMXdGL28uCgo=
- ###############################
- # Middleware for HTTP->HTTPS
- # This middleware is not needed in case of:
- # entrypoints.web.http.redirections.entryPoint.to=websecure
- ###############################
- #---
- #apiVersion: traefik.containo.us/v1alpha1
- #kind: Middleware
- #metadata:
- # name: https-redirect
- #spec:
- # redirectScheme:
- # scheme: https
- # permanent: true
- # #port: 443
- ###############################
- # Middleware for CORS
- ###############################
- ---
- apiVersion: traefik.containo.us/v1alpha1
- kind: Middleware
- metadata:
- name: cors-all
- spec:
- headers:
- accessControlAllowMethods:
- - "GET"
- - "OPTIONS"
- - "PUT"
- - "POST"
- accessControlAllowOriginList:
- - "origin-list-or-null"
- accessControlMaxAge: 100
- accessControlAllowHeaders:
- - "Content-Type"
- addVaryHeader: true
- customRequestHeaders:
- X-Forwarded-Proto: "https"
|