| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262 |
- ###############################
- # ServiceAccount
- ###############################
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: traefik
- namespace: kube-system
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- name: gce-secrets
- type: Opaque
- data:
- gcloud-credentials.json: "ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAibXlyb290LTI4MzYwMyIsCiAgInByaXZhdGVfa2V5X2lkIjogIjliYzkwODA4ODlmZjAxMDRiODI1ODE1ZTkwMGNjNGU0ZmVmNWNmYmQiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS0KTUlJRXZnSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2d3Z2dTa0FnRUFBb0lCQVFDZnFYeDNPbG1SaHJFYwpsdk10Z05ydkF3R05XUktJdHJkT0w0OEFxQndsWE1PSmJXclVEUnFsNkRxOUE5WXpFZVhkYmtHVUpvVFg3UkdoCnFqc2dHWjRtRWR3aWkybVpJNHIxajEwOXdUeGVBMkIwNjRlSXR6TXlGWGMrVXk1a3N5S3BzVWxHczBqWWdPUjUKdjRCQTQ1MFhlMExiT0FaLzIyaE00ZFI0ZGdFdzI2cGoxRVgwRzZ3SURpLzMzR1ViMDJlNFNtNEs1ZTRPdUdJZQpUc1R2c3NiN2hxdVc5bGdlaWRET3d4WHF5SHRwM1hVRDYySytmWVdmWWJoVm14ZVpBUStTU2hqRUhQK09LNUlHCkpJVmd3eEwvaTdaby82dnZyYytZRXlFMnF1eWNlZXRnQjJqUWorQllwYVYyWEphNWdOUHFGYWFpZStWeDBhN0MKckdGeWlhNS9BZ01CQUFFQ2dnRUFBL3pGTGYycVdZM3FsaVY4RlBkRXQxS0hMcTVlOEVTT3hOR0lyQWJQNmJVKwo4T2I1cGVFNTVtNkhCWlVremVUWmlPcE9iVUJWQkNKWWk2cFUxYTZKaUNVQndXZyt4Wm9xV2gyZGVLaGFXYjRrCnRCMnNBZHFBUnZUdC8wem1ndjlOdCtIRWxTVktoZ05qTVZvTTJjamVsaktLU25peDNXNG1WUjAwL3hBRWlIUHcKdE1IcDBLVUJ2eWQyclZEV25GVmU3L2pPVFFSbnZYSmJzc1VGVFpnaVdQbkRBdWFmWGxtTThlOVBnaWdVRG1NTgpyOG9aMTZTR0djdDl2bFJLWXY1SUpjQ1lUVzJVeTB3SlprQW5sNUtEdG5LSHZwOHcwSmZnMkxZK3RHZE8rU0ErCkpEWFBaQ3BYU251VzVLOTl2L3VMclB0cHEyLysya09SQmZ1allZOVhVUUtCZ1FEVXpXQWxQYk9qK3NyOHV3RkMKQ0pQbmJmSmc3ZVJ4VUdHRUlZQVZ2TFFzU1hEZEpVUTQ4SlpsS1NmNm5ZQ04xeWNWRDZpL0Q2Ykh6aTBpb3B4TApmY25uWWhJNDRJNWN4eXcvRCtwaFZTTitWTEVabmZtYjRZRkIxRjdsMFdvdzgwTlRweTZ5ejVPQUswQVFQYm41CmUySmdUMmpuZ0lJbHpjZHg1OUFjNHVndGlRS0JnUURBRXBkNSt3Z1hJYWNFU0N2S0hoYUdGMDRGUnBjTjJWYWUKK29jSmEwMFdRL1J0QjlGemd2dm84ZzBFSmFPNjlRNHRSM3RYRHpLZC9sdzZtMVBGMmFSSmxvR3hKQW44cW1hTwozZkVDZ1NOcHRIMjRFdnVhc1F1NllpSk5jQkRFaCtMa3NkdzhsbzU3UTVUSVV4a1BtQ1Nnbk5uSHgvVWxIR04xCmJ6YVlFMnJCeHdLQmdRREFHOWdjUnFPUithcWVsY1FBOVBWeERCU3Y1Sk5DcUtvZ09vNERFYVFtQnZiWTdmZTAKMzUwbUhnMTFkaExEK2VQU1k1eVhQMjMxR3ZBc1FGaVEzaklUckxsK2wxcHQ3M0RHVFh2dCtvcGNWZUM3bTUzbgpWNkQwNk4veTRTYllvZ081MVVlWExVV2ZnMndHUFhOVEFreEJYZTc2YjAwUEM4SnQxalJPbjVteTRRS0JnQVZCCi9RZUh5YWJvY3V2NUZjbkluUkU2bmhZaTRvdXNnV1NFc3lHYzRGVlZzdUV4TDVpYjQwMXpJc3dVUTdFZ2VDemgKSWcwMkMwcXI1ZFpzM2hReWF2N2dzZGdwaG1SMlBheDNndHR3c1lsNU9WL0tsVHljMEJkZ0RGUldWdjhxUVJuRgpqS1BUOHo2SWtSQVN4a0xaQlZlb000WDJnVTFzdzRRNWNTTWtsTzJOQW9HQkFJTG0zZFV6MUpOZUtUQ3gwTHVVCkVoaWJNTTJZY0k3VEdzdlBMUzFSTWlGMW1QS2lNL0RRbU1HeTdOUjZ5THE0dnJYZ2VLS2dEUXlMUUtCaklJYVkKSlpVL1J1d3FVU3RJWnoxMEhrT0Y4cHZQS05hZ2RUOUtTWGNScmNRVktNYVNWWjhaejZPaFdJRWN3T3cxeHo0cAorZUhuNWZBSnVDWEp6R0dyQXdZYTV1Z2UKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQoiLAogICJjbGllbnRfZW1haWwiOiAidHJhZWZpa0BteXJvb3QtMjgzNjAzLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwKICAiY2xpZW50X2lkIjogIjEwMzUwMTM3ODAwODY4NDUyMjA2OSIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1MDkvdHJhZWZpayU0MG15cm9vdC0yODM2MDMuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iCn0K"
- ###############################
- # Deployment
- ###############################
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- labels:
- app: traefik
- release: traefik
- name: traefik
- namespace: kube-system
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: traefik
- release: traefik
- template:
- metadata:
- labels:
- app: traefik
- release: traefik
- spec:
- volumes:
- - name: gce-secrets
- secret:
- secretName: gce-secrets
- containers:
- - args:
- - --api
- #- --api.insecure=true
- # Set insecure to fals to enable basic auth
- - --api.insecure=false
- - --api.dashboard=true
- - --accesslog
- - --global.checknewversion=true
- - --entryPoints.traefik.address=:8100
- - --entryPoints.web.address=:80
- - --entryPoints.websecure.address=:443
- # permanent redirecting of all requests on http (80) to https (443)
- - --entrypoints.web.http.redirections.entryPoint.to=websecure
- - --entrypoints.websecure.http.tls.certResolver=default
- - --entrypoints.websecure.http.tls.domains[0].main=k8s.eugeniocarvalho.dev
- - --entrypoints.websecure.http.tls.domains[0].sans=*.k8s.eugeniocarvalho.dev
- #- --entrypoints.websecure.http.tls.certResolver=letsencrypt
- # Let's Encrypt Configurtion:
- # Please note that this is the staging Let's Encrypt server configuration.
- # Once you get things working, you should remove that following line.
- - --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com
- - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- - --certificatesresolvers.default.acme.storage=acme.json
- # - --certificatesresolvers.default.acme.tlschallenge=true
- - --certificatesresolvers.default.acme.dnsChallenge.provider=gcloud
- - --certificatesresolvers.default.acme.dnschallenge.delaybeforecheck=0
- # - --certificatesresolvers.default.acme.dnsChallenge.entryPoint=http
- - --ping=true
- - --providers.kubernetescrd=true
- - --providers.kubernetesingress=true
- # Use log level= INFO or DEBUG
- - --log.level=INFO
- image: traefik:2.2.1
- volumeMounts:
- - mountPath: /secrets
- name: gce-secrets
- env:
- - name: GCE_PROJECT
- value: "myroot-283603"
- - name: GCE_SERVICE_ACCOUNT
- value: "traefik@myroot-283603.iam.gserviceaccount.com"
- - name: GCE_SERVICE_ACCOUNT_FILE
- value: /secrets/gcloud-credentials.json
- imagePullPolicy: IfNotPresent
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /ping
- port: 8100
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 2
- name: traefik
- ports:
- - containerPort: 8100
- name: admin
- protocol: TCP
- - containerPort: 80
- name: web
- protocol: TCP
- - containerPort: 443
- name: websecure
- protocol: TCP
- # optional storage
- # enable this option only in case you have defined a persistence volume claim
- #volumeMounts:
- #- name: traefik-data
- # mountPath: /var/lib/traefik
- readinessProbe:
- failureThreshold: 1
- httpGet:
- path: /ping
- port: 8100
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 2
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- dnsPolicy: ClusterFirst
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- serviceAccount: traefik
- serviceAccountName: traefik
- terminationGracePeriodSeconds: 60
- # optional storage
- # enable this option only in case you have defined a persistence volume claim
- #volumes:
- # - name: traefik-data
- # persistentVolumeClaim:
- # claimName: traefik-data
- ###############################
- # Service
- ###############################
- ---
- apiVersion: v1
- kind: Service
- metadata:
- labels:
- app: traefik
- release: traefik
- name: traefik
- namespace: kube-system
- spec:
- externalIPs:
- - "10.128.0.8"
- externalTrafficPolicy: Cluster
- ports:
- - name: web
- port: 80
- protocol: TCP
- targetPort: 80
- - name: websecure
- port: 443
- protocol: TCP
- targetPort: 443
- - name: admin
- port: 8100
- protocol: TCP
- targetPort: 8100
- selector:
- app: traefik
- release: traefik
- sessionAffinity: None
- type: LoadBalancer
- status:
- loadBalancer: {}
- #########################################################
- # The Middleware configuration contains middleware componenst
- # for a HTTP->HTTS redirection and a BasicAuth example.
- #########################################################
- ###############################
- # Middleware for basicAuth
- ###############################
- ---
- apiVersion: traefik.containo.us/v1alpha1
- kind: Middleware
- metadata:
- name: basic-auth
- spec:
- basicAuth:
- secret: authsecret
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- name: authsecret
- namespace: default
- #------------ Paste your own password file content here (default user/password=admin/adminadmin)--------------
- data:
- users: |2
- YWRtaW46JGFwcjEkWXdmLkF6Um0kc3owTkpQMi55cy56V2svek43aENtLwoKdXNl
- cjokYXByMSRaU2VKQW1pOSRVV1AvcDdsQy9KSzdrbXBIMXdGL28uCgo=
- ###############################
- # Middleware for HTTP->HTTPS
- # This middleware is not needed in case of:
- # entrypoints.web.http.redirections.entryPoint.to=websecure
- ###############################
- #---
- #apiVersion: traefik.containo.us/v1alpha1
- #kind: Middleware
- #metadata:
- # name: https-redirect
- #spec:
- # redirectScheme:
- # scheme: https
- # permanent: true
- # #port: 443
- ###############################
- # Middleware for CORS
- ###############################
- ---
- apiVersion: traefik.containo.us/v1alpha1
- kind: Middleware
- metadata:
- name: cors-all
- spec:
- headers:
- accessControlAllowMethods:
- - "GET"
- - "OPTIONS"
- - "PUT"
- - "POST"
- accessControlAllowOriginList:
- - "origin-list-or-null"
- accessControlMaxAge: 100
- accessControlAllowHeaders:
- - "Content-Type"
- addVaryHeader: true
- customRequestHeaders:
- X-Forwarded-Proto: "https"
|
