| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240 |
- ###############################
- # ServiceAccount
- ###############################
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: traefik
- namespace: kube-system
- ###############################
- # Deployment
- ###############################
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- labels:
- app: traefik
- release: traefik
- name: traefik
- namespace: kube-system
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: traefik
- release: traefik
- template:
- metadata:
- labels:
- app: traefik
- release: traefik
- spec:
- containers:
- - args:
- - --api
- #- --api.insecure=true
- # Set insecure to fals to enable basic auth
- - --api.insecure=false
- - --api.dashboard=true
- - --accesslog
- - --global.checknewversion=true
- - --entryPoints.traefik.address=:8100
- - --entryPoints.web.address=:80
- - --entryPoints.websecure.address=:443
- # permanent redirecting of all requests on http (80) to https (443)
- - --entrypoints.web.http.redirections.entryPoint.to=websecure
- - --entrypoints.websecure.http.tls.certResolver=default
- - --entrypoints.websecure.http.tls.domains[0].main=eugeniocarvalho.dev
- - --entrypoints.websecure.http.tls.domains[0].sans=*.eugeniocarvalho.dev
- #- --entrypoints.websecure.http.tls.certResolver=letsencrypt
- # Let's Encrypt Configurtion:
- # Please note that this is the staging Let's Encrypt server configuration.
- # Once you get things working, you should remove that following line.
- #- --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- - --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com
- - --certificatesresolvers.default.acme.storage=/var/lib/traefik/acme.json
- - --certificatesresolvers.default.acme.tlschallenge=true
- - --ping=true
- - --providers.kubernetescrd=true
- - --providers.kubernetesingress=true
- # Use log level= INFO or DEBUG
- - --log.level=INFO
- image: traefik:2.2.1
- imagePullPolicy: IfNotPresent
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /ping
- port: 8100
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 2
- name: traefik
- ports:
- - containerPort: 8100
- name: admin
- protocol: TCP
- - containerPort: 80
- name: web
- protocol: TCP
- - containerPort: 443
- name: websecure
- protocol: TCP
- # optional storage
- # enable this option only in case you have defined a persistence volume claim
- #volumeMounts:
- #- name: traefik-data
- # mountPath: /var/lib/traefik
- readinessProbe:
- failureThreshold: 1
- httpGet:
- path: /ping
- port: 8100
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 2
- resources: {}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
-
- dnsPolicy: ClusterFirst
- restartPolicy: Always
- schedulerName: default-scheduler
- securityContext: {}
- serviceAccount: traefik
- serviceAccountName: traefik
- terminationGracePeriodSeconds: 60
-
- # optional storage
- # enable this option only in case you have defined a persistence volume claim
- #volumes:
- # - name: traefik-data
- # persistentVolumeClaim:
- # claimName: traefik-data
- ###############################
- # Service
- ###############################
- ---
- apiVersion: v1
- kind: Service
- metadata:
- labels:
- app: traefik
- release: traefik
- name: traefik
- namespace: kube-system
- spec:
- externalIPs:
- - "10.128.0.8"
- externalTrafficPolicy: Cluster
- ports:
- - name: web
- port: 80
- protocol: TCP
- targetPort: 80
- - name: websecure
- port: 443
- protocol: TCP
- targetPort: 443
- - name: admin
- port: 8100
- protocol: TCP
- targetPort: 8100
- selector:
- app: traefik
- release: traefik
- sessionAffinity: None
- type: LoadBalancer
- status:
- loadBalancer: {}
- #########################################################
- # The Middleware configuration contains middleware componenst
- # for a HTTP->HTTS redirection and a BasicAuth example.
- #########################################################
- ###############################
- # Middleware for basicAuth
- ###############################
- ---
- apiVersion: traefik.containo.us/v1alpha1
- kind: Middleware
- metadata:
- name: basic-auth
- spec:
- basicAuth:
- secret: authsecret
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- name: authsecret
- namespace: default
- #------------ Paste your own password file content here (default user/password=admin/adminadmin)--------------
- data:
- users: |2
- YWRtaW46JGFwcjEkWXdmLkF6Um0kc3owTkpQMi55cy56V2svek43aENtLwoKdXNl
- cjokYXByMSRaU2VKQW1pOSRVV1AvcDdsQy9KSzdrbXBIMXdGL28uCgo=
- ###############################
- # Middleware for HTTP->HTTPS
- # This middleware is not needed in case of:
- # entrypoints.web.http.redirections.entryPoint.to=websecure
- ###############################
- #---
- #apiVersion: traefik.containo.us/v1alpha1
- #kind: Middleware
- #metadata:
- # name: https-redirect
- #spec:
- # redirectScheme:
- # scheme: https
- # permanent: true
- # #port: 443
- ###############################
- # Middleware for CORS
- ###############################
- ---
- apiVersion: traefik.containo.us/v1alpha1
- kind: Middleware
- metadata:
- name: cors-all
- spec:
- headers:
- accessControlAllowMethods:
- - "GET"
- - "OPTIONS"
- - "PUT"
- - "POST"
- accessControlAllowOriginList:
- - "origin-list-or-null"
- accessControlMaxAge: 100
- accessControlAllowHeaders:
- - "Content-Type"
- addVaryHeader: true
- customRequestHeaders:
- X-Forwarded-Proto: "https"
|
