020-deployment.yaml 9.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259
  1. ###############################
  2. # ServiceAccount
  3. ###############################
  4. ---
  5. apiVersion: v1
  6. kind: ServiceAccount
  7. metadata:
  8. name: traefik
  9. namespace: kube-system
  10. ---
  11. apiVersion: v1
  12. kind: Secret
  13. metadata:
  14. name: gce-secrets
  15. type: Opaque
  16. data:
  17. gcloud-credentials.json: "ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAibXlyb290LTI4MzYwMyIsCiAgInByaXZhdGVfa2V5X2lkIjogIjliYzkwODA4ODlmZjAxMDRiODI1ODE1ZTkwMGNjNGU0ZmVmNWNmYmQiLAogICJwcml2YXRlX2tleSI6ICItLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS0KTUlJRXZnSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2d3Z2dTa0FnRUFBb0lCQVFDZnFYeDNPbG1SaHJFYwpsdk10Z05ydkF3R05XUktJdHJkT0w0OEFxQndsWE1PSmJXclVEUnFsNkRxOUE5WXpFZVhkYmtHVUpvVFg3UkdoCnFqc2dHWjRtRWR3aWkybVpJNHIxajEwOXdUeGVBMkIwNjRlSXR6TXlGWGMrVXk1a3N5S3BzVWxHczBqWWdPUjUKdjRCQTQ1MFhlMExiT0FaLzIyaE00ZFI0ZGdFdzI2cGoxRVgwRzZ3SURpLzMzR1ViMDJlNFNtNEs1ZTRPdUdJZQpUc1R2c3NiN2hxdVc5bGdlaWRET3d4WHF5SHRwM1hVRDYySytmWVdmWWJoVm14ZVpBUStTU2hqRUhQK09LNUlHCkpJVmd3eEwvaTdaby82dnZyYytZRXlFMnF1eWNlZXRnQjJqUWorQllwYVYyWEphNWdOUHFGYWFpZStWeDBhN0MKckdGeWlhNS9BZ01CQUFFQ2dnRUFBL3pGTGYycVdZM3FsaVY4RlBkRXQxS0hMcTVlOEVTT3hOR0lyQWJQNmJVKwo4T2I1cGVFNTVtNkhCWlVremVUWmlPcE9iVUJWQkNKWWk2cFUxYTZKaUNVQndXZyt4Wm9xV2gyZGVLaGFXYjRrCnRCMnNBZHFBUnZUdC8wem1ndjlOdCtIRWxTVktoZ05qTVZvTTJjamVsaktLU25peDNXNG1WUjAwL3hBRWlIUHcKdE1IcDBLVUJ2eWQyclZEV25GVmU3L2pPVFFSbnZYSmJzc1VGVFpnaVdQbkRBdWFmWGxtTThlOVBnaWdVRG1NTgpyOG9aMTZTR0djdDl2bFJLWXY1SUpjQ1lUVzJVeTB3SlprQW5sNUtEdG5LSHZwOHcwSmZnMkxZK3RHZE8rU0ErCkpEWFBaQ3BYU251VzVLOTl2L3VMclB0cHEyLysya09SQmZ1allZOVhVUUtCZ1FEVXpXQWxQYk9qK3NyOHV3RkMKQ0pQbmJmSmc3ZVJ4VUdHRUlZQVZ2TFFzU1hEZEpVUTQ4SlpsS1NmNm5ZQ04xeWNWRDZpL0Q2Ykh6aTBpb3B4TApmY25uWWhJNDRJNWN4eXcvRCtwaFZTTitWTEVabmZtYjRZRkIxRjdsMFdvdzgwTlRweTZ5ejVPQUswQVFQYm41CmUySmdUMmpuZ0lJbHpjZHg1OUFjNHVndGlRS0JnUURBRXBkNSt3Z1hJYWNFU0N2S0hoYUdGMDRGUnBjTjJWYWUKK29jSmEwMFdRL1J0QjlGemd2dm84ZzBFSmFPNjlRNHRSM3RYRHpLZC9sdzZtMVBGMmFSSmxvR3hKQW44cW1hTwozZkVDZ1NOcHRIMjRFdnVhc1F1NllpSk5jQkRFaCtMa3NkdzhsbzU3UTVUSVV4a1BtQ1Nnbk5uSHgvVWxIR04xCmJ6YVlFMnJCeHdLQmdRREFHOWdjUnFPUithcWVsY1FBOVBWeERCU3Y1Sk5DcUtvZ09vNERFYVFtQnZiWTdmZTAKMzUwbUhnMTFkaExEK2VQU1k1eVhQMjMxR3ZBc1FGaVEzaklUckxsK2wxcHQ3M0RHVFh2dCtvcGNWZUM3bTUzbgpWNkQwNk4veTRTYllvZ081MVVlWExVV2ZnMndHUFhOVEFreEJYZTc2YjAwUEM4SnQxalJPbjVteTRRS0JnQVZCCi9RZUh5YWJvY3V2NUZjbkluUkU2bmhZaTRvdXNnV1NFc3lHYzRGVlZzdUV4TDVpYjQwMXpJc3dVUTdFZ2VDemgKSWcwMkMwcXI1ZFpzM2hReWF2N2dzZGdwaG1SMlBheDNndHR3c1lsNU9WL0tsVHljMEJkZ0RGUldWdjhxUVJuRgpqS1BUOHo2SWtSQVN4a0xaQlZlb000WDJnVTFzdzRRNWNTTWtsTzJOQW9HQkFJTG0zZFV6MUpOZUtUQ3gwTHVVCkVoaWJNTTJZY0k3VEdzdlBMUzFSTWlGMW1QS2lNL0RRbU1HeTdOUjZ5THE0dnJYZ2VLS2dEUXlMUUtCaklJYVkKSlpVL1J1d3FVU3RJWnoxMEhrT0Y4cHZQS05hZ2RUOUtTWGNScmNRVktNYVNWWjhaejZPaFdJRWN3T3cxeHo0cAorZUhuNWZBSnVDWEp6R0dyQXdZYTV1Z2UKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQoiLAogICJjbGllbnRfZW1haWwiOiAidHJhZWZpa0BteXJvb3QtMjgzNjAzLmlhbS5nc2VydmljZWFjY291bnQuY29tIiwKICAiY2xpZW50X2lkIjogIjEwMzUwMTM3ODAwODY4NDUyMjA2OSIsCiAgImF1dGhfdXJpIjogImh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi9hdXRoIiwKICAidG9rZW5fdXJpIjogImh0dHBzOi8vb2F1dGgyLmdvb2dsZWFwaXMuY29tL3Rva2VuIiwKICAiYXV0aF9wcm92aWRlcl94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92MS9jZXJ0cyIsCiAgImNsaWVudF94NTA5X2NlcnRfdXJsIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3JvYm90L3YxL21ldGFkYXRhL3g1MDkvdHJhZWZpayU0MG15cm9vdC0yODM2MDMuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iCn0K"
  18. # apiVersion: v1
  19. # kind: Secret
  20. # metadata:
  21. # name: GCE_ACCOUNT_SECRET
  22. # data:
  23. ###############################
  24. # Deployment
  25. ###############################
  26. ---
  27. apiVersion: apps/v1
  28. kind: Deployment
  29. metadata:
  30. labels:
  31. app: traefik
  32. release: traefik
  33. name: traefik
  34. namespace: kube-system
  35. spec:
  36. replicas: 1
  37. selector:
  38. matchLabels:
  39. app: traefik
  40. release: traefik
  41. template:
  42. metadata:
  43. labels:
  44. app: traefik
  45. release: traefik
  46. spec:
  47. containers:
  48. - args:
  49. - --api
  50. #- --api.insecure=true
  51. # Set insecure to fals to enable basic auth
  52. - --api.insecure=false
  53. - --api.dashboard=true
  54. - --accesslog
  55. - --global.checknewversion=true
  56. - --entryPoints.traefik.address=:8100
  57. - --entryPoints.web.address=:80
  58. - --entryPoints.websecure.address=:443
  59. # permanent redirecting of all requests on http (80) to https (443)
  60. - --entrypoints.web.http.redirections.entryPoint.to=websecure
  61. - --entrypoints.websecure.http.tls.certResolver=default
  62. - --entrypoints.websecure.http.tls.domains[0].main=k8s.eugeniocarvalho.dev
  63. - --entrypoints.websecure.http.tls.domains[0].sans=*.k8s.eugeniocarvalho.dev
  64. #- --entrypoints.websecure.http.tls.certResolver=letsencrypt
  65. # Let's Encrypt Configurtion:
  66. # Please note that this is the staging Let's Encrypt server configuration.
  67. # Once you get things working, you should remove that following line.
  68. - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
  69. - --certificatesresolvers.default.acme.email=eugeniucarvalho@gmail.com
  70. - --certificatesresolvers.default.acme.storage=acme.json
  71. # - --certificatesresolvers.default.acme.tlschallenge=true
  72. - --certificatesresolvers.default.acme.dnsChallenge.provider=gcloud
  73. - --certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0
  74. # - --certificatesresolvers.default.acme.dnsChallenge.entryPoint=http
  75. - --ping=true
  76. - --providers.kubernetescrd=true
  77. - --providers.kubernetesingress=true
  78. # Use log level= INFO or DEBUG
  79. - --log.level=INFO
  80. image: traefik:2.2.1
  81. env:
  82. - name: GCE_PROJECT
  83. value: "myroot-283603"
  84. - name: GCE_SERVICE_ACCOUNT
  85. value: "traefik@myroot-283603.iam.gserviceaccount.com"
  86. - name: GCE_SERVICE_ACCOUNT_FILE
  87. value: /secrets/gcloud-credentials.json
  88. imagePullPolicy: IfNotPresent
  89. livenessProbe:
  90. failureThreshold: 3
  91. httpGet:
  92. path: /ping
  93. port: 8100
  94. scheme: HTTP
  95. initialDelaySeconds: 10
  96. periodSeconds: 10
  97. successThreshold: 1
  98. timeoutSeconds: 2
  99. name: traefik
  100. ports:
  101. - containerPort: 8100
  102. name: admin
  103. protocol: TCP
  104. - containerPort: 80
  105. name: web
  106. protocol: TCP
  107. - containerPort: 443
  108. name: websecure
  109. protocol: TCP
  110. # optional storage
  111. # enable this option only in case you have defined a persistence volume claim
  112. #volumeMounts:
  113. #- name: traefik-data
  114. # mountPath: /var/lib/traefik
  115. readinessProbe:
  116. failureThreshold: 1
  117. httpGet:
  118. path: /ping
  119. port: 8100
  120. scheme: HTTP
  121. initialDelaySeconds: 10
  122. periodSeconds: 10
  123. successThreshold: 1
  124. timeoutSeconds: 2
  125. resources: {}
  126. terminationMessagePath: /dev/termination-log
  127. terminationMessagePolicy: File
  128. dnsPolicy: ClusterFirst
  129. restartPolicy: Always
  130. schedulerName: default-scheduler
  131. securityContext: {}
  132. serviceAccount: traefik
  133. serviceAccountName: traefik
  134. terminationGracePeriodSeconds: 60
  135. # optional storage
  136. # enable this option only in case you have defined a persistence volume claim
  137. #volumes:
  138. # - name: traefik-data
  139. # persistentVolumeClaim:
  140. # claimName: traefik-data
  141. ###############################
  142. # Service
  143. ###############################
  144. ---
  145. apiVersion: v1
  146. kind: Service
  147. metadata:
  148. labels:
  149. app: traefik
  150. release: traefik
  151. name: traefik
  152. namespace: kube-system
  153. spec:
  154. externalIPs:
  155. - "10.128.0.8"
  156. externalTrafficPolicy: Cluster
  157. ports:
  158. - name: web
  159. port: 80
  160. protocol: TCP
  161. targetPort: 80
  162. - name: websecure
  163. port: 443
  164. protocol: TCP
  165. targetPort: 443
  166. - name: admin
  167. port: 8100
  168. protocol: TCP
  169. targetPort: 8100
  170. selector:
  171. app: traefik
  172. release: traefik
  173. sessionAffinity: None
  174. type: LoadBalancer
  175. status:
  176. loadBalancer: {}
  177. #########################################################
  178. # The Middleware configuration contains middleware componenst
  179. # for a HTTP->HTTS redirection and a BasicAuth example.
  180. #########################################################
  181. ###############################
  182. # Middleware for basicAuth
  183. ###############################
  184. ---
  185. apiVersion: traefik.containo.us/v1alpha1
  186. kind: Middleware
  187. metadata:
  188. name: basic-auth
  189. spec:
  190. basicAuth:
  191. secret: authsecret
  192. ---
  193. apiVersion: v1
  194. kind: Secret
  195. metadata:
  196. name: authsecret
  197. namespace: default
  198. #------------ Paste your own password file content here (default user/password=admin/adminadmin)--------------
  199. data:
  200. users: |2
  201. YWRtaW46JGFwcjEkWXdmLkF6Um0kc3owTkpQMi55cy56V2svek43aENtLwoKdXNl
  202. cjokYXByMSRaU2VKQW1pOSRVV1AvcDdsQy9KSzdrbXBIMXdGL28uCgo=
  203. ###############################
  204. # Middleware for HTTP->HTTPS
  205. # This middleware is not needed in case of:
  206. # entrypoints.web.http.redirections.entryPoint.to=websecure
  207. ###############################
  208. #---
  209. #apiVersion: traefik.containo.us/v1alpha1
  210. #kind: Middleware
  211. #metadata:
  212. # name: https-redirect
  213. #spec:
  214. # redirectScheme:
  215. # scheme: https
  216. # permanent: true
  217. # #port: 443
  218. ###############################
  219. # Middleware for CORS
  220. ###############################
  221. ---
  222. apiVersion: traefik.containo.us/v1alpha1
  223. kind: Middleware
  224. metadata:
  225. name: cors-all
  226. spec:
  227. headers:
  228. accessControlAllowMethods:
  229. - "GET"
  230. - "OPTIONS"
  231. - "PUT"
  232. - "POST"
  233. accessControlAllowOriginList:
  234. - "origin-list-or-null"
  235. accessControlMaxAge: 100
  236. accessControlAllowHeaders:
  237. - "Content-Type"
  238. addVaryHeader: true
  239. customRequestHeaders:
  240. X-Forwarded-Proto: "https"