Fascinated/homelab
Archived
1
1
Fork 0
Code Issues 1 Pull Requests 9 Actions Activity

helm traefik and maybe fix cert-manager

Browse Source
This commit is contained in:
Lee 2024-09-21 22:30:59 +01:00
parent 09d137b092
commit 088d24d660
5 changed files with 91 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/production/cert-manager/kustomization.yaml
View File

@ -4,5 +4,7 @@ kind: Kustomization
namespace: cert-manager namespace: cert-manager
resources: resources:
- namespace.yaml - namespace.yaml
- certificates/*.yaml - certificates/fascinated-cc.yaml
- certificates/local-fascinated-cc.yaml
- certificates/mcutils-xyz.yaml
- issuers.yaml - issuers.yaml

2
apps/production/traefik/kustomization.yaml
View File

@ -4,6 +4,4 @@ kind: Kustomization
namespace: traefik-production namespace: traefik-production
resources: resources:
- namespace.yaml - namespace.yaml
- rbac.yaml
- traefik.yaml - traefik.yaml
- service.yaml

69
apps/production/traefik/rbac.yaml
View File

@ -1,69 +0,0 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- middlewares
- middlewaretcps
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
verbs:
- get
- list
- watch
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: traefik-ingress-controller
namespace: traefik
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: traefik

23
apps/production/traefik/service.yaml
View File

@ -1,23 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: traefik
labels:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
spec:
selector:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
type: LoadBalancer
loadBalancerIP: 10.0.69.250
ports:
- port: 80
name: web
targetPort: web
protocol: TCP
- port: 443
name: websecure
targetPort: websecure
protocol: TCP

146
apps/production/traefik/traefik.yaml
View File

@ -1,66 +1,96 @@
--- ---
apiVersion: apps/v1 apiVersion: helm.toolkit.fluxcd.io/v2
kind: Deployment kind: HelmRepository
metadata: metadata:
name: traefik name: traefik
labels: namespace: traefik-production
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
spec: spec:
replicas: 1 interval: 1m0s
selector: url: https://helm.traefik.io/traefik---
matchLabels: ---
app.kubernetes.io/name: traefik apiVersion: helm.toolkit.fluxcd.io/v2
app.kubernetes.io/instance: traefik kind: HelmRelease
template: metadata:
metadata: name: traefik
labels: namespace: traefik-production
app.kubernetes.io/name: traefik spec:
app.kubernetes.io/instance: traefik chart:
spec: spec:
serviceAccountName: traefik-ingress-controller chart: traefik
terminationGracePeriodSeconds: 60 sourceRef:
containers: kind: HelmRepository
- name: traefik name: traefik
image: traefik:3.1.4 version: 31.1.1
args: interval: 1m0s
- "--entryPoints.web.address=:8000/tcp" releaseName: traefik
- "--entryPoints.websecure.address=:8443/tcp" targetNamespace: default
- "--ping=true" valuesFrom:
- "--global.sendanonymoususage=false" - kind: Secret
- "--global.checknewversion=false" name: traefik-secret
- "--serversTransport.insecureSkipVerify=true" ---
- "--log.level=INFO" apiVersion: v1
- "--providers.kubernetescrd" kind: Secret
- "--providers.kubernetescrd.allowCrossNamespace=true" metadata:
- "--providers.kubernetescrd.allowExternalNameServices=true" creationTimestamp: null
- "--providers.kubernetesingress.allowCrossNamespace=true" name: traefik-secret
- "--providers.kubernetesingress.allowExternalNameServices=true" namespace: traefik-production
readinessProbe: stringData:
httpGet: values.yaml: |
path: /ping globalArguments:
port: 9000 - "--global.sendanonymoususage=false"
failureThreshold: 1 - "--global.checknewversion=false"
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
livenessProbe: additionalArguments:
httpGet: - "--serversTransport.insecureSkipVerify=true"
path: /ping - "--log.level=INFO"
port: 9000 - "--providers.kubernetescrd.allowCrossNamespace=true"
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 2
ports: deployment:
- name: web enabled: true
containerPort: 8000 replicas: 1
protocol: TCP annotations: {}
podAnnotations: {}
additionalContainers: []
initContainers: []
- name: websecure ports:
containerPort: 8443 web:
protocol: TCP redirectTo:
port: websecure
priority: 10
websecure:
# http3:
# enabled: true
# advertisedPort: 4443
tls:
enabled: true
ingressRoute:
dashboard:
enabled: false
providers:
kubernetesCRD:
enabled: true
ingressClass: traefik-external
allowExternalNameServices: true
allowCrossNamespace: true
kubernetesIngress:
enabled: true
allowExternalNameServices: true
allowCrossNamespace: true
publishedService:
enabled: false
rbac:
enabled: true
service:
enabled: true
type: LoadBalancer
annotations: {}
labels: {}
spec:
loadBalancerIP: 10.0.69.250 # this should be an IP in the MetalLB range
loadBalancerSourceRanges: []
externalIPs: []