-
Notifications
You must be signed in to change notification settings - Fork 11
/
traefik_ingress_controller.yml
145 lines (142 loc) · 3.39 KB
/
traefik_ingress_controller.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
---
apiVersion: v1
kind: Namespace
metadata:
name: ingress-traefik
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-traefik
namespace: ingress-traefik
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ingress-traefik
rules:
- apiGroups: [""]
resources: ["services","endpoints","secrets"]
verbs: ["get","list","watch"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get","list","watch"]
- apiGroups: ["extensions"]
resources: ["ingresses/status"]
verbs: ["update"]
- apiGroups: ["traefik.containo.us"]
resources: ["middlewares"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["ingressroutes"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["ingressroutetcps"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["tlsoptions"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["traefikservices"]
verbs: ["get","list","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-traefik
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-traefik
subjects:
- kind: ServiceAccount
name: ingress-traefik
namespace: ingress-traefik
---
apiVersion: apps/v1
#kind: DaemonSet
kind: Deployment
metadata:
name: traefik-ingress-controller
namespace: ingress-traefik
labels:
k8s-app: traefik-ingress-lb
spec:
replicas: 1
selector:
matchLabels:
k8s-app: traefik-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: ingress-traefik
terminationGracePeriodSeconds: 60
# nodeSelector:
# traefik: ingress
containers:
- image: traefik
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
- name: admin
containerPort: 8080
- name: secure
containerPort: 443
args:
- "--api.insecure=true"
- "--providers.kubernetesingress=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.secure.address=:443"
- "--metrics.prometheus=true"
- "--metrics.prometheus.addEntryPointsLabels=true"
- "--metrics.prometheus.addServicesLabels=true"
- "--accesslog=true"
- "--global.sendAnonymousUsage=false"
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: ingress-traefik
annotations:
prometheus.io.scrape: 'true'
prometheus.io/port: '8080'
spec:
selector:
k8s-app: traefik-ingress-lb
type: LoadBalancer
ports:
- name: web
protocol: TCP
port: 80
targetPort: 80
- name: dashboard
protocol: TCP
port: 8080
targetPort: 8080
- name: secure
protocol: TCP
port: 443
targetPort: 443
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: traefik-ingress
namespace: ingress-traefik
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/rule-type: PathPrefix
spec:
rules:
- host: traefik.stackrox.online
http:
paths:
- path: /api || /dashboard
backend:
serviceName: traefik-ingress-service
servicePort: 8080