feat: Added k3s, metallb, tried adding traefik
This commit is contained in:
Lino Silva
@@ -0,0 +1,47 @@
|
||||
---
|
||||
# From repository
|
||||
- name: Add traefik helm repo
|
||||
kubernetes.core.helm_repository:
|
||||
name: traefik
|
||||
repo_url: "https://helm.traefik.io/traefik"
|
||||
|
||||
- name: Update the repository cache
|
||||
kubernetes.core.helm:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
name: dummy
|
||||
namespace: kube-system
|
||||
state: absent
|
||||
update_repo_cache: true
|
||||
|
||||
- name: Deploy latest version of Traefik chart inside traefik namespace (and create it)
|
||||
kubernetes.core.helm:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
name: traefik
|
||||
chart_ref: traefik/traefik
|
||||
release_namespace: traefik
|
||||
create_namespace: true
|
||||
values: "{{ lookup('template', 'values.yml') | from_yaml }}"
|
||||
|
||||
- name: Create a Deployment by reading the definition from a local file
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'default-headers.yml') | from_yaml }}"
|
||||
|
||||
- name: Create a Deployment by reading the definition from a local file
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'secret-dashboard.yml') | from_yaml }}"
|
||||
|
||||
- name: Create a Deployment by reading the definition from a local file
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'dashboard-middleware.yml') | from_yaml }}"
|
||||
|
||||
- name: Create a Deployment by reading the definition from a local file
|
||||
kubernetes.core.k8s:
|
||||
kubeconfig: /Users/lino.silva/.kube/config
|
||||
state: present
|
||||
definition: "{{ lookup('template', 'dashboard-ingress.yml') | from_yaml }}"
|
||||
@@ -0,0 +1,21 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: traefik-dashboard
|
||||
namespace: traefik
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik-external
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`traefik-dash.lino.cooking`)
|
||||
kind: Rule
|
||||
middlewares:
|
||||
- name: traefik-dashboard-basicauth
|
||||
namespace: traefik
|
||||
services:
|
||||
- name: api@internal
|
||||
kind: TraefikService
|
||||
tls:
|
||||
secretName: lino-cooking-staging-tls
|
||||
@@ -0,0 +1,8 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: traefik-dashboard-basicauth
|
||||
namespace: traefik
|
||||
spec:
|
||||
basicAuth:
|
||||
secret: traefik-dashboard-auth
|
||||
@@ -0,0 +1,16 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: default-headers
|
||||
namespace: default
|
||||
spec:
|
||||
headers:
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
forceSTSHeader: true
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
stsSeconds: 15552000
|
||||
customFrameOptionsValue: SAMEORIGIN
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: traefik-dashboard-auth
|
||||
namespace: traefik
|
||||
type: Opaque
|
||||
data:
|
||||
users: "{{ traefik_http_auth_user }}"
|
||||
@@ -0,0 +1,50 @@
|
||||
globalArguments:
|
||||
- "--global.sendanonymoususage=false"
|
||||
- "--global.checknewversion=false"
|
||||
|
||||
additionalArguments:
|
||||
- "--serversTransport.insecureSkipVerify=true"
|
||||
- "--log.level=INFO"
|
||||
|
||||
deployment:
|
||||
enabled: true
|
||||
replicas: 3
|
||||
annotations: {}
|
||||
podAnnotations: {}
|
||||
additionalContainers: []
|
||||
initContainers: []
|
||||
|
||||
ports:
|
||||
web:
|
||||
redirectTo: websecure
|
||||
websecure:
|
||||
tls:
|
||||
enabled: true
|
||||
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: false
|
||||
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: true
|
||||
ingressClass: traefik-external
|
||||
allowExternalNameServices: true
|
||||
kubernetesIngress:
|
||||
enabled: true
|
||||
publishedService:
|
||||
enabled: false
|
||||
allowExternalNameServices: true
|
||||
|
||||
rbac:
|
||||
enabled: true
|
||||
|
||||
service:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
annotations: {}
|
||||
labels: {}
|
||||
spec:
|
||||
loadBalancerIP: 10.1.1.3 # this should be an IP in the MetalLB range
|
||||
loadBalancerSourceRanges: []
|
||||
externalIPs: []
|
||||
Reference in New Issue
Block a user