Added traefik config

2022-06-04 14:55:22 +02:00 · 2022-06-04 14:55:22 +02:00 · 39e8770a4f
commit 39e8770a4f
parent 9065daf3de
3 changed files with 62 additions and 0 deletions
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - sources
+  - traefik
--- a/infrastructure/traefik/helmconfig.yaml
+++ b/infrastructure/traefik/helmconfig.yaml
@ -0,0 +1,57 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: traefik
+  namespace: kube-system
+spec:
+  failurePolicy: abort
+  valuesContent: |-
+    logs:
+      general:
+        level: INFO
+    providers:
+      kubernetesCRD:
+        enabled: true
+        allowCrossNamespace: true
+        allowExternalNameServices: true
+        # ingressClass: traefik-internal
+        # labelSelector: environment=production,method=traefik
+        namespaces:
+          - "default"
+          - "kube-system"
+      kubernetesIngress:
+        enabled: true
+        allowExternalNameServices: true
+        allowEmptyServices: true
+        # ingressClass: traefik-internal
+        # labelSelector: environment=production,method=traefik
+        namespaces: 
+          - "default"
+          - "kube-system"
+        # IP used for Kubernetes Ingress endpoints
+        publishedService:
+          enabled: true
+          # Published Kubernetes Service to copy status from. Format: namespace/servicename
+          # By default this Traefik service
+          # pathOverride: ""
+    service:
+      enabled: true
+      type: LoadBalancer
+      annotations:
+        "load-balancer.hetzner.cloud/name": "clank"
+        # make hetzners load-balancer connect to our nodes via our private k3s
+        "load-balancer.hetzner.cloud/use-private-ip": "true"
+        # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
+        "load-balancer.hetzner.cloud/disable-private-ingress": "true"
+        # disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
+        "load-balancer.hetzner.cloud/ipv6-disabled": "true"
+        "load-balancer.hetzner.cloud/location": "fsn1"
+        "load-balancer.hetzner.cloud/type": "lb11"
+        "load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
+    additionalArguments:
+      - "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
+      - "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
+      - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
+      - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
+      - "--providers.kubernetescrd.allowCrossNamespace=true"    
+
--- a/infrastructure/traefik/kustomization.yaml
+++ b/infrastructure/traefik/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmconfig.yaml