From 39e8770a4f957e977543ed5ed5094bf065f3896f Mon Sep 17 00:00:00 2001 From: kjuulh Date: Sat, 4 Jun 2022 14:55:22 +0200 Subject: [PATCH] Added traefik config --- infrastructure/kustomization.yaml | 1 + infrastructure/traefik/helmconfig.yaml | 57 +++++++++++++++++++++++ infrastructure/traefik/kustomization.yaml | 4 ++ 3 files changed, 62 insertions(+) create mode 100644 infrastructure/traefik/helmconfig.yaml create mode 100644 infrastructure/traefik/kustomization.yaml diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml index 9f2dbb5..1a28d9f 100644 --- a/infrastructure/kustomization.yaml +++ b/infrastructure/kustomization.yaml @@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - sources + - traefik diff --git a/infrastructure/traefik/helmconfig.yaml b/infrastructure/traefik/helmconfig.yaml new file mode 100644 index 0000000..f8e3724 --- /dev/null +++ b/infrastructure/traefik/helmconfig.yaml @@ -0,0 +1,57 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: traefik + namespace: kube-system +spec: + failurePolicy: abort + valuesContent: |- + logs: + general: + level: INFO + providers: + kubernetesCRD: + enabled: true + allowCrossNamespace: true + allowExternalNameServices: true + # ingressClass: traefik-internal + # labelSelector: environment=production,method=traefik + namespaces: + - "default" + - "kube-system" + kubernetesIngress: + enabled: true + allowExternalNameServices: true + allowEmptyServices: true + # ingressClass: traefik-internal + # labelSelector: environment=production,method=traefik + namespaces: + - "default" + - "kube-system" + # IP used for Kubernetes Ingress endpoints + publishedService: + enabled: true + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" + service: + enabled: true + type: LoadBalancer + annotations: + "load-balancer.hetzner.cloud/name": "clank" + # make hetzners load-balancer connect to our nodes via our private k3s + "load-balancer.hetzner.cloud/use-private-ip": "true" + # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet + "load-balancer.hetzner.cloud/disable-private-ingress": "true" + # disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044 + "load-balancer.hetzner.cloud/ipv6-disabled": "true" + "load-balancer.hetzner.cloud/location": "fsn1" + "load-balancer.hetzner.cloud/type": "lb11" + "load-balancer.hetzner.cloud/uses-proxyprotocol": "true" + additionalArguments: + - "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8" + - "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8" + - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8" + - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8" + - "--providers.kubernetescrd.allowCrossNamespace=true" + diff --git a/infrastructure/traefik/kustomization.yaml b/infrastructure/traefik/kustomization.yaml new file mode 100644 index 0000000..1bc1eff --- /dev/null +++ b/infrastructure/traefik/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helmconfig.yaml