Added traefik config
This commit is contained in:
parent
9065daf3de
commit
39e8770a4f
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- sources
|
- sources
|
||||||
|
- traefik
|
||||||
|
57
infrastructure/traefik/helmconfig.yaml
Normal file
57
infrastructure/traefik/helmconfig.yaml
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
apiVersion: helm.cattle.io/v1
|
||||||
|
kind: HelmChartConfig
|
||||||
|
metadata:
|
||||||
|
name: traefik
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
failurePolicy: abort
|
||||||
|
valuesContent: |-
|
||||||
|
logs:
|
||||||
|
general:
|
||||||
|
level: INFO
|
||||||
|
providers:
|
||||||
|
kubernetesCRD:
|
||||||
|
enabled: true
|
||||||
|
allowCrossNamespace: true
|
||||||
|
allowExternalNameServices: true
|
||||||
|
# ingressClass: traefik-internal
|
||||||
|
# labelSelector: environment=production,method=traefik
|
||||||
|
namespaces:
|
||||||
|
- "default"
|
||||||
|
- "kube-system"
|
||||||
|
kubernetesIngress:
|
||||||
|
enabled: true
|
||||||
|
allowExternalNameServices: true
|
||||||
|
allowEmptyServices: true
|
||||||
|
# ingressClass: traefik-internal
|
||||||
|
# labelSelector: environment=production,method=traefik
|
||||||
|
namespaces:
|
||||||
|
- "default"
|
||||||
|
- "kube-system"
|
||||||
|
# IP used for Kubernetes Ingress endpoints
|
||||||
|
publishedService:
|
||||||
|
enabled: true
|
||||||
|
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
||||||
|
# By default this Traefik service
|
||||||
|
# pathOverride: ""
|
||||||
|
service:
|
||||||
|
enabled: true
|
||||||
|
type: LoadBalancer
|
||||||
|
annotations:
|
||||||
|
"load-balancer.hetzner.cloud/name": "clank"
|
||||||
|
# make hetzners load-balancer connect to our nodes via our private k3s
|
||||||
|
"load-balancer.hetzner.cloud/use-private-ip": "true"
|
||||||
|
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
|
||||||
|
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
|
||||||
|
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
|
||||||
|
"load-balancer.hetzner.cloud/ipv6-disabled": "true"
|
||||||
|
"load-balancer.hetzner.cloud/location": "fsn1"
|
||||||
|
"load-balancer.hetzner.cloud/type": "lb11"
|
||||||
|
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
|
||||||
|
additionalArguments:
|
||||||
|
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
|
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
|
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
|
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||||
|
- "--providers.kubernetescrd.allowCrossNamespace=true"
|
||||||
|
|
4
infrastructure/traefik/kustomization.yaml
Normal file
4
infrastructure/traefik/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- helmconfig.yaml
|
Loading…
Reference in New Issue
Block a user