Added traefik config

This commit is contained in:
Kasper Juul Hermansen 2022-06-04 14:55:22 +02:00
parent 9065daf3de
commit 39e8770a4f
Signed by: kjuulh
GPG Key ID: 0F95C140730F2F23
3 changed files with 62 additions and 0 deletions

View File

@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- sources - sources
- traefik

View File

@ -0,0 +1,57 @@
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
failurePolicy: abort
valuesContent: |-
logs:
general:
level: INFO
providers:
kubernetesCRD:
enabled: true
allowCrossNamespace: true
allowExternalNameServices: true
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces:
- "default"
- "kube-system"
kubernetesIngress:
enabled: true
allowExternalNameServices: true
allowEmptyServices: true
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces:
- "default"
- "kube-system"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: true
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
service:
enabled: true
type: LoadBalancer
annotations:
"load-balancer.hetzner.cloud/name": "clank"
# make hetzners load-balancer connect to our nodes via our private k3s
"load-balancer.hetzner.cloud/use-private-ip": "true"
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
"load-balancer.hetzner.cloud/ipv6-disabled": "true"
"load-balancer.hetzner.cloud/location": "fsn1"
"load-balancer.hetzner.cloud/type": "lb11"
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
additionalArguments:
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--providers.kubernetescrd.allowCrossNamespace=true"

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmconfig.yaml