From bc26377923e3a250b190cd217a035aa5eb8602e5 Mon Sep 17 00:00:00 2001 From: Steffen Illium Date: Fri, 29 Mar 2024 17:17:03 +0100 Subject: [PATCH] traefik front overlay --- infrastructure/02-argocd/kustomization.yaml | 1 - .../03-traefik/base/kustomization.yaml | 16 +++++++++ infrastructure/03-traefik/base/values.yaml | 4 ++- .../external-overlay/kustomization.yaml | 8 ----- .../foreign/home-assistant/kustomization.yaml | 3 ++ .../03-traefik/foreign/kustomization.yaml | 2 ++ infrastructure/03-traefik/kustomization.yaml | 25 ++------------ .../overlay-external/kustomization.yaml | 18 ++++++++++ .../patches/traefik-labelselector.yaml | 33 +++++++++++++++++++ .../overlay-internal/kustomization.yaml | 14 ++++++++ infrastructure/04-longhorn/kustomization.yaml | 3 ++ 11 files changed, 94 insertions(+), 33 deletions(-) create mode 100644 infrastructure/03-traefik/base/kustomization.yaml delete mode 100644 infrastructure/03-traefik/external-overlay/kustomization.yaml create mode 100644 infrastructure/03-traefik/foreign/home-assistant/kustomization.yaml create mode 100644 infrastructure/03-traefik/foreign/kustomization.yaml create mode 100644 infrastructure/03-traefik/overlay-external/kustomization.yaml create mode 100644 infrastructure/03-traefik/overlay-external/patches/traefik-labelselector.yaml create mode 100644 infrastructure/03-traefik/overlay-internal/kustomization.yaml diff --git a/infrastructure/02-argocd/kustomization.yaml b/infrastructure/02-argocd/kustomization.yaml index 490661a..30dcf60 100644 --- a/infrastructure/02-argocd/kustomization.yaml +++ b/infrastructure/02-argocd/kustomization.yaml @@ -11,7 +11,6 @@ resources: - base/argo-cd-k-with-helm.yaml - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml - base/argo-cd-namespace.yaml -- base/ghcr-io-secret-sealed.yaml patches: - path: patches/argocd-server-service.yaml diff --git a/infrastructure/03-traefik/base/kustomization.yaml b/infrastructure/03-traefik/base/kustomization.yaml new file mode 100644 index 0000000..548f5a8 --- /dev/null +++ b/infrastructure/03-traefik/base/kustomization.yaml @@ -0,0 +1,16 @@ +resources: + - traefik-adguard-service-udp-dns.yaml + - traefik-middleware-default-headers.yaml + +helmCharts: +- name: traefik + includeCRDs: true + version: 26.1.0 + releaseName: lcl + repo: https://traefik.github.io/charts + valuesFile: base/values.yaml + +patches: +- path: ../patches/nodeselector.yaml + target: + kind: (StatefulSet|Deployment|Job) \ No newline at end of file diff --git a/infrastructure/03-traefik/base/values.yaml b/infrastructure/03-traefik/base/values.yaml index aaf8037..4de6121 100644 --- a/infrastructure/03-traefik/base/values.yaml +++ b/infrastructure/03-traefik/base/values.yaml @@ -1,7 +1,7 @@ logs: general: # -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - level: INFO + level: WARN access: # -- To enable access logs enabled: true @@ -25,6 +25,8 @@ ingressRoute: entryPoints: - "websecure" - "web" + labels: + - private # Add custom middlewares : authentication and redirection # middlewares: # - name: traefik-dashboard-auth diff --git a/infrastructure/03-traefik/external-overlay/kustomization.yaml b/infrastructure/03-traefik/external-overlay/kustomization.yaml deleted file mode 100644 index 655024c..0000000 --- a/infrastructure/03-traefik/external-overlay/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: traefik-external - -resources: -- ../base -namePrefix: dev- \ No newline at end of file diff --git a/infrastructure/03-traefik/foreign/home-assistant/kustomization.yaml b/infrastructure/03-traefik/foreign/home-assistant/kustomization.yaml new file mode 100644 index 0000000..751fd55 --- /dev/null +++ b/infrastructure/03-traefik/foreign/home-assistant/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - home-assistant-ingress.yaml + - home-assistant-service.yaml \ No newline at end of file diff --git a/infrastructure/03-traefik/foreign/kustomization.yaml b/infrastructure/03-traefik/foreign/kustomization.yaml new file mode 100644 index 0000000..41f9588 --- /dev/null +++ b/infrastructure/03-traefik/foreign/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - home-assistant diff --git a/infrastructure/03-traefik/kustomization.yaml b/infrastructure/03-traefik/kustomization.yaml index b59eed3..ce6aa5d 100644 --- a/infrastructure/03-traefik/kustomization.yaml +++ b/infrastructure/03-traefik/kustomization.yaml @@ -1,24 +1,3 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: traefik - resources: - - base/traefik-middleware-default-headers.yaml - - base/traefik-adguard-service-udp-dns.yaml - ### Routes and Services for out of cluster deployments/legacy - - foreign/home-assistant/home-assistant-ingress.yaml - - foreign/home-assistant/home-assistant-service.yaml - -helmCharts: -- name: traefik - includeCRDs: true - version: 26.1.0 - releaseName: lcl - repo: https://traefik.github.io/charts - valuesFile: base/values.yaml - -patches: -- path: patches/nodeselector.yaml - target: - kind: (StatefulSet|Deployment|Job) + - overlay-internal + - overlay-external \ No newline at end of file diff --git a/infrastructure/03-traefik/overlay-external/kustomization.yaml b/infrastructure/03-traefik/overlay-external/kustomization.yaml new file mode 100644 index 0000000..0b9a95b --- /dev/null +++ b/infrastructure/03-traefik/overlay-external/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: traefik + +namePrefix: front- + +resources: + #### OVERLAYS for internal traefik only + + ### Routes and Services for out of cluster deployments/legacy + - ../foreign + ### Traefik base + - ../base + + +patches: + - path: patches/traefik-labelselector.yaml \ No newline at end of file diff --git a/infrastructure/03-traefik/overlay-external/patches/traefik-labelselector.yaml b/infrastructure/03-traefik/overlay-external/patches/traefik-labelselector.yaml new file mode 100644 index 0000000..084f855 --- /dev/null +++ b/infrastructure/03-traefik/overlay-external/patches/traefik-labelselector.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lcl-traefik + namespace: traefik +spec: + template: + spec: + containers: + - args: + - '--providers.kubernetescrd.labelSelector=appexpose=true' + - '--global.sendanonymoususage=false' + - '--global.checknewversion=false' + - '--entrypoints.dns.address=:53/udp' + - '--entrypoints.traefik.address=:9000/tcp' + - '--entrypoints.web.address=:8000/tcp' + - '--entrypoints.websecure.address=:8443/tcp' + - '--api.dashboard=true' + - '--ping=true' + - '--providers.kubernetescrd' + - '--providers.kubernetescrd.allowExternalNameServices=true' + - '--providers.kubernetesingress' + - '--providers.kubernetesingress.allowExternalNameServices=true' + - '--entrypoints.websecure.http.middlewares=traefik-default-headers' + - '--entrypoints.websecure.http.tls=true' + - '--entrypoints.websecure.http.tls.certResolver=default' + - '--log.level=INFO' + - '--accesslog=true' + - '--accesslog.fields.defaultmode=keep' + - '--accesslog.fields.headers.defaultmode=drop' + - '--serversTransport.insecureSkipVerify=false' + + diff --git a/infrastructure/03-traefik/overlay-internal/kustomization.yaml b/infrastructure/03-traefik/overlay-internal/kustomization.yaml new file mode 100644 index 0000000..25aafcb --- /dev/null +++ b/infrastructure/03-traefik/overlay-internal/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: traefik + +namePrefix: local- + +resources: + #### OVERLAYS for internal traefik only + + ### Routes and Services for out of cluster deployments/legacy + - ../foreign + ### Traefik base + - ../base diff --git a/infrastructure/04-longhorn/kustomization.yaml b/infrastructure/04-longhorn/kustomization.yaml index 921b5ca..ef217ef 100644 --- a/infrastructure/04-longhorn/kustomization.yaml +++ b/infrastructure/04-longhorn/kustomization.yaml @@ -17,4 +17,7 @@ patches: - path: patches/nodeselector.yaml target: kind: (StatefulSet|Deployment|Job) +- path: patches/podselector.yaml + target: + kind: Pod