traefik front overlay

2024-03-29 17:17:03 +01:00 · 2024-03-29 17:17:03 +01:00 · bc26377923
commit bc26377923
parent 588ba95fac
11 changed files with 94 additions and 33 deletions
--- a/infrastructure/02-argocd/kustomization.yaml
+++ b/infrastructure/02-argocd/kustomization.yaml
@ -11,7 +11,6 @@ resources:
 - base/argo-cd-k-with-helm.yaml
 - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
 - base/argo-cd-namespace.yaml
- base/ghcr-io-secret-sealed.yaml

 patches:
 - path: patches/argocd-server-service.yaml
--- a/infrastructure/03-traefik/base/kustomization.yaml
+++ b/infrastructure/03-traefik/base/kustomization.yaml
@ -0,0 +1,16 @@
+resources:
+  - traefik-adguard-service-udp-dns.yaml
+  - traefik-middleware-default-headers.yaml
+
+helmCharts:
+- name: traefik
+  includeCRDs: true
+  version: 26.1.0
+  releaseName: lcl
+  repo: https://traefik.github.io/charts
+  valuesFile: base/values.yaml
+
+patches:
+- path: ../patches/nodeselector.yaml
+  target:
+    kind: (StatefulSet|Deployment|Job)
--- a/infrastructure/03-traefik/base/values.yaml
+++ b/infrastructure/03-traefik/base/values.yaml
@ -1,7 +1,7 @@
 logs:
  general:
    # -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
-    level: INFO
+    level: WARN
  access:
    # -- To enable access logs
    enabled: true
@ -25,6 +25,8 @@ ingressRoute:
    entryPoints: 
      - "websecure"
      - "web"
+    labels:
+      - private
    # Add custom middlewares : authentication and redirection
    # middlewares:
    #   - name: traefik-dashboard-auth
--- a/infrastructure/03-traefik/external-overlay/kustomization.yaml
+++ b/infrastructure/03-traefik/external-overlay/kustomization.yaml
@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: traefik-external
-
-resources:
- ../base
-namePrefix: dev-
--- a/infrastructure/03-traefik/foreign/home-assistant/kustomization.yaml
+++ b/infrastructure/03-traefik/foreign/home-assistant/kustomization.yaml
@ -0,0 +1,3 @@
+resources:
+  - home-assistant-ingress.yaml
+  - home-assistant-service.yaml
--- a/infrastructure/03-traefik/foreign/kustomization.yaml
+++ b/infrastructure/03-traefik/foreign/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - home-assistant
--- a/infrastructure/03-traefik/kustomization.yaml
+++ b/infrastructure/03-traefik/kustomization.yaml
@ -1,24 +1,3 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-namespace: traefik
-
 resources:
-  - base/traefik-middleware-default-headers.yaml
-  - base/traefik-adguard-service-udp-dns.yaml
-  ### Routes and Services for out of cluster deployments/legacy
-  - foreign/home-assistant/home-assistant-ingress.yaml
-  - foreign/home-assistant/home-assistant-service.yaml
-
-helmCharts:
- name: traefik
-  includeCRDs: true
-  version: 26.1.0
-  releaseName: lcl
-  repo: https://traefik.github.io/charts
-  valuesFile: base/values.yaml
-
-patches:
- path: patches/nodeselector.yaml
-  target:
-    kind: (StatefulSet|Deployment|Job)
+  - overlay-internal
+  - overlay-external
--- a/infrastructure/03-traefik/overlay-external/kustomization.yaml
+++ b/infrastructure/03-traefik/overlay-external/kustomization.yaml
@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: traefik
+
+namePrefix: front-
+
+resources:
+  #### OVERLAYS for internal traefik only
+  
+  ### Routes and Services for out of cluster deployments/legacy
+  - ../foreign
+  ### Traefik base
+  - ../base
+
+
+patches:
+ - path: patches/traefik-labelselector.yaml
--- a/infrastructure/03-traefik/overlay-external/patches/traefik-labelselector.yaml
+++ b/infrastructure/03-traefik/overlay-external/patches/traefik-labelselector.yaml
@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lcl-traefik
+  namespace: traefik
+spec:
+  template:
+    spec:
+      containers:
+        - args:
+            - '--providers.kubernetescrd.labelSelector=appexpose=true'
+            - '--global.sendanonymoususage=false'
+            - '--global.checknewversion=false'
+            - '--entrypoints.dns.address=:53/udp'
+            - '--entrypoints.traefik.address=:9000/tcp'
+            - '--entrypoints.web.address=:8000/tcp'
+            - '--entrypoints.websecure.address=:8443/tcp'
+            - '--api.dashboard=true'
+            - '--ping=true'
+            - '--providers.kubernetescrd'
+            - '--providers.kubernetescrd.allowExternalNameServices=true'
+            - '--providers.kubernetesingress'
+            - '--providers.kubernetesingress.allowExternalNameServices=true'
+            - '--entrypoints.websecure.http.middlewares=traefik-default-headers'
+            - '--entrypoints.websecure.http.tls=true'
+            - '--entrypoints.websecure.http.tls.certResolver=default'
+            - '--log.level=INFO'
+            - '--accesslog=true'
+            - '--accesslog.fields.defaultmode=keep'
+            - '--accesslog.fields.headers.defaultmode=drop'
+            - '--serversTransport.insecureSkipVerify=false'
+
+
--- a/infrastructure/03-traefik/overlay-internal/kustomization.yaml
+++ b/infrastructure/03-traefik/overlay-internal/kustomization.yaml
@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: traefik
+
+namePrefix: local-
+
+resources:
+  #### OVERLAYS for internal traefik only
+  
+  ### Routes and Services for out of cluster deployments/legacy
+  - ../foreign
+  ### Traefik base
+  - ../base
--- a/infrastructure/04-longhorn/kustomization.yaml
+++ b/infrastructure/04-longhorn/kustomization.yaml
@ -17,4 +17,7 @@ patches:
 - path: patches/nodeselector.yaml
  target:
    kind: (StatefulSet|Deployment|Job)
+- path: patches/podselector.yaml
+  target:
+    kind: Pod