99 lines
2.6 KiB
YAML
Executable File
99 lines
2.6 KiB
YAML
Executable File
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: traefik-internal
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: traefik-internal
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: [services, endpoints, secrets, nodes]
|
|
verbs: [get, list, watch]
|
|
- apiGroups: [discovery.k8s.io]
|
|
resources: [endpointslices]
|
|
verbs: [get, list, watch]
|
|
- apiGroups: [traefik.io]
|
|
resources: [ingressroutes, ingressroutetcps, ingressrouteudps, middlewares, middlewaretcps, tlsoptions, tlsstores, traefikservices, serverstransports, serverstransporttcps]
|
|
verbs: [get, list, watch]
|
|
- apiGroups: [traefik.io]
|
|
resources: [ingressroutes/status, ingressroutetcps/status, ingressrouteudps/status]
|
|
verbs: [update]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: traefik-internal
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: traefik-internal
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: traefik-internal
|
|
namespace: {{ .Release.Namespace }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: traefik-internal
|
|
labels:
|
|
app: traefik-internal
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: traefik-internal
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: traefik-internal
|
|
spec:
|
|
serviceAccountName: traefik-internal
|
|
nodeSelector:
|
|
node-role.kubernetes.io/control-plane: "true"
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
effect: NoSchedule
|
|
containers:
|
|
- name: traefik
|
|
image: {{ .Values.image }}
|
|
args:
|
|
- --entrypoints.web.address=:{{ .Values.port }}
|
|
- --entrypoints.websecure.address=:{{ .Values.httpsPort }}
|
|
- --providers.kubernetescrd
|
|
- --providers.kubernetescrd.ingressClass={{ .Values.ingressClass }}
|
|
- --api.insecure=true
|
|
- --log.level=WARN
|
|
ports:
|
|
- name: web
|
|
containerPort: {{ .Values.port }}
|
|
- name: websecure
|
|
containerPort: {{ .Values.httpsPort }}
|
|
- name: dashboard
|
|
containerPort: 8080
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: traefik-internal
|
|
annotations:
|
|
metallb.io/address-pool: internal
|
|
spec:
|
|
type: LoadBalancer
|
|
loadBalancerClass: metallb
|
|
loadBalancerIP: {{ .Values.loadBalancerIP }}
|
|
selector:
|
|
app: traefik-internal
|
|
ports:
|
|
- name: web
|
|
port: {{ .Values.port }}
|
|
targetPort: {{ .Values.port }}
|
|
- name: websecure
|
|
port: {{ .Values.httpsPort }}
|
|
targetPort: {{ .Values.httpsPort }}
|
|
- name: dashboard
|
|
port: 9095
|
|
targetPort: 8080
|