add traefik

2025-03-02 20:45:42 -06:00
parent bf7efe944b
commit 6d0d1a7f85
5 changed files with 78 additions and 22 deletions
--- a/clusters/cl01tl/deployment/argocd/templates/http-route.yaml
+++ b/clusters/cl01tl/deployment/argocd/templates/http-route.yaml
@@ -0,0 +1,30 @@
+# apiVersion: gateway.networking.k8s.io/v1
+# kind: HTTPRoute
+# metadata:
+#   name: http-route-argocd
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: http-route-argocd
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: web
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   parentRefs:
+#     - group: gateway.networking.k8s.io
+#       kind: Gateway
+#       name: http-gateway
+#       namespace: kube-system
+#   hostnames:
+#     - argocd.alexlebens.net
+#   rules:
+#     - matches:
+#       - path:
+#           type: PathPrefix
+#           value: /
+#       backendRefs:
+#         - group: ''
+#           kind: Service
+#           name: argocd-server
+#           port: 80
+#           weight: 100
--- a/clusters/cl01tl/services/traefik/Chart.yaml
+++ b/clusters/cl01tl/services/traefik/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+name: traefik
+version: 1.0.0
+description: Traefik
+keywords:
+  - traefik
+  - reverse-proxy
+  - tls
+  - kubernetes
+home: https://wiki.alexlebens.dev/doc/traefik-nMRQxYCVUF
+sources:
+  - https://github.com/traefik/traefik
+  - https://github.com/traefik/traefik-helm-chart
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: traefik
+    version: 34.4.0
+    repository: https://traefik.github.io/charts
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/traefik.png
+appVersion: v3.2.3
--- a/clusters/cl01tl/services/traefik/templates/certificate.yaml
+++ b/clusters/cl01tl/services/traefik/templates/certificate.yaml
@@ -0,0 +1,19 @@
+# apiVersion: cert-manager.io/v1
+# kind: Certificate
+# metadata:
+#   name: traefik-certificate
+#   namespace: {{ .Release.Namespace }}
+#   labels:
+#     app.kubernetes.io/name: {{ .Release.Name }}
+#     app.kubernetes.io/instance: {{ .Release.Name }}
+#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
+#     app.kubernetes.io/component: web
+#     app.kubernetes.io/part-of: {{ .Release.Name }}
+# spec:
+#   secretName: traefik-secret-tls
+#   dnsNames:
+#     - "alexlebens.net"
+#     - "*.alexlebens.net"
+#   issuerRef:
+#     name: letsencrypt-issuer
+#     kind: ClusterIssuer
--- a/clusters/cl01tl/services/traefik/values.yaml
+++ b/clusters/cl01tl/services/traefik/values.yaml
@@ -0,0 +1,114 @@
+traefik:
+  deployment:
+    kind: DaemonSet
+  ingressClass:
+    enabled: false
+    isDefaultClass: true
+  experimental:
+  kubernetesGateway:
+    enabled: true
+  gateway:
+    enabled: true
+    listeners:
+      web:
+        port: 8000
+        hostname: "*.alexlebens.net"
+        protocol: HTTP
+        namespacePolicy: All
+      # websecure:
+      #   port: 443
+      #   hostname: "*.alexlebens.net"
+      #   protocol: HTTPS
+      #   namespacePolicy: All
+      #   certificateRefs:
+      #     - kind: Secret
+      #       name: websecure-gateway-cert
+      #       namespace: traefik
+      #   mode: Terminate
+  ingressRoute:
+    dashboard:
+      enabled: true
+      matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`)))
+      entryPoints: ["websecure"]
+  providers:
+    kubernetesCRD:
+      allowCrossNamespace: true
+      allowEmptyServices: true
+    kubernetesIngress:
+      enabled: false
+      allowEmptyServices: true
+      publishedService:
+        enabled: true
+    kubernetesGateway:
+      enabled: true
+      experimentalChannel: true
+      statusAddress:
+        ip: 10.232.1.21
+  metrics:
+    prometheus:
+      service:
+        enabled: true
+      disableAPICheck:
+      serviceMonitor:
+        enabled: true
+      prometheusRule:
+        enabled: false
+  globalArguments: []
+  ports:
+    web:
+      port: 8000
+      expose:
+        default: true
+      exposedPort: 80
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true
+      forwardedHeaders:
+        trustedIPs:
+          - 10.0.0.0/8
+          - 172.16.0.0/16
+          - 192.168.0.0/16
+          - fc00::/7
+        insecure: false
+      proxyProtocol:
+        trustedIPs:
+          - 10.0.0.0/8
+          - 172.16.0.0/16
+          - 192.168.0.0/16
+          - fc00::/7
+        insecure: false
+    websecure:
+      port: 8443
+      expose:
+        default: true
+      exposedPort: 443
+      forwardedHeaders:
+        trustedIPs:
+          - 10.0.0.0/8
+          - 172.16.0.0/16
+          - 192.168.0.0/16
+          - fc00::/7
+        insecure: false
+      proxyProtocol:
+        trustedIPs:
+          - 10.0.0.0/8
+          - 172.16.0.0/16
+          - 192.168.0.0/16
+          - fc00::/7
+        insecure: false
+      tls:
+        enabled: true
+    metrics:
+      expose:
+        default: false
+  tlsStore:
+    default:
+      defaultCertificate:
+        secretName: traefik-secret-tls
+  service:
+    enabled: true
+    type: LoadBalancer
+    externalIPs:
+      - 10.232.1.21