add traefik

2025-03-02 20:45:42 -06:00
parent bf7efe944b
commit 6d0d1a7f85
5 changed files with 78 additions and 22 deletions
--- a/clusters/cl01tl/services/traefik/values.yaml
+++ b/clusters/cl01tl/services/traefik/values.yaml
@@ -0,0 +1,114 @@
+traefik:
+  deployment:
+    kind: DaemonSet
+  ingressClass:
+    enabled: false
+    isDefaultClass: true
+  experimental:
+  kubernetesGateway:
+    enabled: true
+  gateway:
+    enabled: true
+    listeners:
+      web:
+        port: 8000
+        hostname: "*.alexlebens.net"
+        protocol: HTTP
+        namespacePolicy: All
+      # websecure:
+      #   port: 443
+      #   hostname: "*.alexlebens.net"
+      #   protocol: HTTPS
+      #   namespacePolicy: All
+      #   certificateRefs:
+      #     - kind: Secret
+      #       name: websecure-gateway-cert
+      #       namespace: traefik
+      #   mode: Terminate
+  ingressRoute:
+    dashboard:
+      enabled: true
+      matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`)))
+      entryPoints: ["websecure"]
+  providers:
+    kubernetesCRD:
+      allowCrossNamespace: true
+      allowEmptyServices: true
+    kubernetesIngress:
+      enabled: false
+      allowEmptyServices: true
+      publishedService:
+        enabled: true
+    kubernetesGateway:
+      enabled: true
+      experimentalChannel: true
+      statusAddress:
+        ip: 10.232.1.21
+  metrics:
+    prometheus:
+      service:
+        enabled: true
+      disableAPICheck:
+      serviceMonitor:
+        enabled: true
+      prometheusRule:
+        enabled: false
+  globalArguments: []
+  ports:
+    web:
+      port: 8000
+      expose:
+        default: true
+      exposedPort: 80
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true
+      forwardedHeaders:
+        trustedIPs:
+          - 10.0.0.0/8
+          - 172.16.0.0/16
+          - 192.168.0.0/16
+          - fc00::/7
+        insecure: false
+      proxyProtocol:
+        trustedIPs:
+          - 10.0.0.0/8
+          - 172.16.0.0/16
+          - 192.168.0.0/16
+          - fc00::/7
+        insecure: false
+    websecure:
+      port: 8443
+      expose:
+        default: true
+      exposedPort: 443
+      forwardedHeaders:
+        trustedIPs:
+          - 10.0.0.0/8
+          - 172.16.0.0/16
+          - 192.168.0.0/16
+          - fc00::/7
+        insecure: false
+      proxyProtocol:
+        trustedIPs:
+          - 10.0.0.0/8
+          - 172.16.0.0/16
+          - 192.168.0.0/16
+          - fc00::/7
+        insecure: false
+      tls:
+        enabled: true
+    metrics:
+      expose:
+        default: false
+  tlsStore:
+    default:
+      defaultCertificate:
+        secretName: traefik-secret-tls
+  service:
+    enabled: true
+    type: LoadBalancer
+    externalIPs:
+      - 10.232.1.21