traefik and portainer updates

This commit is contained in:
xcad2k 2021-11-29 08:41:39 +01:00
parent 07c6afcbed
commit 6c7e6787b1
9 changed files with 171 additions and 33 deletions

View File

@ -0,0 +1,17 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx
namespace: wp-clcreative
spec:
rules:
- host: portainer.your-domain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: portainer
port:
number: 9000

View File

@ -1,21 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80

View File

@ -17,7 +17,10 @@ spec:
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: "password-in-cleartext"
valueFrom:
secretKeyRef:
name: mysql-secret
key: root-pass
ports:
- name: mysql
containerPort: 3306

View File

@ -21,5 +21,8 @@ data:
root /usr/share/nginx/html;
index index.html index.htm;
}
location /test {
return 401;
}
}
}

View File

@ -16,6 +16,8 @@ spec:
- name: nginx-https
image: nginx
ports:
- name: web
containerPort: 80
- name: secureweb
containerPort: 443
volumeMounts:
@ -35,4 +37,32 @@ spec:
secretName: nginx-https-secret
- name: nginx-https-vol
hostPath:
path: /var/nginxserver
path: /var/nginxserver
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-https-cm
data:
nginx.conf: |
user nginx;
worker_processes 1;
events {
worker_connections 10240;
}
http {
server {
listen 80;
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/ssl/server-cert.pem;
ssl_certificate_key /etc/nginx/ssl/server-key.pem;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
}

View File

@ -0,0 +1,30 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wp-clcreative
namespace: wp-clcreative
annotations:
# (Optional): Annotations for the Ingress Controller
# ---
# General:
# kubernetes.io/ingress.class: traefik
#
# TLS configuration:
# traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
# traefik.ingress.kubernetes.io/router.tls: "true"
#
# Middleware:
# traefik.ingress.kubernetes.io/router.middlewares:your-middleware@kubernetescrd
spec:
rules:
- host: "your-hostname.com" # Your hostname
http:
paths:
# Path-based routing settings:
- path: /
pathType: Prefix
backend:
service:
name: your-service-name # The name of the service
port:
number: 80 # Service Portnumber

View File

@ -1,20 +1,96 @@
additionalArguments:
- --certificatesresolvers.staging.acme.email=your-email@example.com
- --certificatesresolvers.staging.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.staging.acme.httpChallenge.entryPoint=web
- --certificatesresolvers.staging.acme.storage=/ssl-certs/acme-staging.json
- --certificatesresolvers.production.acme.email=your-email@example.com
- --certificatesresolvers.production.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
- --certificatesresolvers.production.acme.httpChallenge.entryPoint=web
- --certificatesresolvers.production.acme.storage=/ssl-certs/acme-production.json
# Configure your CertificateResolver here...
#
# HTTP Challenge
# ---
# Generic Example:
# - --certificatesresolvers.generic.acme.email=your-email@example.com
# - --certificatesresolvers.generic.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# - --certificatesresolvers.generic.acme.httpChallenge.entryPoint=web
# - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json
#
# Prod / Staging Example:
# - --certificatesresolvers.staging.acme.email=your-email@example.com
# - --certificatesresolvers.staging.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
# - --certificatesresolvers.staging.acme.httpChallenge.entryPoint=web
# - --certificatesresolvers.staging.acme.storage=/ssl-certs/acme-staging.json
# - --certificatesresolvers.production.acme.email=your-email@example.com
# - --certificatesresolvers.production.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# - --certificatesresolvers.production.acme.httpChallenge.entryPoint=web
# - --certificatesresolvers.production.acme.storage=/ssl-certs/acme-production.json
#
# DNS Challenge
# ---
# Cloudflare Example:
# - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
# - --certificatesresolvers.cloudflare.acme.email=your-email@example.com
# - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1
# - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json
#
# Generic (replace with your DNS provider):
# - --certificatesresolvers.generic.acme.dnschallenge.provider=generic
# - --certificatesresolvers.generic.acme.email=your-email@example.com
# - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json
logs:
# Configure log settings here...
general:
level: ERROR
ports:
# Configure your entrypoints here...
web:
redirectTo: websecure
# (optional) Permanent Redirect to HTTPS
# redirectTo: websecure
websecure:
tls:
enabled: true
# (optional) Set a Default CertResolver
# certResolver: cloudflare
env:
# Set your environment variables here...
#
# DNS Challenge Credentials
# ---
# Cloudflare Example:
# - name: CF_API_EMAIL
# valueFrom:
# secretKeyRef:
# key: email
# name: cloudflare-credentials
# - name: CF_API_KEY
# valueFrom:
# secretKeyRef:
# key: apiKey
# name: cloudflare-credentials
# Disable Dashboard
ingressRoute:
dashboard:
enabled: false
# Persistent Storage
persistence:
enabled: true
name: ssl-certs
size: 128Mi
size: 1Gi
path: /ssl-certs
deployment:
initContainers:
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/containous/traefik/issues/6972
- name: volume-permissions
image: busybox:1.31.1
command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"]
volumeMounts:
- name: ssl-certs
mountPath: /ssl-certs
# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
ingressClass:
enabled: true
isDefaultClass: true