Traefik

2022-12-15 13:53:38 +01:00 · 2022-12-15 13:53:38 +01:00 · 0a238d8e0b
commit 0a238d8e0b
parent b769e4f5ad
2 changed files with 88 additions and 3 deletions
--- a/MetaObjects/ext-store.yml
+++ b/MetaObjects/ext-store.yml
@ -1,7 +1,7 @@
 apiVersion: external-secrets.io/v1alpha1
 kind: SecretStore
 metadata:
-  name: vault-backend
+  name: ext-cloudflare-backend
  namespace: cert-manager
 spec:
  provider:
@ -17,11 +17,11 @@ spec:
 apiVersion: external-secrets.io/v1alpha1
 kind: ExternalSecret
 metadata:
-  name: vault-example
+  name: ext-cloudflare
  namespace: cert-manager
 spec:
  secretStoreRef:
-    name: vault-backend
+    name: ext-cloudflare-backend
    kind: SecretStore
  target:
    name: cloudflare-api-token
--- a/apps/templates/traefik.yaml
+++ b/apps/templates/traefik.yaml
@ -0,0 +1,85 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: traefik
+  namespace: argo-cd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: traefik
+  project: default
+  source:
+    chart: traefik
+    helm:
+      values: |
+
+        experimental:
+          http3:
+            enabled: true
+          plugins:
+            enabled: false
+          kubernetesGateway:
+            enabled: false
+
+        additionalArguments:
+          - "--api.insecure=true"
+          - "--ping"
+          - "--ping.entrypoint=traefik"
+
+        ports:
+          traefik:
+            port: 9000
+            expose: true
+            exposedPort: 9900
+            protocol: TCP
+          web:
+            port: 8080
+            exposedPort: 80
+            expose: true
+            protocol: TCP
+            redirectTo: websecure
+          websecure:
+            port: 4443
+            exposedPort: 443
+            expose: true
+            protocol: TCP
+            tls:
+              enabled: true
+          metrics:
+            port: 9102
+            expose: false
+          udp:
+            port: 6666
+            protocol: UDP
+            expose: true
+
+        tlsOptions:
+          default:
+            sniStrict: true
+            minVersion: VersionTLS12
+
+        service:
+          enabled: true
+          type: LoadBalancer
+
+        providers:
+          kubernetesCRD:
+            allowCrossNamespace: true
+          kubernetesIngress:
+            publishedService:
+              enabled: true
+
+        ingressClass:
+          enabled: true
+          isDefaultClass: true
+
+    repoURL: https://helm.traefik.io/traefik
+    targetRevision: 20.6.0
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true