diff --git a/Deployments.ol/.ingress/traefik-ingress.yaml b/Deployments.ol/.ingress/traefik-ingress.yaml new file mode 100644 index 0000000..b457928 --- /dev/null +++ b/Deployments.ol/.ingress/traefik-ingress.yaml @@ -0,0 +1,15 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + annotations: + name: traefik-dash + namespace: traefik +spec: + entryPoints: + - web + routes: + - kind: Rule + match: Host(`traefik.roxedus.com`) && ( PathPrefix(`/dashboard`) || PathPrefix(`/api`)) + services: + - kind: TraefikService + name: api@internal diff --git a/apps.ol/templates/root.yaml b/apps.ol/templates/root.yaml deleted file mode 100644 index 14947c8..0000000 --- a/apps.ol/templates/root.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: root - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - destination: - server: https://kubernetes.default.svc - namespace: argo-cd - project: default - source: - path: apps/ - repoURL: https://git.roxedus.dev/Roxedus/Argo.git - targetRevision: HEAD - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true \ No newline at end of file diff --git a/apps/templates/traefik.yaml b/apps/templates/traefik.yaml index 08fb335..7aaa8da 100644 --- a/apps/templates/traefik.yaml +++ b/apps/templates/traefik.yaml @@ -12,10 +12,94 @@ spec: project: default source: chart: traefik - path: helm/ helm: - valueFiles: - - values.yaml + values: | + image: + repository: &traefikImage library/traefik + name: *traefikImage + tag: v2.9.4 + pullPolicy: IfNotPresent + + experimental: + http3: + enabled: true + plugins: + enabled: false + kubernetesGateway: + enabled: false + + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + nodeSelector: + hasDns: "true" + + securityContext: + capabilities: + drop: [ALL] + add: [NET_BIND_SERVICE] + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + + globalArguments: [] + + additionalArguments: + # - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32" + - "--api.insecure=true" + envFrom: + - secretRef: + name: traefik-secrets + + ports: + traefik: + port: 9000 + expose: true + exposedPort: 9000 + protocol: TCP + web: + port: 80 + expose: false + protocol: TCP + websecure: + port: 443 + expose: false + protocol: TCP + tls: + enabled: true + metrics: + port: 9100 + expose: true + udp: + port: 6666 + protocol: UDP + expose: true + + tlsOptions: + default: + sniStrict: true + minVersion: VersionTLS12 + + service: + enabled: true + type: NodePort + annotations: {} + annotationsTCP: {} + annotationsUDP: {} + labels: {} + spec: + {} + loadBalancerSourceRanges: + [] + externalIPs: + [] + + certResolvers: + cloudflare: + email: me@roxedus.dev + dnsChallenge: + provider: cloudflare + storage: /data/acme.json repoURL: https://helm.traefik.io/traefik targetRevision: 10.24.0 diff --git a/helm/traefik/values.yaml b/helm/traefik/values.yaml deleted file mode 100644 index 577a08d..0000000 --- a/helm/traefik/values.yaml +++ /dev/null @@ -1,74 +0,0 @@ -image: - repository: &traefikImage library/traefik - name: *traefikImage - tag: v2.9.4 - pullPolicy: IfNotPresent - -experimental: - http3: - enabled: true - plugins: - enabled: false - kubernetesGateway: - enabled: false - -dnsPolicy: ClusterFirstWithHostNet -hostNetwork: true -nodeSelector: - hasDns: "true" - -securityContext: - capabilities: - drop: [ALL] - add: [NET_BIND_SERVICE] - readOnlyRootFilesystem: true - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - -additionalArguments: -# - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32" - - "--api.insecure=true" -envFrom: - - secretRef: - name: traefik-secrets - -ports: - traefik: - port: 9000 - expose: true - exposedPort: 9000 - protocol: TCP - web: - port: 80 - expose: false - protocol: TCP - websecure: - port: 443 - expose: false - protocol: TCP - tls: - enabled: true - metrics: - port: 9100 - expose: true - udp: - port: 6666 - protocol: UDP - expose: true - -tlsOptions: - default: - sniStrict: true - minVersion: VersionTLS12 - -service: - enabled: true - type: NodePort - -certResolvers: - cloudflare: - email: me@roxedus.dev - dnsChallenge: - provider: cloudflare - storage: /data/acme.json \ No newline at end of file