F

2022-11-15 12:48:55 +01:00 · 2022-11-15 12:48:55 +01:00 · ec76b0d94c
commit ec76b0d94c
parent 29a808fe81
4 changed files with 102 additions and 99 deletions
--- a/Deployments.ol/.ingress/traefik-ingress.yaml
+++ b/Deployments.ol/.ingress/traefik-ingress.yaml
@ -0,0 +1,15 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  annotations:
+  name: traefik-dash
+  namespace: traefik
+spec:
+  entryPoints:
+    - web
+  routes:
+    - kind: Rule
+      match: Host(`traefik.roxedus.com`) && ( PathPrefix(`/dashboard`) || PathPrefix(`/api`))
+      services:
+        - kind: TraefikService
+          name: api@internal
--- a/apps.ol/templates/root.yaml
+++ b/apps.ol/templates/root.yaml
@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: root
-  namespace: argo-cd
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: argo-cd
-  project: default
-  source:
-    path: apps/
-    repoURL: https://git.roxedus.dev/Roxedus/Argo.git
-    targetRevision: HEAD
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
--- a/apps/templates/traefik.yaml
+++ b/apps/templates/traefik.yaml
@ -12,10 +12,94 @@ spec:
  project: default
  source:
    chart: traefik
-    path: helm/
    helm:
-      valueFiles:
-        - values.yaml
+      values: |
+          image:
+            repository: &traefikImage library/traefik
+            name: *traefikImage
+            tag: v2.9.4
+            pullPolicy: IfNotPresent
+
+          experimental:
+            http3:
+              enabled: true
+            plugins:
+              enabled: false
+            kubernetesGateway:
+              enabled: false
+
+          dnsPolicy: ClusterFirstWithHostNet
+          hostNetwork: true
+          nodeSelector:
+            hasDns: "true"
+
+          securityContext:
+            capabilities:
+              drop: [ALL]
+              add: [NET_BIND_SERVICE]
+            readOnlyRootFilesystem: true
+            runAsGroup: 0
+            runAsNonRoot: false
+            runAsUser: 0
+
+          globalArguments: []
+
+          additionalArguments:
+          #  - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32"
+            - "--api.insecure=true"
+          envFrom:
+            - secretRef:
+                name: traefik-secrets
+
+          ports:
+            traefik:
+              port: 9000
+              expose: true
+              exposedPort: 9000
+              protocol: TCP
+            web:
+              port: 80
+              expose: false
+              protocol: TCP
+            websecure:
+              port: 443
+              expose: false
+              protocol: TCP
+              tls:
+                enabled: true
+            metrics:
+              port: 9100
+              expose: true
+            udp:
+              port: 6666
+              protocol: UDP
+              expose: true
+
+          tlsOptions:
+            default:
+              sniStrict: true
+              minVersion: VersionTLS12
+
+          service:
+            enabled: true
+            type: NodePort
+            annotations: {}
+            annotationsTCP: {}
+            annotationsUDP: {}
+            labels: {}
+            spec:
+              {}
+            loadBalancerSourceRanges:
+              []
+            externalIPs:
+              []
+
+          certResolvers:
+            cloudflare:
+              email: me@roxedus.dev
+              dnsChallenge:
+                provider: cloudflare
+              storage: /data/acme.json

    repoURL: https://helm.traefik.io/traefik
    targetRevision: 10.24.0
--- a/helm/traefik/values.yaml
+++ b/helm/traefik/values.yaml
@ -1,74 +0,0 @@
-image:
-  repository: &traefikImage library/traefik
-  name: *traefikImage
-  tag: v2.9.4
-  pullPolicy: IfNotPresent
-
-experimental:
-  http3:
-    enabled: true
-  plugins:
-    enabled: false
-  kubernetesGateway:
-    enabled: false
-
-dnsPolicy: ClusterFirstWithHostNet
-hostNetwork: true
-nodeSelector:
-  hasDns: "true"
-
-securityContext:
-  capabilities:
-    drop: [ALL]
-    add: [NET_BIND_SERVICE]
-  readOnlyRootFilesystem: true
-  runAsGroup: 0
-  runAsNonRoot: false
-  runAsUser: 0
-
-additionalArguments:
-#  - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32"
-  - "--api.insecure=true"
-envFrom:
-  - secretRef:
-      name: traefik-secrets
-
-ports:
-  traefik:
-    port: 9000
-    expose: true
-    exposedPort: 9000
-    protocol: TCP
-  web:
-    port: 80
-    expose: false
-    protocol: TCP
-  websecure:
-    port: 443
-    expose: false
-    protocol: TCP
-    tls:
-      enabled: true
-  metrics:
-    port: 9100
-    expose: true
-  udp:
-    port: 6666
-    protocol: UDP
-    expose: true
-
-tlsOptions:
-  default:
-    sniStrict: true
-    minVersion: VersionTLS12
-
-service:
-  enabled: true
-  type: NodePort
-
-certResolvers:
-  cloudflare:
-    email: me@roxedus.dev
-    dnsChallenge:
-      provider: cloudflare
-    storage: /data/acme.json