Skip to content

Instantly share code, notes, and snippets.

@jmaitrehenry

jmaitrehenry/traefik.yml

Created October 12, 2018 20:22
Show Gist options
  • Save jmaitrehenry/863b150602aa16026b4ca732bd1101de to your computer and use it in GitHub Desktop.
Save jmaitrehenry/863b150602aa16026b4ca732bd1101de to your computer and use it in GitHub Desktop.
Download ZIP
Raw
traefik.yml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik:v1.7.0-rc3
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
hostPort: 80
- name: https
containerPort: 443
hostPort: 443
- name: admin
containerPort: 8080
env:
- name: AZURE_CLIENT_ID
value: "a6dbf7d0-4e34-xxx"
- name: AZURE_CLIENT_SECRET
value: "xxx+xxxx/xxxx+qo="
- name: AZURE_SUBSCRIPTION_ID
value: "xxxx-xxxx-xxxx-xxxx-xxxxx"
- name: AZURE_TENANT_ID
value: ""xxxx-xxxx-xxxx-xxxx-xxxxx"
- name: AZURE_RESOURCE_GROUP
value: "kumojin"
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --api
- --kubernetes
- --kubernetes.namespaces=jmaitrehenry,production
- --logLevel=DEBUG
- --debug
- --configFile=/etc/traefik/traefik.toml
volumeMounts:
- name: traefik-config
mountPath: /etc/traefik
volumes:
- name: traefik-config
configMap:
name: traefik
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: http
- protocol: TCP
port: 443
name: https
- protocol: TCP
port: 8080
name: admin
type: LoadBalancer
loadBalancerIP: x.y.z.p
---
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik
namespace: kube-system
data:
traefik.toml: |-
checkNewVersion = false
IdleTimeout = "180s"
MaxIdleConnsPerHost = 500
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
attempts = 3
[api]
[etcd]
endpoint = "etcd:2379"
useAPIV3 = true
[acme]
email = "[email protected]"
storage = "traefik/acme/account"
entryPoint = "https"
OnHostRule = true
acmeLogging = true
onDemand = true
#caServer = "https://acme-staging.api.letsencrypt.org/directory"
[[acme.domains]]
main = "kumojin.com"
[[acme.domains]]
main = "*.kumojin.com"
[[acme.domains]]
main = "jmaitrehenry.ca"
[[acme.domains]]
main = "*.jmaitrehenry.ca"
[acme.dnsChallenge]
provider = "azure"
resolv.conf: |-
nameserver 10.3.0.10
search kube-system.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment