Skip to content

Instantly share code, notes, and snippets.

@joejulian

joejulian/.traefik.yml

Created August 11, 2021 23:16
Show Gist options
  • Save joejulian/58f4b504214534ac7c4bfe3f5ac28c5f to your computer and use it in GitHub Desktop.
Save joejulian/58f4b504214534ac7c4bfe3f5ac28c5f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
.traefik.yml
displayName: Rewrite Body
summary: Rewrites the HTTP response body by replacing a search regex by a replacement string.
type: middleware
import: plugin-rewritebody
compatibility: TODO
testData:
lastModified: true
rewrites:
- regex: "bar"
replacement: "foo"
Raw
clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
meta.helm.sh/release-name: kommander-traefik
meta.helm.sh/release-namespace: kommander
creationTimestamp: "2021-08-11T19:00:53Z"
labels:
app.kubernetes.io/instance: kommander-traefik
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-9.19.1
helm.toolkit.fluxcd.io/name: traefik
helm.toolkit.fluxcd.io/namespace: kommander
name: kommander-traefik
resourceVersion: "844453"
uid: 2afb6f9e-56e8-41a4-8a4a-ca6aa9d1ae68
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
Raw
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "21"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"secret.reloader.stakater.com/reload":"kommander-traefik-certificate"},"labels":{"app.kubernetes.io/instance":"kommander-traefik","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"traefik","helm.sh/chart":"traefik-9.19.1","helm.toolkit.fluxcd.io/name":"traefik","helm.toolkit.fluxcd.io/namespace":"kommander"},"name":"kommander-traefik","namespace":"kommander"},"spec":{"replicas":2,"selector":{"matchLabels":{"app.kubernetes.io/instance":"kommander-traefik","app.kubernetes.io/name":"traefik"}},"strategy":{"rollingUpdate":{"maxSurge":1,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"annotations":null,"labels":{"app":"traefik","app.kubernetes.io/instance":"kommander-traefik","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"traefik","helm.sh/chart":"traefik-9.19.1","kommander.mesosphere.io/name":"traefik"}},"spec":{"affinity":{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"kommander.mesosphere.io/name","operator":"In","values":["traefik"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":1},{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"kommander.mesosphere.io/name","operator":"In","values":["traefik"]}]},"topologyKey":"failure-domain.beta.kubernetes.io/zone"},"weight":1}]}},"containers":[{"args":["--global.checknewversion","--global.sendanonymoususage","--entryPoints.traefik.address=:9000/tcp","--entryPoints.velero-minio.address=:9090/tcp","--entryPoints.web.address=:8000/tcp","--entryPoints.websecure.address=:8443/tcp","--api.dashboard=true","--ping=true","--providers.kubernetescrd","--providers.kubernetesingress","--log.level=WARNING","--accesslog=true","--accesslog.fields.defaultmode=keep","--accesslog.fields.headers.defaultmode=drop","--pilot.dashboard=false","--serversTransport.insecureSkipVerify=true","--metrics.prometheus=true","--providers.kubernetesingress.ingressendpoint.publishedservice=kommander/kommander-traefik"],"image":"traefik:2.4.8","imagePullPolicy":"IfNotPresent","livenessProbe":{"failureThreshold":3,"httpGet":{"path":"/ping","port":9000},"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":2},"name":"kommander-traefik","ports":[{"containerPort":9000,"name":"traefik","protocol":"TCP"},{"containerPort":9090,"name":"velero-minio","protocol":"TCP"},{"containerPort":8000,"name":"web","protocol":"TCP"},{"containerPort":8443,"name":"websecure","protocol":"TCP"}],"readinessProbe":{"failureThreshold":1,"httpGet":{"path":"/ping","port":9000},"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":2},"resources":{"limits":{"cpu":"1000m"},"requests":{"cpu":"500m"}},"securityContext":{"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532},"volumeMounts":[{"mountPath":"/data","name":"data"},{"mountPath":"/tmp","name":"tmp"}]}],"hostNetwork":false,"initContainers":[{"args":["traefik"],"env":[{"name":"TRAEFIK_INGRESS_NAMESPACE","value":"kommander"},{"name":"TRAEFIK_INGRESS_SERVICE_NAME","value":"kommander-traefik"},{"name":"TRAEFIK_INGRESS_CERTIFICATE_NAME","value":"kommander-traefik"},{"name":"TRAEFIK_INGRESS_CERTIFICATE_ISSUER","value":"kommander-bootstrap-issuer"},{"name":"TRAEFIK_INGRESS_CERTIFICATE_ISSUER_TYPE","value":"Issuer"},{"name":"TRAEFIK_INGRESS_CERTIFICATE_SECRET_NAME","value":"kommander-traefik-certificate"},{"name":"TRAEFIK_KOMMANDER_CONFIG_MAP","value":"konvoyconfig-kubeaddons"},{"name":"TRAEFIK_CLUSTER_HOSTNAME_KEY","value":"clusterHostname"}],"image":"mesosphere/kubeaddons-addon-initializer:v0.5.2","name":"initialize-traefik-certificate"},{"args":["-c","cat \u003c\u003c EOF | kubectl -n kommander apply -f -\napiVersion: traefik.containo.us/v1alpha1\nkind: TLSStore\nmetadata:\n name: default\n namespace: kommander\nspec:\n defaultCertificate:\n secretName: kommander-traefik-certificate\n####\n#\n# TODO: Need a better strategy for creating this for charts that can't create them natively\n# Will address in https://jira.d2iq.com/browse/D2IQ-75671\n#\n####\n---\napiVersion: traefik.containo.us/v1alpha1\nkind: Middleware\nmetadata:\n name: stripprefixes\n namespace: kommander\nspec:\n stripPrefix:\n prefixes:\n - /dkp/alertmanager\n - /dkp/kommander/dashboard\n - /dkp/kommander/gitserver\n - /dkp/kommander/helm-mirror\n - /dkp/kommander/monitoring/query\n - /dkp/kubecost/frontend\n - /dkp/kubecost/grafana\n - /dkp/kubernetes\n - /dkp/prometheus\n---\n# Create stripprefix middleware for kubetunnel exposed services.\n# This expects that every TunnelGateway will be launched with\n# `urlPathPrefix: /dkp/tunnel` configuration.\n# If there is a need for creating TunnelGateway objects with\n# different `urlPathPrefix` then this middleware needs to be\n# extended or new must be created.\napiVersion: traefik.containo.us/v1alpha1\nkind: Middleware\nmetadata:\n name: stripprefixes-kubetunnel\n namespace: kommander\nspec:\n stripPrefixRegex:\n regex:\n # \u003croute_prefix\u003e/\u003cnamespace\u003e/\u003cconnector_name\u003e/kubeconfig\n - /dkp/tunnel/[^/]+/[^/]+/kubeconfig\n # \u003croute_prefix\u003e/\u003cnamespace\u003e/\u003cconnector_name\u003e/tunnel-server\n - /dkp/tunnel/[^/]+/[^/]+/tunnel-server\n---\napiVersion: traefik.containo.us/v1alpha1\nkind: Middleware\nmetadata:\n name: forwardauth\n namespace: kommander\nspec:\n forwardAuth:\n address: http://traefik-forward-auth.kommander.svc.cluster.local:4181/\n authResponseHeaders:\n - X-Forwarded-User\n - Impersonate-User\n - Impersonate-Group\n---\n# Temporary Fix for 401 Error of Grafana UI Issue: https://jira.d2iq.com/browse/D2IQ-77423\napiVersion: traefik.containo.us/v1alpha1\nkind: Middleware\nmetadata:\n name: forwardauth-dashboard\n namespace: kommander\nspec:\n forwardAuth:\n address: http://traefik-forward-auth.kommander.svc.cluster.local:4181/\n authResponseHeaders:\n - X-Forwarded-User\n - Impersonate-User\n - Impersonate-Group\n - Authorization\nEOF\n"],"command":["bash"],"image":"bitnami/kubectl:1.21.3","name":"initialize-default-tlsstore"}],"securityContext":{"fsGroup":65532},"serviceAccountName":"kommander-traefik","terminationGracePeriodSeconds":60,"volumes":[{"emptyDir":{},"name":"data"},{"emptyDir":{},"name":"tmp"}]}}}}
meta.helm.sh/release-name: kommander-traefik
meta.helm.sh/release-namespace: kommander
secret.reloader.stakater.com/reload: kommander-traefik-certificate
creationTimestamp: "2021-08-11T19:00:53Z"
generation: 21
labels:
app.kubernetes.io/instance: kommander-traefik
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-9.19.1
helm.toolkit.fluxcd.io/name: traefik
helm.toolkit.fluxcd.io/namespace: kommander
name: kommander-traefik
namespace: kommander
resourceVersion: "858189"
uid: 67267593-6a83-4c22-9f45-66f6f397d26e
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/instance: kommander-traefik
app.kubernetes.io/name: traefik
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: traefik
app.kubernetes.io/instance: kommander-traefik
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-9.19.1
kommander.mesosphere.io/name: traefik
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: kommander.mesosphere.io/name
operator: In
values:
- traefik
topologyKey: kubernetes.io/hostname
weight: 1
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: kommander.mesosphere.io/name
operator: In
values:
- traefik
topologyKey: failure-domain.beta.kubernetes.io/zone
weight: 1
containers:
- args:
- --global.checknewversion
- --global.sendanonymoususage
- --entryPoints.traefik.address=:9000/tcp
- --entryPoints.velero-minio.address=:9090/tcp
- --entryPoints.web.address=:8000/tcp
- --entryPoints.websecure.address=:8443/tcp
- --api.dashboard=true
- --api.insecure=true
- --ping=true
- --providers.kubernetescrd
- --providers.kubernetesingress
- --log.level=WARNING
- --accesslog=true
- --accesslog.fields.defaultmode=keep
- --accesslog.fields.headers.defaultmode=drop
- --pilot.dashboard=false
- --serversTransport.insecureSkipVerify=true
- --metrics.prometheus=true
- --providers.kubernetesingress.ingressendpoint.publishedservice=kommander/kommander-traefik
- --experimental.localPlugins.plugin-rewritebody.moduleName=plugin-rewritebody
env:
- name: STAKATER_KOMMANDER_TRAEFIK_CERTIFICATE_SECRET
value: ffd99ee041d9c51203b5dfb610d34c8cc12399ea
image: traefik:2.5.0-rc5
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: 9000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
name: kommander-traefik
ports:
- containerPort: 9000
name: traefik
protocol: TCP
- containerPort: 9090
name: velero-minio
protocol: TCP
- containerPort: 8000
name: web
protocol: TCP
- containerPort: 8443
name: websecure
protocol: TCP
readinessProbe:
failureThreshold: 1
httpGet:
path: /ping
port: 9000
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
resources:
limits:
cpu: "1"
requests:
cpu: 500m
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data
name: data
- mountPath: /tmp
name: tmp
- mountPath: /plugins-local/src/plugin-rewritebody
name: traefik-plugin-rewritebody
dnsPolicy: ClusterFirst
initContainers:
- args:
- traefik
env:
- name: TRAEFIK_INGRESS_NAMESPACE
value: kommander
- name: TRAEFIK_INGRESS_SERVICE_NAME
value: kommander-traefik
- name: TRAEFIK_INGRESS_CERTIFICATE_NAME
value: kommander-traefik
- name: TRAEFIK_INGRESS_CERTIFICATE_ISSUER
value: kommander-bootstrap-issuer
- name: TRAEFIK_INGRESS_CERTIFICATE_ISSUER_TYPE
value: Issuer
- name: TRAEFIK_INGRESS_CERTIFICATE_SECRET_NAME
value: kommander-traefik-certificate
- name: TRAEFIK_KOMMANDER_CONFIG_MAP
value: konvoyconfig-kubeaddons
- name: TRAEFIK_CLUSTER_HOSTNAME_KEY
value: clusterHostname
image: mesosphere/kubeaddons-addon-initializer:v0.5.2
imagePullPolicy: IfNotPresent
name: initialize-traefik-certificate
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
- args:
- -c
- |
cat << EOF | kubectl -n kommander apply -f -
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: kommander
spec:
defaultCertificate:
secretName: kommander-traefik-certificate
####
#
# TODO: Need a better strategy for creating this for charts that can't create them natively
# Will address in https://jira.d2iq.com/browse/D2IQ-75671
#
####
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: stripprefixes
namespace: kommander
spec:
stripPrefix:
prefixes:
- /dkp/alertmanager
- /dkp/kommander/dashboard
- /dkp/kommander/gitserver
- /dkp/kommander/helm-mirror
- /dkp/kommander/monitoring/query
- /dkp/kubecost/frontend
- /dkp/kubecost/grafana
- /dkp/kubernetes
- /dkp/prometheus
---
# Create stripprefix middleware for kubetunnel exposed services.
# This expects that every TunnelGateway will be launched with
# `urlPathPrefix: /dkp/tunnel` configuration.
# If there is a need for creating TunnelGateway objects with
# different `urlPathPrefix` then this middleware needs to be
# extended or new must be created.
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: stripprefixes-kubetunnel
namespace: kommander
spec:
stripPrefixRegex:
regex:
# <route_prefix>/<namespace>/<connector_name>/kubeconfig
- /dkp/tunnel/[^/]+/[^/]+/kubeconfig
# <route_prefix>/<namespace>/<connector_name>/tunnel-server
- /dkp/tunnel/[^/]+/[^/]+/tunnel-server
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: forwardauth
namespace: kommander
spec:
forwardAuth:
address: http://traefik-forward-auth.kommander.svc.cluster.local:4181/
authResponseHeaders:
- X-Forwarded-User
- Impersonate-User
- Impersonate-Group
---
# Temporary Fix for 401 Error of Grafana UI Issue: https://jira.d2iq.com/browse/D2IQ-77423
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: forwardauth-dashboard
namespace: kommander
spec:
forwardAuth:
address: http://traefik-forward-auth.kommander.svc.cluster.local:4181/
authResponseHeaders:
- X-Forwarded-User
- Impersonate-User
- Impersonate-Group
- Authorization
EOF
command:
- bash
image: bitnami/kubectl:1.21.3
imagePullPolicy: IfNotPresent
name: initialize-default-tlsstore
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 65532
serviceAccount: kommander-traefik
serviceAccountName: kommander-traefik
terminationGracePeriodSeconds: 60
volumes:
- emptyDir: {}
name: data
- emptyDir: {}
name: tmp
- configMap:
defaultMode: 420
name: traefik-plugin-rewritebody
name: traefik-plugin-rewritebody
status:
availableReplicas: 2
conditions:
- lastTransitionTime: "2021-08-11T19:01:23Z"
lastUpdateTime: "2021-08-11T19:01:23Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
- lastTransitionTime: "2021-08-11T19:00:53Z"
lastUpdateTime: "2021-08-11T23:04:24Z"
message: ReplicaSet "kommander-traefik-6d6956c9f8" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
observedGeneration: 21
readyReplicas: 2
replicas: 2
updatedReplicas: 2
Raw
ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.middlewares: kommander-stripprefixes@kubernetescrd,kommander-forwardauth-dashboard@kubernetescrd,kommander-rewrite-api@kubernetescrd
traefik.ingress.kubernetes.io/router.priority: "2"
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/redirect-entry-point: https
labels:
app.kubernetes.io/instance: traefik-dashboard
app.kubernetes.io/name: traefik-dashboard
app.kubernetes.io/version: 2.2.0
name: traefik-dashboard
namespace: kommander
spec:
rules:
- http:
paths:
- backend:
service:
name: kommander-traefik-dashboard
port:
number: 80
path: /dkp/traefik
pathType: Prefix
Raw
middleware-rewrite.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: rewrite-api
namespace: kommander
spec:
plugin:
plugin-rewritebody:
rewrites:
- regex: "/api"
replacement: "/dkp/traefik/api"
Raw
middleware-stripprefixes.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"traefik.containo.us/v1alpha1","kind":"Middleware","metadata":{"annotations":{},"name":"stripprefixes","namespace":"kommander"},"spec":{"stripPrefix":{"prefixes":["/dkp/alertmanager","/dkp/kommander/dashboard","/dkp/kommander/gitserver","/dkp/kommander/helm-mirror","/dkp/kommander/monitoring/query","/dkp/kubecost/frontend","/dkp/kubecost/grafana","/dkp/kubernetes","/dkp/prometheus"]}}}
creationTimestamp: "2021-08-11T19:01:04Z"
generation: 4
name: stripprefixes
namespace: kommander
resourceVersion: "862497"
uid: d04c4b42-cfec-42e5-adf7-c5dd493e5f6a
spec:
stripPrefix:
prefixes:
- /dkp/alertmanager
- /dkp/kommander/dashboard
- /dkp/kommander/gitserver
- /dkp/kommander/helm-mirror
- /dkp/kommander/monitoring/query
- /dkp/kubecost/frontend
- /dkp/kubecost/grafana
- /dkp/kubernetes
- /dkp/prometheus
- /dkp/traefik
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment