mirror of
https://github.com/vcscsvcscs/OCI-Kubernetes-cluster-with-traefik.git
synced 2025-08-12 13:59:09 +02:00
84 lines
2.8 KiB
YAML
84 lines
2.8 KiB
YAML
ingressRoute:
|
|
dashboard:
|
|
# -- Create an IngressRoute for the dashboard
|
|
enabled: true
|
|
# -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
|
annotations: {}
|
|
# -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
|
labels: {}
|
|
# -- The router match rule used for the dashboard ingressRoute
|
|
matchRule: Host(`traefik.${my_domain}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
|
|
# -- Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
|
|
# By default, it's using traefik entrypoint, which is not exposed.
|
|
# /!\ Do not expose your dashboard without any protection over the internet /!\
|
|
entryPoints: ["websecure"]
|
|
# -- Additional ingressRoute middlewares (e.g. for authentication)
|
|
middlewares:
|
|
- name: traefik-dashboard-auth
|
|
# -- TLS options (e.g. secret containing certificate)
|
|
tls: {}
|
|
|
|
healthcheck:
|
|
# -- Create an IngressRoute for the healthcheck probe
|
|
enabled: true
|
|
# -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
|
annotations: {}
|
|
# -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
|
labels: {}
|
|
# -- The router match rule used for the healthcheck ingressRoute
|
|
matchRule: Host(`traefik.${my_domain}`) && PathPrefix(`/ping`)
|
|
# -- Specify the allowed entrypoints to use for the healthcheck ingress route, (e.g. traefik, web, websecure).
|
|
# By default, it's using traefik entrypoint, which is not exposed.
|
|
entryPoints: ["websecure"]
|
|
# -- Additional ingressRoute middlewares (e.g. for authentication)
|
|
middlewares: []
|
|
# -- TLS options (e.g. secret containing certificate)
|
|
tls: {}
|
|
|
|
providers:
|
|
kubernetesCRD:
|
|
allowCrossNamespace: true
|
|
|
|
service:
|
|
annotations:
|
|
oci.oraclecloud.com/load-balancer-type: "nlb"
|
|
|
|
extraObjects:
|
|
- apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: cloudflare-origin-certificate
|
|
namespace: traefik-loadbalancer
|
|
type: Opaque
|
|
data:
|
|
tls.crt: ${cloudflare_origin_certificate_pem}
|
|
tls.key: ${cloudflare_origin_certificate_key}
|
|
|
|
- apiVersion: traefik.io/v1alpha1
|
|
kind: TLSStore
|
|
metadata:
|
|
name: default
|
|
namespace: traefik-loadbalancer
|
|
spec:
|
|
defaultCertificate:
|
|
secretName: cloudflare-origin-certificate
|
|
|
|
- apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: dashboard-authsecret
|
|
namespace: traefik-loadbalancer
|
|
type: kubernetes.io/basic-auth
|
|
data:
|
|
username: ${traefik_dashboard_username}
|
|
password: ${traefik_dashboard_password}
|
|
|
|
- apiVersion: traefik.containo.us/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: traefik-dashboard-auth
|
|
namespace: traefik-loadbalancer
|
|
spec:
|
|
basicAuth:
|
|
secret: dashboard-authsecret
|