From 65b9c8e70e0fe2b0a143fb35b3dff79835bca2a2 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Thu, 16 Apr 2026 12:37:35 -0400 Subject: [PATCH] add kubernetes_traefik --- active/kubernetes_traefik/demo-app.yaml | 54 ++++++++++++++ active/kubernetes_traefik/values.yaml | 96 +++++++++++++++++++++++++ 2 files changed, 150 insertions(+) create mode 100644 active/kubernetes_traefik/demo-app.yaml create mode 100644 active/kubernetes_traefik/values.yaml diff --git a/active/kubernetes_traefik/demo-app.yaml b/active/kubernetes_traefik/demo-app.yaml new file mode 100644 index 0000000..1888759 --- /dev/null +++ b/active/kubernetes_traefik/demo-app.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whoami + namespace: default +spec: + replicas: 2 + selector: + matchLabels: + app: whoami + template: + metadata: + labels: + app: whoami + spec: + containers: + - name: whoami + image: traefik/whoami + ports: + - containerPort: 80 + +--- +apiVersion: v1 +kind: Service +metadata: + name: whoami + namespace: default +spec: + selector: + app: whoami + ports: + - port: 80 + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: whoami + namespace: default +spec: + parentRefs: + - name: traefik-gateway + namespace: traefik + hostnames: + - "traefik-demo.reeselink.com" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: whoami + namespace: default + port: 80 diff --git a/active/kubernetes_traefik/values.yaml b/active/kubernetes_traefik/values.yaml new file mode 100644 index 0000000..19059e5 --- /dev/null +++ b/active/kubernetes_traefik/values.yaml @@ -0,0 +1,96 @@ +# Configure Network Ports and EntryPoints +# EntryPoints are the network listeners for incoming traffic. +ports: + # Defines the HTTP entry point named 'web' + web: + port: 80 + nodePort: 30000 + # Instructs this entry point to redirect all traffic to the 'websecure' entry point + http: + redirections: + entryPoint: + to: websecure + scheme: https + permanent: true + + # Defines the HTTPS entry point named 'websecure' + websecure: + port: 443 + nodePort: 30001 + +# Enables the dashboard in Secure Mode +api: + dashboard: true + insecure: false + +ingressRoute: + dashboard: + enabled: true + matchRule: Host(`traefik-dashboard.reeselink.com`) + entryPoints: + - websecure + middlewares: + - name: dashboard-auth + +# Creates a BasicAuth Middleware and Secret for the Dashboard Security +extraObjects: + - apiVersion: v1 + kind: Secret + metadata: + name: dashboard-auth-secret + type: kubernetes.io/basic-auth + stringData: + username: admin + password: "P@ssw0rd" # Replace with an Actual Password + - apiVersion: traefik.io/v1alpha1 + kind: Middleware + metadata: + name: dashboard-auth + spec: + basicAuth: + secret: dashboard-auth-secret + +# We will route with Gateway API instead. +ingressClass: + enabled: false + +# Enable Gateway API Provider & Disables the KubernetesIngress provider +# Providers tell Traefik where to find routing configuration. +providers: + kubernetesIngress: + enabled: false + kubernetesGateway: + enabled: true + +## Gateway Listeners +gateway: + listeners: + web: # HTTP listener that matches entryPoint `web` + port: 80 + protocol: HTTP + namespacePolicy: + from: All + + websecure: # HTTPS listener that matches entryPoint `websecure` + port: 443 + protocol: HTTPS # TLS terminates inside Traefik + namespacePolicy: + from: All + mode: Terminate + certificateRefs: + - kind: Secret + name: local-selfsigned-tls # the Secret we created before the installation + group: "" + +# Enable Observability +logs: + general: + level: INFO + # This enables access logs, outputting them to Traefik's standard output by default. The [Access Logs Documentation](https://doc.traefik.io/traefik/observability/access-logs/) covers formatting, filtering, and output options. + access: + enabled: true + +# Enables Prometheus for Metrics +metrics: + prometheus: + enabled: true