add kubernetes_traefik

2026-04-16 12:37:35 -04:00
parent 8865a11d67
commit 65b9c8e70e
2 changed files with 150 additions and 0 deletions
--- a/active/kubernetes_traefik/values.yaml
+++ b/active/kubernetes_traefik/values.yaml
@@ -0,0 +1,96 @@
+# Configure Network Ports and EntryPoints
+# EntryPoints are the network listeners for incoming traffic.
+ports:
+  # Defines the HTTP entry point named 'web'
+  web:
+    port: 80
+    nodePort: 30000
+    # Instructs this entry point to redirect all traffic to the 'websecure' entry point
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true
+
+  # Defines the HTTPS entry point named 'websecure'
+  websecure:
+    port: 443
+    nodePort: 30001
+
+# Enables the dashboard in Secure Mode
+api:
+  dashboard: true
+  insecure: false
+
+ingressRoute:
+  dashboard:
+    enabled: true
+    matchRule: Host(`traefik-dashboard.reeselink.com`)
+    entryPoints:
+      - websecure
+    middlewares:
+      - name: dashboard-auth
+
+# Creates a BasicAuth Middleware and Secret for the Dashboard Security
+extraObjects:
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: dashboard-auth-secret
+    type: kubernetes.io/basic-auth
+    stringData:
+      username: admin
+      password: "P@ssw0rd" # Replace with an Actual Password
+  - apiVersion: traefik.io/v1alpha1
+    kind: Middleware
+    metadata:
+      name: dashboard-auth
+    spec:
+      basicAuth:
+        secret: dashboard-auth-secret
+
+# We will route with Gateway API instead.
+ingressClass:
+  enabled: false
+
+# Enable Gateway API Provider & Disables the KubernetesIngress provider
+# Providers tell Traefik where to find routing configuration.
+providers:
+  kubernetesIngress:
+    enabled: false
+  kubernetesGateway:
+    enabled: true
+
+## Gateway Listeners
+gateway:
+  listeners:
+    web: # HTTP listener that matches entryPoint `web`
+      port: 80
+      protocol: HTTP
+      namespacePolicy:
+        from: All
+
+    websecure: # HTTPS listener that matches entryPoint `websecure`
+      port: 443
+      protocol: HTTPS # TLS terminates inside Traefik
+      namespacePolicy:
+        from: All
+      mode: Terminate
+      certificateRefs:
+        - kind: Secret
+          name: local-selfsigned-tls # the Secret we created before the installation
+          group: ""
+
+# Enable Observability
+logs:
+  general:
+    level: INFO
+  # This enables access logs, outputting them to Traefik's standard output by default. The [Access Logs Documentation](https://doc.traefik.io/traefik/observability/access-logs/) covers formatting, filtering, and output options.
+  access:
+    enabled: true
+
+# Enables Prometheus for Metrics
+metrics:
+  prometheus:
+    enabled: true