woot custom resource definitions
This commit is contained in:
ducoterra
@@ -1,29 +0,0 @@
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-external
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- endpoints
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
@@ -1,12 +0,0 @@
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-external
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: traefik-external
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: traefik-external
|
||||
namespace: kube-system
|
||||
@@ -1,44 +1,36 @@
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: traefik-external
|
||||
namespace: kube-system
|
||||
name: traefik-custom-controller
|
||||
labels:
|
||||
k8s-app: traefik-external
|
||||
app: traefik-custom-controller
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
k8s-app: traefik-external
|
||||
app: traefik-custom-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
k8s-app: traefik-external
|
||||
name: traefik-external
|
||||
app: traefik-custom-controller
|
||||
spec:
|
||||
serviceAccountName: traefik-external
|
||||
serviceAccountName: traefik-custom-controller
|
||||
containers:
|
||||
- image: traefik:v2.2.0
|
||||
name: traefik-external
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 9080
|
||||
- name: https
|
||||
containerPort: 9443
|
||||
resources:
|
||||
limits:
|
||||
memory: "2Gi"
|
||||
cpu: "2"
|
||||
requests:
|
||||
memory: "1Mi"
|
||||
cpu: "1m"
|
||||
args:
|
||||
- --log.level=DEBUG
|
||||
- --api
|
||||
- --api.insecure
|
||||
- --entrypoints.web.Address=:9080
|
||||
- --entrypoints.websecure.Address=:9443
|
||||
- --entrypoints.websecure.http.tls=true
|
||||
- --providers.kubernetesingress
|
||||
- --providers.kubernetesingress.ingressclass=traefik-external
|
||||
- --providers.kubernetesingress.ingressendpoint.ip=3.14.3.100
|
||||
- name: traefik
|
||||
image: traefik:v2.2
|
||||
args:
|
||||
- --log.level=DEBUG
|
||||
- --api
|
||||
- --api.insecure
|
||||
- --entrypoints.web.address=:9080
|
||||
- --entrypoints.websecure.address=:9443
|
||||
- --entrypoints.websecure.http.tls=true
|
||||
- --providers.kubernetescrd
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 9080
|
||||
- name: websecure
|
||||
containerPort: 9443
|
||||
- name: admin
|
||||
containerPort: 8080
|
||||
64
k8s/rbac.yaml
Normal file
64
k8s/rbac.yaml
Normal file
@@ -0,0 +1,64 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: traefik-custom-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-custom-controller
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- endpoints
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- traefik.containo.us
|
||||
resources:
|
||||
- middlewares
|
||||
- ingressroutes
|
||||
- traefikservices
|
||||
- ingressroutetcps
|
||||
- ingressrouteudps
|
||||
- tlsoptions
|
||||
- tlsstores
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
metadata:
|
||||
name: traefik-custom-controller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: traefik-custom-controller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: traefik-custom-controller
|
||||
namespace: kube-system
|
||||
104
k8s/resourcedefinition.yaml
Normal file
104
k8s/resourcedefinition.yaml
Normal file
@@ -0,0 +1,104 @@
|
||||
# All resources definition must be declared
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: ingressroutes.traefik.containo.us
|
||||
namespace: kube-system
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: IngressRoute
|
||||
plural: ingressroutes
|
||||
singular: ingressroute
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: middlewares.traefik.containo.us
|
||||
namespace: kube-system
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: Middleware
|
||||
plural: middlewares
|
||||
singular: middleware
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: ingressroutetcps.traefik.containo.us
|
||||
namespace: kube-system
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: IngressRouteTCP
|
||||
plural: ingressroutetcps
|
||||
singular: ingressroutetcp
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: ingressrouteudps.traefik.containo.us
|
||||
namespace: kube-system
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: IngressRouteUDP
|
||||
plural: ingressrouteudps
|
||||
singular: ingressrouteudp
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: tlsoptions.traefik.containo.us
|
||||
namespace: kube-system
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: TLSOption
|
||||
plural: tlsoptions
|
||||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: tlsstores.traefik.containo.us
|
||||
namespace: kube-system
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: TLSStore
|
||||
plural: tlsstores
|
||||
singular: tlsstore
|
||||
scope: Namespaced
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: traefikservices.traefik.containo.us
|
||||
namespace: kube-system
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
version: v1alpha1
|
||||
names:
|
||||
kind: TraefikService
|
||||
plural: traefikservices
|
||||
singular: traefikservice
|
||||
scope: Namespaced
|
||||
@@ -1,18 +1,18 @@
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: traefik-external
|
||||
name: traefik-custom-controller
|
||||
namespace: kube-system
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
k8s-app: traefik-external
|
||||
app: traefik-custom-controller
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9080
|
||||
targetPort: 9080
|
||||
name: web
|
||||
targetPort: 9080
|
||||
- protocol: TCP
|
||||
port: 9443
|
||||
targetPort: 9443
|
||||
name: websecure
|
||||
type: LoadBalancer
|
||||
targetPort: 9443
|
||||
@@ -1,5 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: traefik-external
|
||||
namespace: kube-system
|
||||
Reference in New Issue
Block a user