diff --git a/README.md b/README.md index 270046e..3390905 100644 --- a/README.md +++ b/README.md @@ -30,3 +30,7 @@ spec: serviceName: jf servicePort: 8096 ``` + +## Create a name.com secret for traefik to use: + +kubectl create secret generic namedotcom -n kube-system --from-literal=NAMECOM_USERNAME= --from-literal-NAMECOM_API_TOKEN= --from-literal=NAMECOM_SERVER= \ No newline at end of file diff --git a/k8s/deploy.yaml b/k8s/deploy.yaml index efb2210..cc4c78b 100644 --- a/k8s/deploy.yaml +++ b/k8s/deploy.yaml @@ -19,6 +19,9 @@ spec: containers: - name: traefik image: traefik:v2.2 + envFrom: + - secretRef: + name: namedotcom args: - --log.level=DEBUG - --api @@ -29,10 +32,22 @@ spec: - --providers.kubernetescrd - --metrics.statsd=true - --metrics.statsd.address=graphite.ducoterra.net:8125 + - --certificatesresolvers.myresolver.acme.email=ducoterra@icloud.com + - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json + - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web + - --certificatesresolvers.myresolver.acme.dnschallenge.provider=namedotcom + - --certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0 + volumeMounts: + - mountPath: /acme + name: traefik-acme ports: - name: web containerPort: 9080 - name: websecure containerPort: 9443 - name: admin - containerPort: 8080 \ No newline at end of file + containerPort: 8080 + volumes: + - name: traefik-acme + persistentVolumeClaim: + claimName: traefik-acme \ No newline at end of file diff --git a/k8s/pvc/pvc.yaml b/k8s/pvc/pvc.yaml new file mode 100644 index 0000000..847a2dc --- /dev/null +++ b/k8s/pvc/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: traefik-acme +spec: + storageClassName: nfs-encrypted + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi \ No newline at end of file