diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5347237 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +users \ No newline at end of file diff --git a/README.md b/README.md index 1f9aa88..0bfc784 100644 --- a/README.md +++ b/README.md @@ -35,4 +35,11 @@ spec: export USERNAME= export TOKEN= -kubectl create secret generic namedotcom -n kube-system --from-literal=NAMECOM_USERNAME=$USERNAME --from-literal=NAMECOM_API_TOKEN=$TOKEN --from-literal=NAMECOM_SERVER=api.name.com \ No newline at end of file +kubectl create secret generic namedotcom -n kube-system --from-literal=NAMECOM_USERNAME=$USERNAME --from-literal=NAMECOM_API_TOKEN=$TOKEN --from-literal=NAMECOM_SERVER=api.name.com + +## Create a basic auth secret + +```bash +htpasswd -nbB user pass >> users +kubectl create secret generic authsecret --from-file=users +``` diff --git a/external/deploy.yaml b/external/deploy.yaml index 6171573..4151838 100644 --- a/external/deploy.yaml +++ b/external/deploy.yaml @@ -33,6 +33,12 @@ spec: - --certificatesresolvers.myresolver.acme.tlschallenge - --certificatesresolvers.myresolver.acme.email=ducoterra@icloud.com - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json + - --tracing=true + - --tracing.serviceName=traefik-external-controller + - --tracing.spanNameLimit=0 + - --tracing.zipkin=true + - --tracing.zipkin.httpEndpoint=http://zipkin:9411/api/v2/spans + - --tracing.zipkin.sampleRate=1.0 volumeMounts: - mountPath: /acme name: traefik-external-acme diff --git a/external/ingress.yaml b/external/ingress.yaml index 5267d71..d8d880e 100644 --- a/external/ingress.yaml +++ b/external/ingress.yaml @@ -18,6 +18,8 @@ spec: services: - name: traefik-external-admin port: 8080 + middlewares: + - name: basic-auth --- diff --git a/internal/deploy.yaml b/internal/deploy.yaml index c8a6e55..f678fce 100644 --- a/internal/deploy.yaml +++ b/internal/deploy.yaml @@ -24,7 +24,7 @@ spec: name: namedotcom args: - --providers.kubernetescrd.ingressclass=traefik-internal - - --log.level=ERROR + - --log.level=DEBUG - --api - --api.insecure - --entrypoints.web.address=:80 @@ -38,6 +38,12 @@ spec: - --certificatesresolvers.myresolver.acme.email=ducoterra@icloud.com - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=8.8.8.8:53 + - --tracing=true + - --tracing.serviceName=traefik-internal-controller + - --tracing.spanNameLimit=0 + - --tracing.zipkin=true + - --tracing.zipkin.httpEndpoint=http://zipkin:9411/api/v2/spans + - --tracing.zipkin.sampleRate=1.0 volumeMounts: - mountPath: /acme name: traefik-internal-acme diff --git a/internal/ingress.yaml b/internal/ingress.yaml index de0ed85..2e84850 100644 --- a/internal/ingress.yaml +++ b/internal/ingress.yaml @@ -18,6 +18,8 @@ spec: services: - name: traefik-internal-admin port: 8080 + middlewares: + - name: basic-auth --- diff --git a/middleware/basicauth.yaml b/middleware/basicauth.yaml new file mode 100644 index 0000000..41794a3 --- /dev/null +++ b/middleware/basicauth.yaml @@ -0,0 +1,8 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: basic-auth +spec: + basicAuth: + secret: authsecret + removeHeader: true \ No newline at end of file diff --git a/k8s/redirectscheme.yaml b/middleware/redirectscheme.yaml similarity index 100% rename from k8s/redirectscheme.yaml rename to middleware/redirectscheme.yaml diff --git a/k8s/stricttransport.yaml b/middleware/stricttransport.yaml similarity index 100% rename from k8s/stricttransport.yaml rename to middleware/stricttransport.yaml