Traefik Config

Holy crap this is hard

Installing

export SERVER=

helm template traefik ./helm --values values.yaml | cat - > ~/Infrastructure/$SERVER-traefik.yaml

cat ~/Infrastructure/$SERVER-traefik.yaml | ssh $SERVER "kubectl apply -f -"

Docs

Configuration Examples: https://docs.traefik.io/routing/providers/kubernetes-ingress/ CLI Reference: https://docs.traefik.io/reference/static-configuration/cli/

Ingress Example

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-internal-tls
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik-internal
spec:
  entryPoints:
    - websecure
  tls:
    certResolver: myresolver
    domains:
    - main: "*.ducoterra.net"
  routes:
  - match: Host(`traefik-internal.ducoterra.net`)
    kind: Rule
    services:
    - name: traefik-internal-admin
      port: 8080
    middlewares:
      - name: basic-auth

---

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-internal-web
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik-internal
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`traefik-internal.ducoterra.net`)
    kind: Rule
    services:
    - name: traefik-internal-admin
      port: 8080
    middlewares:
      - name: httpsredirect

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: {{ .Release.Name }}-external-tls
  annotations:
    kubernetes.io/ingress.class: traefik-external
spec:
  entryPoints:
    - websecure
  tls:
    certResolver: myresolver
  routes:
  - match: Host(`jellyfin.ducoterra.net`)
    kind: Rule
    services:
    - name: {{ .Release.Name }}
      port: 8096
    middlewares:
      - name: {{ .Release.Name }}

---

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: {{ .Release.Name }}-external-web
  annotations:
    kubernetes.io/ingress.class: traefik-external
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`jellyfin.ducoterra.net`)
    kind: Rule
    services:
    - name: {{ .Release.Name }}
      port: 8096
    middlewares:
      - name: httpsredirect

Create a name.com secret for traefik to use:

export USERNAME= export TOKEN= kubectl create secret generic namedotcom -n kube-system --from-literal=NAMECOM_USERNAME=$USERNAME --from-literal=NAMECOM_API_TOKEN=$TOKEN --from-literal=NAMECOM_SERVER=api.name.com

Create a basic auth secret

htpasswd -nbB user pass >> users
kubectl create secret generic authsecret --from-file=users