self-hosting/group_vars/all/traefik-daemonset

traefik_daemonset: |
  ---
  kind: DaemonSet
  apiVersion: apps/v1
  metadata:
    name: traefik-ingress-controller
    namespace: kube-system
    labels:
      k8s-app: traefik-ingress-lb
  spec:
    selector:
      matchLabels:
        k8s-app: traefik-ingress-lb
    updateStrategy:
      type: RollingUpdate
    template:
      metadata:
        labels:
          k8s-app: traefik-ingress-lb
          name: traefik-ingress-lb
      spec:
        serviceAccountName: traefik-ingress-controller
        terminationGracePeriodSeconds: 60
        hostNetwork: true
        dnsPolicy: ClusterFirstWithHostNet
        containers:
        - image: traefik:v1.7-alpine
          name: traefik-ingress-lb
          imagePullPolicy: IfNotPresent
          livenessProbe:
            failureThreshold: 2
            httpGet:
              path: /ping
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 5
          readinessProbe:
            failureThreshold: 2
            httpGet:
              path: /ping
              port: 8080
              scheme: HTTP
            periodSeconds: 5
          resources:
            requests:
              memory: "64Mi"
              cpu: "250m"
            limits:
              memory: "64Mi"
              cpu: "250m"
          ports:
          - name: http
            containerPort: 80
            hostPort: 80
          - name: https
            containerPort: 443
            hostPort: 443
          - name: admin
            containerPort: 8080
          securityContext:
            privileged: true
          volumeMounts:
          - name: tls
            mountPath: {{k8s_conf_dir}}
            readOnly: true
          args:
          - --checknewversion=false
          - --loglevel=INFO
          - --defaultentrypoints=http,https
          - --entrypoints=Name:http Address::80 Redirect.EntryPoint:https
          - --entrypoints=Name:https Address::443 TLS
          - --etcd=true
          - --etcd.prefix=/traefik
          - --etcd.watch=true
          - --etcd.endpoint={{groups.k8s_etcd|first}}:2379
          - --etcd.tls=true
          - --etcd.tls.ca={{k8s_conf_dir}}/ca-etcd.pem
          - --etcd.tls.cert={{k8s_conf_dir}}/cert-etcd.pem
          - --etcd.tls.key={{k8s_conf_dir}}/cert-etcd-key.pem
          - --etcd.useapiv3=true
          - --kubernetes=true
          - --kubernetes.watch=true
          - --kubernetes.namespaces=default
          - --web=true
          - --web.readonly
          - --web.address=:8080
          - --acme=true
          - --acme.acmelogging=true
          - --acme.caserver=https://acme-staging.api.letsencrypt.org/directory
          - --acme.entrypoint=https
          - --acme.httpchallenge=true
          - --acme.httpChallenge.entryPoint=http
          - --acme.email=letsencrypt.account@banditlair.com
          - --acme.onhostrule
          - --acme.storage=/traefik/acme/account
        volumes:
          - name: tls
            secret:
              secretName: traefik-etcd
Setting up traefik as loadbalancer and proxy 2018-07-26 00:12:17 +02:00			`traefik_daemonset: \|`
			`---`
			`kind: DaemonSet`
			`apiVersion: apps/v1`
			`metadata:`
			`name: traefik-ingress-controller`
			`namespace: kube-system`
			`labels:`
			`k8s-app: traefik-ingress-lb`
			`spec:`
			`selector:`
			`matchLabels:`
			`k8s-app: traefik-ingress-lb`
			`updateStrategy:`
			`type: RollingUpdate`
			`template:`
			`metadata:`
			`labels:`
			`k8s-app: traefik-ingress-lb`
			`name: traefik-ingress-lb`
			`spec:`
			`serviceAccountName: traefik-ingress-controller`
			`terminationGracePeriodSeconds: 60`
			`hostNetwork: true`
			`dnsPolicy: ClusterFirstWithHostNet`
			`containers:`
			`- image: traefik:v1.7-alpine`
			`name: traefik-ingress-lb`
			`imagePullPolicy: IfNotPresent`
			`livenessProbe:`
			`failureThreshold: 2`
			`httpGet:`
			`path: /ping`
			`port: 8080`
			`scheme: HTTP`
			`initialDelaySeconds: 10`
			`periodSeconds: 5`
			`readinessProbe:`
			`failureThreshold: 2`
			`httpGet:`
			`path: /ping`
			`port: 8080`
			`scheme: HTTP`
			`periodSeconds: 5`
			`resources:`
			`requests:`
			`memory: "64Mi"`
			`cpu: "250m"`
			`limits:`
			`memory: "64Mi"`
			`cpu: "250m"`
			`ports:`
			`- name: http`
			`containerPort: 80`
			`hostPort: 80`
			`- name: https`
			`containerPort: 443`
			`hostPort: 443`
			`- name: admin`
			`containerPort: 8080`
			`securityContext:`
			`privileged: true`
			`volumeMounts:`
			`- name: tls`
			`mountPath: {{k8s_conf_dir}}`
			`readOnly: true`
			`args:`
			`- --checknewversion=false`
			`- --loglevel=INFO`
			`- --defaultentrypoints=http,https`
			`- --entrypoints=Name:http Address::80 Redirect.EntryPoint:https`
			`- --entrypoints=Name:https Address::443 TLS`
			`- --etcd=true`
			`- --etcd.prefix=/traefik`
			`- --etcd.watch=true`
			`- --etcd.endpoint={{groups.k8s_etcd\|first}}:2379`
			`- --etcd.tls=true`
			`- --etcd.tls.ca={{k8s_conf_dir}}/ca-etcd.pem`
			`- --etcd.tls.cert={{k8s_conf_dir}}/cert-etcd.pem`
			`- --etcd.tls.key={{k8s_conf_dir}}/cert-etcd-key.pem`
			`- --etcd.useapiv3=true`
			`- --kubernetes=true`
			`- --kubernetes.watch=true`
			`- --kubernetes.namespaces=default`
			`- --web=true`
			`- --web.readonly`
			`- --web.address=:8080`
			`- --acme=true`
			`- --acme.acmelogging=true`
			`- --acme.caserver=https://acme-staging.api.letsencrypt.org/directory`
			`- --acme.entrypoint=https`
			`- --acme.httpchallenge=true`
			`- --acme.httpChallenge.entryPoint=http`
			`- --acme.email=letsencrypt.account@banditlair.com`
			`- --acme.onhostrule`
			`- --acme.storage=/traefik/acme/account`
			`volumes:`
			`- name: tls`
			`secret:`
			`secretName: traefik-etcd`