phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 13:46:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Traefik manifests

Browse source
This commit is contained in:
Paul-Henri Froidmont 2019-08-17 03:14:37 +02:00
parent 5955b3ac42
commit c6f69f614c
3 changed files with 189 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/k8s-manifests/tasks/main.yml
View file

@ -2,4 +2,8 @@
- include: prerequisites.yml
tags: prerequisites
- include: traefik.yml
tags: traefik
- include: searx.yml
tags: searx

21
roles/k8s-manifests/tasks/searx.yml
View file

@ -47,4 +47,23 @@
- port: 80
targetPort: 8888
selector:
app: searx
app: searx
- name: Searx ingress
k8s:
namespace: default
state: present
definition:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: searx
spec:
rules:
- host: searx.k8s.banditlair.com
http:
paths:
- path: /
backend:
serviceName: searx
servicePort: 80

165
roles/k8s-manifests/tasks/traefik.yml Normal file
View file

@ -0,0 +1,165 @@
- name: Traefik cluster role
k8s:
state: present
definition:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- name: Traefik cluster role binding
k8s:
state: present
definition:
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
- name: Traefik service account
k8s:
state: present
definition:
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-ingress-controller
namespace: kube-system
- name: Traefik daemon set
k8s:
state: present
definition:
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: traefik-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-ingress-lb
spec:
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-lb
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik
name: traefik-ingress-lb
ports:
- name: http
containerPort: 80
hostPort: 80
- name: admin
containerPort: 8080
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
args:
- --api
- --kubernetes
- --logLevel=INFO
- name: Traefik service
k8s:
state: present
definition:
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-service
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
- name: Traefik UI service
k8s:
state: present
definition:
apiVersion: v1
kind: Service
metadata:
name: traefik-web-ui
namespace: kube-system
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- name: web
port: 80
targetPort: 8080
- name: Traefik UI basic auth secret
k8s:
state: present
definition:
apiVersion: v1
data:
auth: "{{('admin:' + traefik_dashboard_password_hash) | b64encode}}"
kind: Secret
metadata:
name: traefik-auth
namespace: kube-system
- name: Traefik UI ingress
k8s:
state: present
definition:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik-web-ui
namespace: kube-system
annotations:
traefik.ingress.kubernetes.io/auth-type: "basic"
traefik.ingress.kubernetes.io/auth-secret: "traefik-auth"
spec:
rules:
- host: traefik.k8s.banditlair.com
http:
paths:
- path: /
backend:
serviceName: traefik-web-ui
servicePort: web