automatically deploy traefik

2023-12-06 19:46:20 +01:00
parent 8d381d8b93
commit ab3dba75c5
12 changed files with 67 additions and 72 deletions
--- a/infrastructure/traefik-system/configmap.yaml
+++ b/infrastructure/traefik-system/configmap.yaml
@@ -0,0 +1,88 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: traefik-config
+data:
+  traefik.toml: |
+    [ping]
+    
+    [global]
+      checkNewVersion = true
+      sendAnonymousUsage = false
+    
+    [log]
+      level = "INFO"
+    
+    [accessLog]
+      # format = "json"
+      # filePath = "/var/log/traefik/access.log"
+      [accessLog.fields]
+        defaultMode = "keep"
+        [accessLog.fields.names]
+          "RequestProtocol" = "drop"
+          "level" = "drop"
+          "RequestContentSize" = "drop"
+          "RequestScheme" = "drop"
+          "StartLocal" = "drop"
+          "StartUTC" = "drop"
+        #   ClientUsername: drop
+        #   DownstreamStatusLine: drop
+        #   RequestAddr: drop
+        #   RequestCount: drop
+        #   RequestHost: drop
+        #   RequestLine: drop
+        #   UpstreamAddr: drop
+        #   UpstreamStatusLine: drop
+        #   duration: drop
+        #   msg: drop
+        #   time: drop
+        #   upstream: drop
+        #   user_agent: drop
+    [api]
+      dashboard = true
+      insecure = true
+      debug = false
+ 
+    [providers]
+      [providers.kubernetesCRD]
+        allowCrossNamespace = true
+      [providers.kubernetesIngress]
+        allowExternalNameServices = true
+        ingressClass = "traefik"
+    
+    [serversTransport]
+      insecureSkipVerify = true
+ 
+    [entryPoints]
+      [entryPoints.web]
+        address = ":8000"
+        [entryPoints.web.http]
+          [entryPoints.web.http.redirections]
+            [entryPoints.web.http.redirections.entryPoint]
+              to = ":443" # should be the same as websecure but the loadbalancer maps 443 -> 8443
+              scheme = "https"
+
+      [entryPoints.websecure]
+        address = ":8443"
+      [entryPoints.metrics]
+        address = ":9100"
+      [entryPoints.traefik]
+        address = ":9000"
+      [entryPoints.dnsovertls] # route dns over https to other pods but provide own certificate
+        address = ":853"
+
+    [metrics]
+      [metrics.influxDB2]
+      address = "http://influxdb-influxdb2.monitoring:80"
+      token = "N_jNm1hZTfyhJneTJj2G357mQ7EJdNzdvebjSJX6JkbyaXNup_IAqeYowblMgV8EjLypNvauTl27ewJvI_rbqQ=="
+      org = "influxdata"
+      bucket = "kluster"
+
+    [certificatesResolvers.default-tls.acme]
+      email = "me@moll.re"
+      storage = "/certs/acme.json"
+      [certificatesResolvers.default-tls.acme.tlsChallenge]
+
+    [experimental.plugins.traefik-plugin-geoblock]
+      moduleName = "github.com/nscuro/traefik-plugin-geoblock"
+      version = "v0.10.0"