From 647d63ee624f0a6bb6bfd65826c1b54a76c011cd Mon Sep 17 00:00:00 2001 From: vvyshko Date: Sat, 6 Mar 2021 21:05:56 +0200 Subject: [PATCH] Added basic Traefik ingress config --- deployment/04-traefik-rbac.yaml | 182 ++++++++++++++++++++++ deployment/05-traefik-deployment.yaml | 69 ++++++++ deployment/06-traefik-ingress-routes.yaml | 67 ++++++++ 3 files changed, 318 insertions(+) create mode 100644 deployment/04-traefik-rbac.yaml create mode 100644 deployment/05-traefik-deployment.yaml create mode 100644 deployment/06-traefik-ingress-routes.yaml diff --git a/deployment/04-traefik-rbac.yaml b/deployment/04-traefik-rbac.yaml new file mode 100644 index 0000000..8d10f61 --- /dev/null +++ b/deployment/04-traefik-rbac.yaml @@ -0,0 +1,182 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressroutes.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRoute + plural: ingressroutes + singular: ingressroute + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: middlewares.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: Middleware + plural: middlewares + singular: middleware + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressroutetcps.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRouteTCP + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressrouteudps.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRouteUDP + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tlsoptions.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: TLSOption + plural: tlsoptions + singular: tlsoption + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tlsstores.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: TLSStore + plural: tlsstores + singular: tlsstore + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: traefikservices.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: TraefikService + plural: traefikservices + singular: traefikservice + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: serverstransports.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: ServersTransport + plural: serverstransports + singular: serverstransport + scope: Namespaced + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller + +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - traefik.containo.us + resources: + - middlewares + - ingressroutes + - traefikservices + - ingressroutetcps + - ingressrouteudps + - tlsoptions + - tlsstores + - serverstransports + verbs: + - get + - list + - watch + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller + +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-ingress-controller +subjects: + - kind: ServiceAccount + name: traefik-ingress-controller + namespace: default \ No newline at end of file diff --git a/deployment/05-traefik-deployment.yaml b/deployment/05-traefik-deployment.yaml new file mode 100644 index 0000000..362b0e2 --- /dev/null +++ b/deployment/05-traefik-deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Service +metadata: + name: traefik + +spec: + type: LoadBalancer + ports: + - protocol: TCP + name: web + port: 80 + - protocol: TCP + name: admin + port: 8080 + - protocol: TCP + name: websecure + port: 443 + selector: + app: traefik + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: default + name: traefik-ingress-controller + +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + namespace: default + name: traefik + labels: + app: traefik + +spec: + replicas: 1 + selector: + matchLabels: + app: traefik + template: + metadata: + labels: + app: traefik + spec: + serviceAccountName: traefik-ingress-controller + containers: + - name: traefik + image: traefik:v2.3 + args: + - --api.insecure + - --accesslog + - --entrypoints.web.Address=:80 + - --entrypoints.websecure.Address=:443 + - --providers.kubernetescrd + - --certificatesresolvers.myresolver.acme.tlschallenge + - --certificatesresolvers.myresolver.acme.email=volodymyr.vyshko@globallogic.com + - --certificatesresolvers.myresolver.acme.storage=acme.json + # Please note that this is the staging Let's Encrypt server. + # Once you get things working, you should remove that whole line altogether. + # - --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory + ports: + - name: web + containerPort: 80 + - name: websecure + containerPort: 443 + - name: admin + containerPort: 8080 \ No newline at end of file diff --git a/deployment/06-traefik-ingress-routes.yaml b/deployment/06-traefik-ingress-routes.yaml new file mode 100644 index 0000000..0809394 --- /dev/null +++ b/deployment/06-traefik-ingress-routes.yaml @@ -0,0 +1,67 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: chat-svc-route + namespace: default +spec: + entryPoints: + - web + # - websecure + routes: + - match: PathPrefix(`/socket.io`, `/meta`) + kind: Rule + priority: 10 + services: + - name: chat-service + port: 3001 + sticky: + cookie: + name: heyy +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: main-route + namespace: default +spec: + entryPoints: + - web + # - websecure + routes: + - match: Path(`/`) + kind: Rule + services: + - name: client-app + port: 80 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: static-res-route + namespace: default +spec: + entryPoints: + - web + # - websecure + routes: + - match: PathPrefix(`/static`) + kind: Rule + services: + - name: client-app + port: 80 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: user-svc-route + namespace: default +spec: + entryPoints: + - web + # - websecure + routes: + - match: Path(`/api`) + kind: Rule + services: + - name: user-service + port: 3000 \ No newline at end of file