akhenakh/traefik2.yaml

## traefik2.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: traefik
  name: traefik
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      annotations:
        prometheus.io/port: "8888"
        prometheus.io/scrape: "true"
      labels:
        app: traefik
    spec:
      containers:
      - args:
        - --accesslog
        - --entrypoints.web.address=:8000
        - --entrypoints.websecure.address=:4443
        - --entrypoints.metrics.address=:8888
        - --api.dashboard=true
        - --providers.kubernetescrd
        - --certificatesresolvers.default.acme.email=root@mydomain.tld
        - --certificatesresolvers.default.acme.storage=/data/acme.json
        - --certificatesResolvers.default.acme.dnsChallenge.provider=gandiv5
        - --certificatesResolvers.default.acme.dnsChallenge.delayBeforeCheck=5
        - --metrics.prometheus=true
        - --metrics.prometheus.entryPoint=metrics
        - --tracing=true
        - --tracing.jaeger=true
        - --tracing.jaeger.localAgentHostPort=jaeger-agent:6831
        - --tracing.jaeger.samplingParam=1
        - --tracing.jaeger.samplingType=const
        - --tracing.jaeger.propagation=b3
        env:
        - name: GANDIV5_API_KEY
          valueFrom:
            secretKeyRef:
              key: secret
              name: gandi-secret
        image: traefik:v2.0.1
        imagePullPolicy: IfNotPresent
        name: traefik
        ports:
        - containerPort: 8000
          name: web
          protocol: TCP
        - containerPort: 4443
          name: websecure
          protocol: TCP
        - containerPort: 8080
          name: admin
          protocol: TCP
        - containerPort: 8888
          name: metrics
          protocol: TCP
        volumeMounts:
        - mountPath: /data
          name: storage-volume
      restartPolicy: Always
      volumes:
      - name: storage-volume
        persistentVolumeClaim:
          claimName: traefik-acme-storage
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-admin
spec:
  ports:
    - port: 8080
      name: admin
      targetPort: admin
  selector:
    app: traefik
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: admin-auth
spec:
  basicAuth:
    secret: admin-authsecret
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-ingress
  namespace: default
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`traefik.mydomain.tld`)
      middlewares:
        - name: admin-auth
      kind: Rule
      services:
        - name: traefik-admin
          port: 8080
  tls:
    certResolver: default
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: grafana-ingress
  namespace: default
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`grafana.mydomain.tld`)
      kind: Rule
      middlewares:
        - name: admin-auth
      services:
        - name: grafana
          port: 80
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: traefik
	name: traefik
	namespace: default
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: traefik
	strategy:
	rollingUpdate:
	maxSurge: 1
	maxUnavailable: 1
	type: RollingUpdate
	template:
	metadata:
	annotations:
	prometheus.io/port: "8888"
	prometheus.io/scrape: "true"
	labels:
	app: traefik
	spec:
	containers:
	- args:
	- --accesslog
	- --entrypoints.web.address=:8000
	- --entrypoints.websecure.address=:4443
	- --entrypoints.metrics.address=:8888
	- --api.dashboard=true
	- --providers.kubernetescrd
	- --certificatesresolvers.default.acme.email=root@mydomain.tld
	- --certificatesresolvers.default.acme.storage=/data/acme.json
	- --certificatesResolvers.default.acme.dnsChallenge.provider=gandiv5
	- --certificatesResolvers.default.acme.dnsChallenge.delayBeforeCheck=5
	- --metrics.prometheus=true
	- --metrics.prometheus.entryPoint=metrics
	- --tracing=true
	- --tracing.jaeger=true
	- --tracing.jaeger.localAgentHostPort=jaeger-agent:6831
	- --tracing.jaeger.samplingParam=1
	- --tracing.jaeger.samplingType=const
	- --tracing.jaeger.propagation=b3
	env:
	- name: GANDIV5_API_KEY
	valueFrom:
	secretKeyRef:
	key: secret
	name: gandi-secret
	image: traefik:v2.0.1
	imagePullPolicy: IfNotPresent
	name: traefik
	ports:
	- containerPort: 8000
	name: web
	protocol: TCP
	- containerPort: 4443
	name: websecure
	protocol: TCP
	- containerPort: 8080
	name: admin
	protocol: TCP
	- containerPort: 8888
	name: metrics
	protocol: TCP
	volumeMounts:
	- mountPath: /data
	name: storage-volume
	restartPolicy: Always
	volumes:
	- name: storage-volume
	persistentVolumeClaim:
	claimName: traefik-acme-storage
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: traefik-admin
	spec:
	ports:
	- port: 8080
	name: admin
	targetPort: admin
	selector:
	app: traefik
	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: Middleware
	metadata:
	name: admin-auth
	spec:
	basicAuth:
	secret: admin-authsecret
	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: traefik-ingress
	namespace: default
	spec:
	entryPoints:
	- websecure
	routes:
	- match: Host(`traefik.mydomain.tld`)
	middlewares:
	- name: admin-auth
	kind: Rule
	services:
	- name: traefik-admin
	port: 8080
	tls:
	certResolver: default
	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: grafana-ingress
	namespace: default
	spec:
	entryPoints:
	- web
	routes:
	- match: Host(`grafana.mydomain.tld`)
	kind: Rule
	middlewares:
	- name: admin-auth
	services:
	- name: grafana
	port: 80