Skip to content

Instantly share code, notes, and snippets.

@akhenakh
Created October 7, 2019 17:40
Show Gist options
  • Save akhenakh/a90b9444f8b92364206ab15964bafee9 to your computer and use it in GitHub Desktop.
Save akhenakh/a90b9444f8b92364206ab15964bafee9 to your computer and use it in GitHub Desktop.
Traefik2 Kubernetes example config
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: traefik
name: traefik
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: traefik
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
prometheus.io/port: "8888"
prometheus.io/scrape: "true"
labels:
app: traefik
spec:
containers:
- args:
- --accesslog
- --entrypoints.web.address=:8000
- --entrypoints.websecure.address=:4443
- --entrypoints.metrics.address=:8888
- --api.dashboard=true
- --providers.kubernetescrd
- --certificatesresolvers.default.acme.email=root@mydomain.tld
- --certificatesresolvers.default.acme.storage=/data/acme.json
- --certificatesResolvers.default.acme.dnsChallenge.provider=gandiv5
- --certificatesResolvers.default.acme.dnsChallenge.delayBeforeCheck=5
- --metrics.prometheus=true
- --metrics.prometheus.entryPoint=metrics
- --tracing=true
- --tracing.jaeger=true
- --tracing.jaeger.localAgentHostPort=jaeger-agent:6831
- --tracing.jaeger.samplingParam=1
- --tracing.jaeger.samplingType=const
- --tracing.jaeger.propagation=b3
env:
- name: GANDIV5_API_KEY
valueFrom:
secretKeyRef:
key: secret
name: gandi-secret
image: traefik:v2.0.1
imagePullPolicy: IfNotPresent
name: traefik
ports:
- containerPort: 8000
name: web
protocol: TCP
- containerPort: 4443
name: websecure
protocol: TCP
- containerPort: 8080
name: admin
protocol: TCP
- containerPort: 8888
name: metrics
protocol: TCP
volumeMounts:
- mountPath: /data
name: storage-volume
restartPolicy: Always
volumes:
- name: storage-volume
persistentVolumeClaim:
claimName: traefik-acme-storage
---
apiVersion: v1
kind: Service
metadata:
name: traefik-admin
spec:
ports:
- port: 8080
name: admin
targetPort: admin
selector:
app: traefik
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: admin-auth
spec:
basicAuth:
secret: admin-authsecret
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-ingress
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`traefik.mydomain.tld`)
middlewares:
- name: admin-auth
kind: Rule
services:
- name: traefik-admin
port: 8080
tls:
certResolver: default
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: grafana-ingress
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`grafana.mydomain.tld`)
kind: Rule
middlewares:
- name: admin-auth
services:
- name: grafana
port: 80
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment