carloscarnero/traefik-v2.yml

## traefik-v2.yml
---
kind: Namespace
apiVersion: v1
metadata:
  name: traefik
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik
rules:
- apiGroups:
  - ""
  resources:
  - services
  - endpoints
  - secrets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - ingresses/status
  verbs:
  - update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik
subjects:
- kind: ServiceAccount
  name: traefik
  namespace: traefik
---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: traefik
  namespace: traefik
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: traefik
  namespace: traefik
  labels:
    com.example/service.name: traefik
spec:
  selector:
    matchLabels:
      com.example/service.name: traefik
  template:
    metadata:
      labels:
        com.example/service.name: traefik
    spec:
      serviceAccountName: traefik
      containers:
      - name: traefik
        image: traefik:v2.2.7
        args:
        - --log.level=INFO
        - --entrypoints.http.address=:80
        - --entrypoints.https.address=:443
        - --providers.kubernetesingress
        - --providers.kubernetesingress.ingressendpoint.ip=0.0.0.0
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: https
          containerPort: 443
          hostPort: 443
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
      nodeSelector:
        com.example/node.ingress: "true"
---
kind: Service
apiVersion: v1
metadata:
  name: traefik
  namespace: traefik
spec:
  selector:
    com.example/service.name: traefik
  ports:
  - protocol: TCP
    port: 80
    name: http
    targetPort: 80
  - protocol: TCP
    port: 443
    name: https
    targetPort: 443
	---
	kind: Namespace
	apiVersion: v1
	metadata:
	name: traefik
	---
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: traefik
	rules:
	- apiGroups:
	- ""
	resources:
	- services
	- endpoints
	- secrets
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- extensions
	resources:
	- ingresses
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- extensions
	resources:
	- ingresses/status
	verbs:
	- update
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: traefik
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: traefik
	subjects:
	- kind: ServiceAccount
	name: traefik
	namespace: traefik
	---
	kind: ServiceAccount
	apiVersion: v1
	metadata:
	name: traefik
	namespace: traefik
	---
	kind: DaemonSet
	apiVersion: apps/v1
	metadata:
	name: traefik
	namespace: traefik
	labels:
	com.example/service.name: traefik
	spec:
	selector:
	matchLabels:
	com.example/service.name: traefik
	template:
	metadata:
	labels:
	com.example/service.name: traefik
	spec:
	serviceAccountName: traefik
	containers:
	- name: traefik
	image: traefik:v2.2.7
	args:
	- --log.level=INFO
	- --entrypoints.http.address=:80
	- --entrypoints.https.address=:443
	- --providers.kubernetesingress
	- --providers.kubernetesingress.ingressendpoint.ip=0.0.0.0
	ports:
	- name: http
	containerPort: 80
	hostPort: 80
	- name: https
	containerPort: 443
	hostPort: 443
	securityContext:
	capabilities:
	drop:
	- ALL
	add:
	- NET_BIND_SERVICE
	nodeSelector:
	com.example/node.ingress: "true"
	---
	kind: Service
	apiVersion: v1
	metadata:
	name: traefik
	namespace: traefik
	spec:
	selector:
	com.example/service.name: traefik
	ports:
	- protocol: TCP
	port: 80
	name: http
	targetPort: 80
	- protocol: TCP
	port: 443
	name: https
	targetPort: 443