$ \
kubectl create namespace traefik &&\
kubectl apply -f - <<EOF
---
apiVersion: v1
kind: Secret
metadata:
name: cloudflare-api-credentials
namespace: traefik
type: Opaque
stringData:
email: your@cloudflare.email
apiKey: YOURCLOUDFLAREAPIKEY
---
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-config
namespace: traefik
data:
traefik-config.yaml: |
http:
middlewares:
headers-default:
headers:
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
EOF
&&\
cat <<EOF > traefik-chart-values.yaml
# additionalArguments:
# - --providers.file.filename=/data/traefik-config.yaml
# - --entrypoints.websecure.http.tls.certresolver=cloudflare
# - --entrypoints.websecure.http.tls.domains[0].main=example.com
# - --entrypoints.websecure.http.tls.domains[0].sans=*.example.com
# - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
# - --certificatesresolvers.cloudflare.acme.email=mail@example.com
# - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1
# - --certificatesresolvers.cloudflare.acme.storage=/certs/acme.json
ports:
web:
redirectTo: websecure
# env:
# - name: CF_API_EMAIL
# valueFrom:
# secretKeyRef:
# key: email
# name: cloudflare-api-credentials
# - name: CF_API_KEY
# valueFrom:
# secretKeyRef:
# key: apiKey
# name: cloudflare-api-credentials
ingressRoute:
dashboard:
enabled: false
persistence:
enabled: true
path: /certs
size: 128Mi
volumes:
- mountPath: /data
name: traefik-config
type: configMap
EOF
helm repo add traefik https://helm.traefik.io/traefik &&\
helm repo update &&\
helm install traefik traefik/traefik --namespace=traefik --values=traefik-chart-values.yaml
Created
June 27, 2021 09:06
-
-
Save marcelmaatkamp/f3181f042fd9ac72a8490f6132e0d1c4 to your computer and use it in GitHub Desktop.
test web
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment