tasdikrahman/traefik-daemonet.yaml

## traefik-daemonet.yaml
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - pods
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik
  namespace: kube-system
data:
  traefik-config: |-
    defaultEntryPoints = ["http","https"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
        [entryPoints.http.redirect]
        regex = "^http://(.*)"
        replacement = "https://$1"
      [entryPoints.https]
      address = ":443"
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: Service
apiVersion: v1
metadata:
  name: traefik-ingress-service
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
    - protocol: TCP
      name: http
      port: 80
    - protocol: TCP
      name: admin
      port: 8080
  type: NodePort
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: traefik-ingress-controller
  namespace: traefik
  labels:
    k8s-app: traefik-ingress-lb
spec:
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 1
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      nodeSelector:
        edge-node-label: ""
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      hostNetwork: true
      containers:
      - image: traefik:v1.7.2-alpine
        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: admin
          containerPort: 8080
        securityContext:
          privileged: true
        args:
        - --loglevel=INFO
        - --web
        - --kubernetes
        - --web.metrics.prometheus
        - --web.metrics.prometheus.buckets=0.1,0.3,1.2,5
        - --configFile=/etc/traefik/traefik.toml
        resources:
          limits:
            cpu: 200m
            memory: 300Mi
          requests:
            cpu: 100m
            memory: 150Mi
        volumeMounts:
        - name: config-volume
          mountPath: /etc/traefik
      volumes:
      - name: config-volume
        configMap:
          name: traefik
          items:
          - key: traefik-config
            path: traefik.toml
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: traefik-ingress-controller
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: traefik-ingress-controller
	subjects:
	- kind: ServiceAccount
	name: traefik-ingress-controller
	namespace: kube-system
	---
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: traefik-ingress-controller
	rules:
	- apiGroups:
	- ""
	resources:
	- pods
	- services
	- endpoints
	- secrets
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- extensions
	resources:
	- ingresses
	verbs:
	- get
	- list
	- watch
	---
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: traefik
	namespace: kube-system
	data:
	traefik-config: \|-
	defaultEntryPoints = ["http","https"]
	[entryPoints]
	[entryPoints.http]
	address = ":80"
	[entryPoints.http.redirect]
	regex = "^http://(.*)"
	replacement = "https://$1"
	[entryPoints.https]
	address = ":443"
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: traefik-ingress-controller
	namespace: kube-system
	---
	kind: Service
	apiVersion: v1
	metadata:
	name: traefik-ingress-service
	spec:
	selector:
	k8s-app: traefik-ingress-lb
	ports:
	- protocol: TCP
	name: http
	port: 80
	- protocol: TCP
	name: admin
	port: 8080
	type: NodePort
	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: traefik-ingress-controller
	namespace: traefik
	labels:
	k8s-app: traefik-ingress-lb
	spec:
	selector:
	matchLabels:
	k8s-app: traefik-ingress-lb
	updateStrategy:
	rollingUpdate:
	maxUnavailable: 1
	template:
	metadata:
	labels:
	k8s-app: traefik-ingress-lb
	name: traefik-ingress-lb
	spec:
	nodeSelector:
	edge-node-label: ""
	serviceAccountName: traefik-ingress-controller
	terminationGracePeriodSeconds: 60
	hostNetwork: true
	containers:
	- image: traefik:v1.7.2-alpine
	name: traefik-ingress-lb
	ports:
	- name: http
	containerPort: 80
	hostPort: 80
	- name: admin
	containerPort: 8080
	securityContext:
	privileged: true
	args:
	- --loglevel=INFO
	- --web
	- --kubernetes
	- --web.metrics.prometheus
	- --web.metrics.prometheus.buckets=0.1,0.3,1.2,5
	- --configFile=/etc/traefik/traefik.toml
	resources:
	limits:
	cpu: 200m
	memory: 300Mi
	requests:
	cpu: 100m
	memory: 150Mi
	volumeMounts:
	- name: config-volume
	mountPath: /etc/traefik
	volumes:
	- name: config-volume
	configMap:
	name: traefik
	items:
	- key: traefik-config
	path: traefik.toml