Skip to content

Instantly share code, notes, and snippets.

@taxilian

taxilian/compress.yaml

Last active September 16, 2020 16:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save taxilian/7459e37ff9cfffb60df267d3507ffb20 to your computer and use it in GitHub Desktop.
Save taxilian/7459e37ff9cfffb60df267d3507ffb20 to your computer and use it in GitHub Desktop.
Download ZIP
Traefik kubernetes configuration that I use
Raw
compress.yaml
# Enable gzip compression
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: gzip-compress
spec:
compress: {}
Raw
definitions.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRoute
plural: ingressroutes
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressrouteudps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteUDP
plural: ingressrouteudps
singular: ingressrouteudp
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsstores.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSStore
plural: tlsstores
singular: tlsstore
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: traefikservices.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TraefikService
plural: traefikservices
singular: traefikservice
scope: Namespaced
Raw
rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- middlewares
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: default
Raw
routes-prod.yaml
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: examtools-prod
namespace: prod
spec:
entryPoints:
- etprod
routes:
- kind: Rule
match: PathPrefix(`/`)
middlewares:
- name: gzip-compress
services:
- kind: Service
name: examtools-prod
port: 80
passHostHeader: true
sticky:
cookie:
name: SRVCOOKIE
httpOnly: true
strategy: RoundRobin
---
kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
name: hamstudy-prod
namespace: prod
spec:
entryPoints:
- hsprod
routes:
- kind: Rule
match: PathPrefix(`/`)
middlewares:
- name: gzip-compress
services:
- kind: Service
name: hamstudy-prod
port: 80
passHostHeader: true
sticky:
cookie:
name: SRVCOOKIE
httpOnly: true
strategy: RoundRobin
Raw
services-prod.yaml
apiVersion: v1
kind: Service
metadata:
name: hamstudy-prod
namespace: prod
spec:
selector:
app: hamstudy
env: prod
ports:
- protocol: TCP
port: 80
targetPort: 4000
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: examtools-prod
namespace: prod
spec:
selector:
app: hamstudy
env: prod
ports:
- protocol: TCP
port: 80
targetPort: 4100
type: ClusterIP
Raw
traefik_daemonset.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: default
name: traefik
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: default
name: traefik
labels:
app: traefikt
spec:
selector:
matchLabels:
name: traefik
template:
metadata:
labels:
name: traefik
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
# hostPort doesn't work with CNI, so we have to use hostNetwork instead
# see https://github.com/kubernetes/kubernetes/issues/23920
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
containers:
- args:
- --api
- --api.insecure
#- --api.insecure=false
- --api.dashboard=true
- --accesslog
- --global.checknewversion=true
- --entryPoints.traefik.address=:8100
- --entryPoints.web.address=:8000
- --entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.hsprod.address=:14000
- --entryPoints.hsprod.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.hsbeta.address=:14001
- --entryPoints.hsbeta.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.hsalpha.address=:14002
- --entryPoints.hsalpha.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.hssandbox.address=:14010
- --entryPoints.hssandbox.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.hssandboxbeta.address=:14011
- --entryPoints.hssandboxbeta.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.etprod.address=:14100
- --entryPoints.etprod.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.etbeta.address=:14101
- --entryPoints.etbeta.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.etalpha.address=:14102
- --entryPoints.etalpha.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.etsandbox.address=:14110
- --entryPoints.etsandbox.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --entryPoints.etsandboxbeta.address=:14111
- --entryPoints.etsandboxbeta.forwardedHeaders.trustedIPs=127.0.0.1/32,172.21.32.0/24
- --ping=true
- --providers.kubernetescrd=true
- --providers.kubernetesingress=true
- --log.level=INFO
image: traefik:2.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: 8100
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
name: traefik
ports:
- containerPort: 8100
name: admin
protocol: TCP
- containerPort: 8000
name: web
protocol: TCP
- containerPort: 14000
name: hsprod
protocol: TCP
- containerPort: 14001
name: hsbeta
protocol: TCP
- containerPort: 14002
name: hsalpha
protocol: TCP
- containerPort: 14010
name: hssandbox
protocol: TCP
- containerPort: 14011
name: hssandboxbeta
protocol: TCP
- containerPort: 14100
name: etprod
protocol: TCP
- containerPort: 14101
name: etbeta
protocol: TCP
- containerPort: 14102
name: etalpha
protocol: TCP
- containerPort: 14110
name: etsandbox
protocol: TCP
- containerPort: 14111
name: etsandboxbeta
protocol: TCP
readinessProbe:
failureThreshold: 1
httpGet:
path: /ping
port: 8100
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: traefik
serviceAccountName: traefik
terminationGracePeriodSeconds: 60
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment