Last active
April 29, 2023 16:26
-
-
Save windschord/f366dfd06eb51fd6e241556669d3d2f1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These configuration files are for using Traefik outside of kubernetes(GKE) . | |
Details on how to use the file can be found at the following below URL: | |
[クラウドで安く自分のkubernetesを持ちたい]{https://blog.windschord.com/posts/2020-02-15/setup_gke_with_traefik) (Japanese only) | |
-- This source code licensed under a MIT. -- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this file based on https://docs.traefik.io/user-guides/crd-acme/ | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: ingressroutes.traefik.containo.us | |
spec: | |
group: traefik.containo.us | |
version: v1alpha1 | |
names: | |
kind: IngressRoute | |
plural: ingressroutes | |
singular: ingressroute | |
scope: Namespaced | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: ingressroutetcps.traefik.containo.us | |
spec: | |
group: traefik.containo.us | |
version: v1alpha1 | |
names: | |
kind: IngressRouteTCP | |
plural: ingressroutetcps | |
singular: ingressroutetcp | |
scope: Namespaced | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: middlewares.traefik.containo.us | |
spec: | |
group: traefik.containo.us | |
version: v1alpha1 | |
names: | |
kind: Middleware | |
plural: middlewares | |
singular: middleware | |
scope: Namespaced | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: tlsoptions.traefik.containo.us | |
spec: | |
group: traefik.containo.us | |
version: v1alpha1 | |
names: | |
kind: TLSOption | |
plural: tlsoptions | |
singular: tlsoption | |
scope: Namespaced | |
--- | |
apiVersion: apiextensions.k8s.io/v1beta1 | |
kind: CustomResourceDefinition | |
metadata: | |
name: traefikservices.traefik.containo.us | |
spec: | |
group: traefik.containo.us | |
version: v1alpha1 | |
names: | |
kind: TraefikService | |
plural: traefikservices | |
singular: traefikservice | |
scope: Namespaced | |
--- | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
metadata: | |
name: traefik-ingress-controller | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- services | |
- endpoints | |
- secrets | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- extensions | |
resources: | |
- ingresses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- extensions | |
resources: | |
- ingresses/status | |
verbs: | |
- update | |
- apiGroups: | |
- traefik.containo.us | |
resources: | |
- middlewares | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- traefik.containo.us | |
resources: | |
- ingressroutes | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- traefik.containo.us | |
resources: | |
- ingressroutetcps | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- traefik.containo.us | |
resources: | |
- tlsoptions | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- traefik.containo.us | |
resources: | |
- traefikservices | |
verbs: | |
- get | |
- list | |
- watch | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1beta1 | |
metadata: | |
name: traefik-ingress-controller | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: traefik-ingress-controller | |
subjects: | |
- kind: ServiceAccount | |
name: traefik-ingress-controller | |
namespace: default | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
namespace: default | |
name: traefik-ingress-controller |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: traefik.containo.us/v1alpha1 | |
kind: IngressRoute | |
metadata: | |
name: kubernetes-dashboard | |
namespace: kubernetes-dashboard | |
spec: | |
entryPoints: | |
- websecure | |
routes: | |
- match: Host(`dashbord.your-domain.example.com`) | |
kind: Rule | |
services: | |
- name: kubernetes-dashboard | |
port: 80 | |
tls: | |
certResolver: el | |
# based on https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: admin-user | |
namespace: kubernetes-dashboard | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: admin-user | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: cluster-admin | |
subjects: | |
- kind: ServiceAccount | |
name: admin-user | |
namespace: kubernetes-dashboard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Dynamic Configuration | |
[http.routers] | |
[http.routers.my-api] | |
rule = "Host(`your-domain.example.com`)" | |
service = "api@internal" | |
middlewares = ["auth"] | |
[http.routers.my-api.tls] | |
certResolver = "le" | |
[[http.routers.my-api.tls.domains]] | |
main = "your-domain.example.com" | |
sans = ["*.your-domain.example.com"] | |
[http.middlewares] | |
[http.middlewares.auth.basicAuth] | |
# see https://docs.traefik.io/middlewares/basicauth/ | |
users = [ | |
"test:$apr1$M2kBVUKN$ZLtvFO4f0MIi5K.jD/.F1.", | |
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this file based on https://github.com/containous/traefik/blob/master/traefik.sample.toml | |
################################################################ | |
# Global configuration | |
################################################################ | |
[global] | |
checkNewVersion = true | |
sendAnonymousUsage = true | |
################################################################ | |
# Entrypoints configuration | |
################################################################ | |
[entryPoints] | |
[entryPoints.web] | |
address = ":80" | |
[entryPoints.websecure] | |
address = ":443" | |
################################################################ | |
# Traefik logs configuration | |
################################################################ | |
[log] | |
level = "ERROR" | |
filePath = "/traefik-pv/log/traefik.log" | |
# Format is either "json" or "common". | |
# | |
# Optional | |
# Default: "common" | |
# | |
# format = "json" | |
################################################################ | |
# Access logs configuration | |
################################################################ | |
[accessLog] | |
filePath = "/traefik-pv/log/log.txt" | |
# Format is either "json" or "common". | |
# | |
# Optional | |
# Default: "common" | |
# | |
# format = "json" | |
################################################################ | |
# API and dashboard configuration | |
################################################################ | |
[api] | |
# insecure = true | |
dashboard = true | |
################################################################ | |
# Ping configuration | |
################################################################ | |
[ping] | |
# Name of the related entry point | |
# | |
# Optional | |
# Default: "traefik" | |
# | |
# entryPoint = "traefik" | |
################################################################ | |
# backend configuration | |
################################################################ | |
[providers] | |
[providers.file] | |
watch = true | |
filename = "/traefik-pv/traefik.route.toml" | |
debugLogGeneratedTemplate = true | |
[providers.kubernetesCRD] | |
endpoint = "https://your-k8s-master-ip" | |
token = "your-k8s-token" | |
certAuthFilePath = "/traefik-pv/ca.crt" | |
################################################################ | |
# Let's encript configuration | |
################################################################ | |
[certificatesResolvers.sample.acme] | |
email = "your-email@example.com" | |
storage = "acme.json" | |
[certificatesResolvers.le.acme.dnsChallenge] | |
provider = "gcloud" | |
# delayBeforeCheck = 0 | |
# resolvers = ["1.1.1.1:53", "8.8.8.8:53"] | |
# disablePropagationCheck = true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment