diff --git a/manifests/_apps/traefik.yaml b/manifests/_apps/traefik.yaml new file mode 100644 index 0000000..1793beb --- /dev/null +++ b/manifests/_apps/traefik.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: traefik + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: cluster.fun + destination: + namespace: kube-system + name: civo + source: + path: manifests/traefik + repoURL: "https://git.cluster.fun/AverageMarcus/cluster.fun.git" + targetRevision: HEAD + syncPolicy: + automated: {} + syncOptions: + - CreateNamespace=true + ignoreDifferences: + - kind: Secret + jsonPointers: + - /data diff --git a/manifests/traefik/traefik.yaml b/manifests/traefik/traefik.yaml new file mode 100644 index 0000000..ac473c5 --- /dev/null +++ b/manifests/traefik/traefik.yaml @@ -0,0 +1,134 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + annotations: + meta.helm.sh/release-name: traefik + meta.helm.sh/release-namespace: kube-system + labels: + app.kubernetes.io/instance: traefik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: traefik + name: traefik + namespace: kube-system +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/instance: traefik + app.kubernetes.io/name: traefik + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "9100" + prometheus.io/scrape: "true" + creationTimestamp: null + labels: + app.kubernetes.io/instance: traefik + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: traefik + spec: + containers: + - args: + - --global.checknewversion + - --global.sendanonymoususage + - --entryPoints.metrics.address=:9100/tcp + - --entryPoints.traefik.address=:9000/tcp + - --entryPoints.web.address=:80/tcp + - --entryPoints.websecure.address=:443/tcp + - --api.dashboard=true + - --ping=true + - --metrics.prometheus=true + - --metrics.prometheus.entrypoint=metrics + - --providers.kubernetescrd + - --providers.kubernetesingress + - --entrypoints.websecure.http.tls=true + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + image: rancher/mirrored-library-traefik:2.5.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + name: traefik + ports: + - containerPort: 9100 + hostPort: 9100 + name: metrics + protocol: TCP + - containerPort: 9000 + hostPort: 9000 + name: traefik + protocol: TCP + - containerPort: 80 + hostPort: 80 + name: web + protocol: TCP + - containerPort: 443 + hostPort: 443 + name: websecure + protocol: TCP + readinessProbe: + failureThreshold: 1 + httpGet: + path: /ping + port: 9000 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: false + runAsUser: 0 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + dnsPolicy: ClusterFirst + hostNetwork: true + priorityClassName: system-cluster-critical + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 65532 + serviceAccount: traefik + serviceAccountName: traefik + terminationGracePeriodSeconds: 60 + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp + updateStrategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate