feat: deploy internal/external traefik routers (#119)
deploy traefik for internal and external applications. port forwarding from the external routers will only occur to the IP of the traefik-external service. - traefik-internal and traefik-external added - each is a different deployment Reviewed-on: #119
This commit was merged in pull request #119.
This commit is contained in:
@@ -0,0 +1,7 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
name: traefik-external
|
||||
spec:
|
||||
controllerName: traefik.io/gateway-controller-external
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: GatewayClass
|
||||
metadata:
|
||||
name: traefik-internal
|
||||
spec:
|
||||
controllerName: traefik.io/gateway-controller-internal
|
||||
@@ -0,0 +1,8 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- gatewayclass-internal.yaml
|
||||
- gatewayclass-external.yaml
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: traefik-system
|
||||
@@ -0,0 +1,24 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../base/traefik-system
|
||||
|
||||
helmCharts:
|
||||
- name: traefik
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "40.0.0"
|
||||
releaseName: traefik-internal
|
||||
namespace: traefik-system
|
||||
valuesFile: values-internal.yaml
|
||||
apiVersions:
|
||||
- policy/v1/PodDisruptionBudget
|
||||
- name: traefik
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "40.0.0"
|
||||
releaseName: traefik-external
|
||||
namespace: traefik-system
|
||||
valuesFile: values-external.yaml
|
||||
apiVersions:
|
||||
- policy/v1/PodDisruptionBudget
|
||||
@@ -0,0 +1,86 @@
|
||||
image:
|
||||
tag: v3.7.0
|
||||
|
||||
additionalArguments:
|
||||
- "--providers.kubernetesgateway.controllername=traefik.io/gateway-controller-external"
|
||||
|
||||
podDisruptionBudget:
|
||||
enabled: true
|
||||
maxUnavailable: 1
|
||||
|
||||
gateway:
|
||||
enabled: false
|
||||
|
||||
gatewayClass:
|
||||
enabled: false
|
||||
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: false
|
||||
kubernetesIngress:
|
||||
enabled: false
|
||||
kubernetesGateway:
|
||||
enabled: true
|
||||
experimentalChannel: false
|
||||
namespaces: []
|
||||
nativeLBByDefault: false
|
||||
|
||||
logs:
|
||||
access:
|
||||
enabled: true
|
||||
|
||||
global:
|
||||
checkNewVersion: true
|
||||
sendAnonymousUsage: false
|
||||
notAppendXForwardedFor: false
|
||||
|
||||
service:
|
||||
enabled: true
|
||||
single: true
|
||||
annotations:
|
||||
purelb.io/service-group: "dmz"
|
||||
purelb.io/addresses: 198.18.199.0
|
||||
annotationsTCP: {}
|
||||
annotationsUDP: {}
|
||||
labels: {}
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
loadBalancerIP: "198.18.199.0"
|
||||
additionalServices: {}
|
||||
|
||||
autoscaling:
|
||||
enabled: true
|
||||
minReplicas: 2
|
||||
maxReplicas: 5
|
||||
metrics: []
|
||||
behavior: {}
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: "{{ template \"traefik.fullname\" . }}"
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: '{{ template "traefik.name" . }}'
|
||||
app.kubernetes.io/instance: '{{ .Release.Name }}-{{ include "traefik.namespace" . }}'
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
podSecurityContext:
|
||||
runAsGroup: 65532
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
enabled: true
|
||||
@@ -0,0 +1,86 @@
|
||||
image:
|
||||
tag: v3.7.0
|
||||
|
||||
additionalArguments:
|
||||
- "--providers.kubernetesgateway.controllername=traefik.io/gateway-controller-internal"
|
||||
|
||||
podDisruptionBudget:
|
||||
enabled: true
|
||||
maxUnavailable: 1
|
||||
|
||||
gateway:
|
||||
enabled: false
|
||||
|
||||
gatewayClass:
|
||||
enabled: false
|
||||
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: false
|
||||
kubernetesIngress:
|
||||
enabled: false
|
||||
kubernetesGateway:
|
||||
enabled: true
|
||||
experimentalChannel: false
|
||||
namespaces: []
|
||||
nativeLBByDefault: false
|
||||
|
||||
logs:
|
||||
access:
|
||||
enabled: true
|
||||
|
||||
global:
|
||||
checkNewVersion: true
|
||||
sendAnonymousUsage: false
|
||||
notAppendXForwardedFor: false
|
||||
|
||||
service:
|
||||
enabled: true
|
||||
single: true
|
||||
annotations:
|
||||
purelb.io/service-group: "common"
|
||||
purelb.io/addresses: 198.18.200.4
|
||||
annotationsTCP: {}
|
||||
annotationsUDP: {}
|
||||
labels: {}
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
loadBalancerIP: "198.18.200.4"
|
||||
additionalServices: {}
|
||||
|
||||
autoscaling:
|
||||
enabled: true
|
||||
minReplicas: 2
|
||||
maxReplicas: 5
|
||||
metrics: []
|
||||
behavior: {}
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: "{{ template \"traefik.fullname\" . }}"
|
||||
|
||||
persistence:
|
||||
enabled: false
|
||||
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: '{{ template "traefik.name" . }}'
|
||||
app.kubernetes.io/instance: '{{ .Release.Name }}-{{ include "traefik.namespace" . }}'
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
podSecurityContext:
|
||||
runAsGroup: 65532
|
||||
runAsNonRoot: true
|
||||
runAsUser: 65532
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
|
||||
enabled: true
|
||||
Reference in New Issue
Block a user