savegame

Traefik/README.md

@@ -7,6 +7,22 @@
 helm install traefik traefik/traefik --namespace traefik --create-namespace --values traefik-values.yaml
 
 
+## Cert-Manager
+
+Cert Manager will be used as it will store certs in a secret, therefore accessible for every pod.
+In contrast to this, Traefik stores certs on disk, so a volume would be needed in RWX mode (too much effort).
+
+### Issuer - CA
+An issuer is a CA. This can be done with 2 different kinds.
+
+#### Issuer 
+can be used in the namespace they are created in.
+
+#### Cluster Issuer 
+can be used throughout the whole cluster, not limited to a specific namespace.
+i.e. general issuer for all namespaces in cluster.
+
+
 ## Troubleshooting steps
 kubectl create deploy nginx --image=nginx -n test
 k create svc -n test clusterip nginx --tcp=80
@@ -25,24 +41,11 @@ k apply -f traefik_lempa/nginx-ingress.yaml
 k get svc -n test
 k get ingress
 k get ingress -n test
-git staus
-git status
-git diff
-git commit -am "wip thing"
-git checkout master
-git pull --rebase
-git merge wip
-git push 
-git log
-git checkout master
-cd traefik_lempa
 helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml
-cd ..
 helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml
 k get svc ingressRoute
 k get svc ingressRoutes
 k get svc ingressroutes.traefik.io
-k get svc ingressroutes.traefik.io --all-namespaces
 k get ingressroutes.traefik.io --all-namespaces
 helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml
 exit

Traefik/test/dishes-certificate.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: schnipo-ingress-certificate
+  namespace: dishes
+spec:
+  secretName: schnipo-certificate-secret
+  issuerRef:
+    name: cloudflare-cluster-issuer
+    kind: ClusterIssuer
+  dnsNames:
+  - schnipo.k8s.schnrbs.work

Traefik/test/dishes-ingress-route.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: schnipo-ingress-route
+  namespace: dishes
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - match: Host(`schnipo.k8s.schnrbs.work`)
+    kind: Rule
+    services:
+    - name: schnipo
+      port: 8080
+  tls:
+    secretName: schnipo-certificate-secret

Traefik/test/nginx-certificate.yaml

@@ -9,4 +9,4 @@ spec:
     name: cloudflare-cluster-issuer
     kind: ClusterIssuer
   dnsNames:
-  - nginx-test.k8s.internal.schnrbs.work
+  - nginx-test.k8s.schnrbs.work

Traefik/test/nginx-ingress-route.yaml

@@ -7,7 +7,7 @@ spec:
   entryPoints:
   - websecure
   routes:
-  - match: Host(`nginx-test.k8s.internal.schnrbs.work`)
+  - match: Host(`nginx-test.k8s.schnrbs.work`)
     kind: Rule
     services:
     - name: nginx

Traefik/test/nginx-ingress.yaml

@@ -7,7 +7,7 @@ metadata:
     traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
   rules:
-    - host: nginx-test.k8s.internal.schnrbs.work
+    - host: nginx-test.k8s.schnrbs.work
       http:
         paths: 
           - path: /
@@ -19,5 +19,5 @@ spec:
                   number: 80
   tls:
     - hosts:
-        - nginx-test.k8s.internal.schnrbs.work
+        - nginx-test.k8s.schnrbs.work
       secretName: nginx-certificate-secret

Traefik/traefik-values.yaml

@@ -1,10 +1,15 @@
 ports:
   web:
-    redirectTo: 
-      port: websecure
+    redirections:
+      entryPoint:
+        to: websecure
+        scheme: https 
+logs:
+  general:
+    level: DEBUG
 ingressRoute:
   dashboard:
     enabled: true
     entryPoints: [web, websecure]
-    matchRule: Host(`traefik-dashboard.k8s.redacted`)
+    matchRule: Host(`traefik-dashboard.k8s.schnrbs.work`)