moving from lempa to traefik folder

2025-01-06 18:19:14 +01:00
parent 2c9e139f9a
commit ad3edfba59
8 changed files with 0 additions and 5 deletions
--- a/Traefik/cert-manager-cluster-issuer.yaml
+++ b/Traefik/cert-manager-cluster-issuer.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-cluster-issuer
+spec:
+  acme:
+    email: redacted
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-acme-key
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token
--- a/Traefik/cert-manager-issuer-secret.yaml
+++ b/Traefik/cert-manager-issuer-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-api-token-secret
+  namespace: cert-manager
+type: Opaque
+data:
+  api-token: redacted
--- a/Traefik/cert-manager-values.yaml
+++ b/Traefik/cert-manager-values.yaml
@@ -0,0 +1,6 @@
+namespace: "cert-manager"
+crds:
+  enabled: true
+extraArgs:
+  - --dns01-recursive-nameservers-only
+  - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
--- a/Traefik/nginx-certificate.yaml
+++ b/Traefik/nginx-certificate.yaml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nginx-ingress-certificate
+  namespace: test
+spec:
+  secretName: nginx-certificate-secret
+  issuerRef:
+    name: cloudflare-cluster-issuer
+    kind: ClusterIssuer
+  dnsNames:
+  - nginx-test.k8s.internal.schnrbs.work
--- a/Traefik/nginx-ingress-route.yaml
+++ b/Traefik/nginx-ingress-route.yaml
@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx-ingress-route
+  namespace: test
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - match: Host(`nginx-test.k8s.internal.schnrbs.work`)
+    kind: Rule
+    services:
+    - name: nginx
+      port: 80
+  tls: 
+    secretName: nginx-certificate-secret
--- a/Traefik/nginx-ingress.yaml
+++ b/Traefik/nginx-ingress.yaml
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginx-ingress
+  namespace: test
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  rules:
+    - host: nginx-test.k8s.internal.schnrbs.work
+      http:
+        paths: 
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx
+                port:
+                  number: 80
+  tls:
+    - hosts:
+        - nginx-test.k8s.internal.schnrbs.work
+      secretName: nginx-certificate-secret
--- a/Traefik/traefik-values.yaml
+++ b/Traefik/traefik-values.yaml
@@ -0,0 +1,10 @@
+ports:
+  web:
+    redirectTo: 
+      port: websecure
+ingressRoute:
+  dashboard:
+    enabled: true
+    entryPoints: [web, websecure]
+    matchRule: Host(`traefik-dashboard.k8s.redacted`)
+      
--- a/Traefik/values.yaml
+++ b/Traefik/values.yaml
@@ -1,5 +0,0 @@
-dashboard:
- enabled: true
- domain: traefik.fritz.box
-rbac:
- enabled: true