imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
make traefik our first port as that's what's going to be used for health checks on the load balancer and there's multiple pods for it
2021-06-17, Gary Kramlich
68bfde843f14
make traefik our first port as that's what's going to be used for health checks on the load balancer and there's multiple pods for it
# The most recent CRDs and RBAC configurations can be found at
# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
ingressroutes.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
IngressRoute
plural
:
ingressroutes
singular
:
ingressroute
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
ingressroutetcps.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
IngressRouteTCP
plural
:
ingressroutetcps
singular
:
ingressroutetcp
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
middlewares.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
Middleware
plural
:
middlewares
singular
:
middleware
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
tlsoptions.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
TLSOption
plural
:
tlsoptions
singular
:
tlsoption
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
traefikservices.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
TraefikService
plural
:
traefikservices
singular
:
traefikservice
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
tlsstores.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
TLSStore
plural
:
tlsstores
singular
:
tlsstore
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
ingressrouteudps.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
IngressRouteUDP
plural
:
ingressrouteudps
singular
:
ingressrouteudp
scope
:
Namespaced
---
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
traefik-service-account
namespace
:
kube-public
labels
:
app
:
traefik
role
:
controller
---
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1beta1
metadata
:
name
:
traefik-cluster-role
rules
:
-
apiGroups
:
-
""
resources
:
-
services
-
endpoints
-
secrets
verbs
:
-
get
-
list
-
watch
-
apiGroups
:
-
extensions
-
networking.k8s.io
resources
:
-
ingresses
-
ingressclasses
verbs
:
-
get
-
list
-
watch
-
apiGroups
:
-
extensions
resources
:
-
ingresses/status
verbs
:
-
update
-
apiGroups
:
-
traefik.containo.us
resources
:
-
middlewares
-
ingressroutes
-
traefikservices
-
ingressroutetcps
-
ingressrouteudps
-
tlsoptions
-
tlsstores
verbs
:
-
get
-
list
-
watch
---
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
ClusterRoleBinding
metadata
:
name
:
traefik-cluster-role-binding
labels
:
app
:
traefik
role
:
controller
roleRef
:
apiGroup
:
rbac.authorization.k8s.io
kind
:
ClusterRole
name
:
traefik-cluster-role
subjects
:
-
kind
:
ServiceAccount
name
:
traefik-service-account
namespace
:
kube-public
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
TLSOption
metadata
:
name
:
default
namespace
:
kube-public
spec
:
minVersion
:
VersionTLS12
maxVersion
:
VersionTLS13
cipherSuites
:
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
sniStrict
:
true
---
apiVersion
:
policy/v1beta1
kind
:
PodDisruptionBudget
metadata
:
name
:
traefik
namespace
:
kube-public
spec
:
minAvailable
:
1
selector
:
matchLabels
:
app
:
traefik
role
:
controller
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
traefik
namespace
:
kube-public
labels
:
app
:
traefik
role
:
controller
spec
:
replicas
:
2
selector
:
matchLabels
:
app
:
traefik
role
:
controller
template
:
metadata
:
labels
:
app
:
traefik
role
:
controller
prometheus
:
cluster-wide
spec
:
affinity
:
podAntiAffinity
:
preferredDuringSchedulingIgnoredDuringExecution
:
-
podAffinityTerm
:
labelSelector
:
matchExpressions
:
-
key
:
app
operator
:
In
values
:
-
traefik
-
key
:
role
operator
:
In
values
:
-
controller
topologyKey
:
failure-domain.beta.kubernetes.io/region
weight
:
100
serviceAccountName
:
traefik-service-account
containers
:
-
name
:
traefik-ingress-controller
image
:
docker.io/traefik:v2.3.6
args
:
-
"--global.checknewversion=false"
-
"--global.sendanonymoususage=false"
-
"--api.dashboard=true"
-
"--api.insecure=true"
-
"--ping=true"
-
"--providers.kubernetescrd=true"
-
"--providers.kubernetesingress=true"
-
"--metrics.prometheus=true"
-
"--log.level=error"
-
"--entryPoints.traefik.address=:9000"
-
"--entryPoints.https.address=:8443"
-
"--entryPoints.http.address=:8080"
-
"--entryPoints.keep-ssh.address=:22222"
-
"--entryPoints.xmpp-c2s.address=:5222"
-
"--entryPoints.xmpp-s2s.address=:5269"
readinessProbe
:
httpGet
:
path
:
/ping
port
:
9000
failureThreshold
:
1
initialDelaySeconds
:
10
periodSeconds
:
10
successThreshold
:
1
timeoutSeconds
:
2
livenessProbe
:
httpGet
:
path
:
/ping
port
:
9000
failureThreshold
:
3
initialDelaySeconds
:
10
periodSeconds
:
10
successThreshold
:
1
timeoutSeconds
:
2
ports
:
-
name
:
traefik
containerPort
:
9000
-
name
:
keep-ssh
containerPort
:
22222
-
name
:
http
containerPort
:
8080
-
name
:
https
containerPort
:
8443
-
name
:
xmpp-c2s
containerPort
:
5222
-
name
:
xmpp-s2s
containerPort
:
5269
resources
:
limits
:
cpu
:
300m
memory
:
150Mi
requests
:
cpu
:
100m
memory
:
50Mi
---
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
ingress
namespace
:
kube-public
labels
:
app
:
ingress
role
:
controller
spec
:
selector
:
app
:
traefik
role
:
controller
type
:
LoadBalancer
externalTrafficPolicy
:
Cluster
ports
:
-
name
:
http
port
:
80
targetPort
:
http
-
name
:
https
port
:
443
targetPort
:
https
-
name
:
hgkeeper
port
:
22
targetPort
:
keep-ssh
-
name
:
xmpp-c2s
port
:
5222
targetPort
:
xmpp-c2s
-
name
:
xmpp-s2s
port
:
5269
targetPort
:
xmpp-s2s
---
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
traefik-dashboard
namespace
:
kube-public
labels
:
app
:
ingress
role
:
dashboard
spec
:
selector
:
app
:
traefik
role
:
controller
ports
:
-
port
:
9000
name
:
traefik
protocol
:
TCP
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
namespace
:
kube-public
name
:
traefik
labels
:
app
:
traefik
role
:
controller
spec
:
podSelector
:
matchLabels
:
app
:
traefik
role
:
controller
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
monitoring
podSelector
:
matchLabels
:
app
:
prometheus
prometheus
:
k8s
ports
:
-
port
:
traefik
protocol
:
TCP
---
apiVersion
:
monitoring.coreos.com/v1
kind
:
ServiceMonitor
metadata
:
namespace
:
kube-public
name
:
traefik
labels
:
app
:
traefik
role
:
controller
prometheus
:
cluster-wide
spec
:
selector
:
matchLabels
:
app
:
ingress
role
:
dashboard
endpoints
:
-
port
:
traefik
interval
:
15s
---