imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
Move 00-namespaces to kustomize
2021-06-17, Gary Kramlich
c757a1b2e383
Move 00-namespaces to kustomize
# The most recent CRDs and RBAC configurations can be found at
# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
ingressroutes.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
IngressRoute
plural
:
ingressroutes
singular
:
ingressroute
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
ingressroutetcps.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
IngressRouteTCP
plural
:
ingressroutetcps
singular
:
ingressroutetcp
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
middlewares.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
Middleware
plural
:
middlewares
singular
:
middleware
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
tlsoptions.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
TLSOption
plural
:
tlsoptions
singular
:
tlsoption
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
traefikservices.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
TraefikService
plural
:
traefikservices
singular
:
traefikservice
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
tlsstores.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
TLSStore
plural
:
tlsstores
singular
:
tlsstore
scope
:
Namespaced
---
apiVersion
:
apiextensions.k8s.io/v1beta1
kind
:
CustomResourceDefinition
metadata
:
name
:
ingressrouteudps.traefik.containo.us
spec
:
group
:
traefik.containo.us
version
:
v1alpha1
names
:
kind
:
IngressRouteUDP
plural
:
ingressrouteudps
singular
:
ingressrouteudp
scope
:
Namespaced
---
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
traefik-service-account
namespace
:
kube-public
labels
:
app
:
traefik
role
:
controller
---
kind
:
ClusterRole
apiVersion
:
rbac.authorization.k8s.io/v1beta1
metadata
:
name
:
traefik-cluster-role
rules
:
-
apiGroups
:
-
""
resources
:
-
services
-
endpoints
-
secrets
verbs
:
-
get
-
list
-
watch
-
apiGroups
:
-
extensions
-
networking.k8s.io
resources
:
-
ingresses
-
ingressclasses
verbs
:
-
get
-
list
-
watch
-
apiGroups
:
-
extensions
resources
:
-
ingresses/status
verbs
:
-
update
-
apiGroups
:
-
traefik.containo.us
resources
:
-
middlewares
-
ingressroutes
-
traefikservices
-
ingressroutetcps
-
ingressrouteudps
-
tlsoptions
-
tlsstores
verbs
:
-
get
-
list
-
watch
---
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
ClusterRoleBinding
metadata
:
name
:
traefik-cluster-role-binding
labels
:
app
:
traefik
role
:
controller
roleRef
:
apiGroup
:
rbac.authorization.k8s.io
kind
:
ClusterRole
name
:
traefik-cluster-role
subjects
:
-
kind
:
ServiceAccount
name
:
traefik-service-account
namespace
:
kube-public
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
TLSOption
metadata
:
name
:
default
namespace
:
kube-public
spec
:
minVersion
:
VersionTLS12
maxVersion
:
VersionTLS13
cipherSuites
:
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
sniStrict
:
true
---
apiVersion
:
policy/v1beta1
kind
:
PodDisruptionBudget
metadata
:
name
:
traefik
namespace
:
kube-public
spec
:
minAvailable
:
1
selector
:
matchLabels
:
app
:
traefik
role
:
controller
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
traefik
namespace
:
kube-public
labels
:
app
:
traefik
role
:
controller
spec
:
replicas
:
2
selector
:
matchLabels
:
app
:
traefik
role
:
controller
template
:
metadata
:
labels
:
app
:
traefik
role
:
controller
prometheus
:
cluster-wide
spec
:
affinity
:
podAntiAffinity
:
preferredDuringSchedulingIgnoredDuringExecution
:
-
podAffinityTerm
:
labelSelector
:
matchExpressions
:
-
key
:
app
operator
:
In
values
:
-
traefik
-
key
:
role
operator
:
In
values
:
-
controller
topologyKey
:
failure-domain.beta.kubernetes.io/region
weight
:
100
serviceAccountName
:
traefik-service-account
containers
:
-
name
:
traefik-ingress-controller
image
:
docker.io/traefik:v2.3.6
args
:
-
"--global.checknewversion=false"
-
"--global.sendanonymoususage=false"
-
"--api.dashboard=true"
-
"--api.insecure=true"
-
"--ping=true"
-
"--providers.kubernetescrd=true"
-
"--providers.kubernetesingress=true"
-
"--metrics.prometheus=true"
-
"--log.level=error"
-
"--entryPoints.traefik.address=:9000"
-
"--entryPoints.https.address=:8443"
-
"--entryPoints.http.address=:8080"
-
"--entryPoints.keep-ssh.address=:22222"
-
"--entryPoints.xmpp-c2s.address=:5222"
-
"--entryPoints.xmpp-s2s.address=:5269"
readinessProbe
:
httpGet
:
path
:
/ping
port
:
9000
failureThreshold
:
1
initialDelaySeconds
:
10
periodSeconds
:
10
successThreshold
:
1
timeoutSeconds
:
2
livenessProbe
:
httpGet
:
path
:
/ping
port
:
9000
failureThreshold
:
3
initialDelaySeconds
:
10
periodSeconds
:
10
successThreshold
:
1
timeoutSeconds
:
2
ports
:
-
name
:
traefik
containerPort
:
9000
-
name
:
keep-ssh
containerPort
:
22222
-
name
:
http
containerPort
:
8080
-
name
:
https
containerPort
:
8443
-
name
:
xmpp-c2s
containerPort
:
5222
-
name
:
xmpp-s2s
containerPort
:
5269
resources
:
limits
:
cpu
:
300m
memory
:
150Mi
requests
:
cpu
:
100m
memory
:
50Mi
---
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
ingress
namespace
:
kube-public
labels
:
app
:
ingress
role
:
controller
spec
:
selector
:
app
:
traefik
role
:
controller
type
:
LoadBalancer
externalTrafficPolicy
:
Cluster
ports
:
-
name
:
http
port
:
80
targetPort
:
http
-
name
:
https
port
:
443
targetPort
:
https
-
name
:
hgkeeper
port
:
22
targetPort
:
keep-ssh
-
name
:
xmpp-c2s
port
:
5222
targetPort
:
xmpp-c2s
-
name
:
xmpp-s2s
port
:
5269
targetPort
:
xmpp-s2s
---
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
traefik-dashboard
namespace
:
kube-public
labels
:
app
:
ingress
role
:
dashboard
spec
:
selector
:
app
:
traefik
role
:
controller
ports
:
-
port
:
9000
name
:
traefik
protocol
:
TCP
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
namespace
:
kube-public
name
:
traefik
labels
:
app
:
traefik
role
:
controller
spec
:
podSelector
:
matchLabels
:
app
:
traefik
role
:
controller
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
monitoring
podSelector
:
matchLabels
:
app
:
prometheus
prometheus
:
k8s
ports
:
-
port
:
traefik
protocol
:
TCP
---
apiVersion
:
monitoring.coreos.com/v1
kind
:
ServiceMonitor
metadata
:
namespace
:
kube-public
name
:
traefik
labels
:
app
:
traefik
role
:
controller
prometheus
:
cluster-wide
spec
:
selector
:
matchLabels
:
app
:
ingress
role
:
dashboard
endpoints
:
-
port
:
traefik
interval
:
15s
---