From afc5d4d3c4ab1f8957d08608a79ef6cc634fe392 Mon Sep 17 00:00:00 2001 From: DanielHabenicht Date: Thu, 15 Oct 2020 16:42:41 +0200 Subject: [PATCH] fix(traefik): again (#762) * first draft * first draft * working configuration * update preview script * Update Phonebook/readme.md * Update demo/assets/Dockerfile * fix assets not showing up in demo * finally fix traefik on current version resolves #578 * Restyled by prettier (#763) Co-authored-by: Restyled.io * update pr pipeline * update preview pipeline * update preview pipeline * Update demo/values.yml * Restyled by prettier (#764) Co-authored-by: Restyled.io * - recreate pods on update - add to docs - rename fronted pods and services - adds health enpoint from #594 Co-authored-by: restyled-io[bot] <32688539+restyled-io[bot]@users.noreply.github.com> Co-authored-by: Restyled.io --- .azure/pipelines/Phonebook.preview.yml | 43 +++++-------- .azure/pipelines/pr/Phonebook.pr.yml | 8 +-- Phonebook/local-values.yml | 59 ++++++++---------- Phonebook/phonebook/requirements.lock | 10 ++-- Phonebook/phonebook/requirements.yaml | 7 ++- .../templates/frontend-deployment.yaml | 14 +++-- .../phonebook/templates/frontend-ingress.yaml | 47 ++++++++------- .../phonebook/templates/frontend-service.yaml | 4 +- .../source-peoplesoft-deployment.yaml | 23 +++---- .../templates/source-peoplesoft-ingress.yaml | 44 ++++++++------ .../templates/traefik-rate-limit.yaml | 10 ++++ .../templates/traefik-tls-options.yaml | 22 +++++++ Phonebook/phonebook/values.yaml | 60 ++++++++++++------- Phonebook/readme.md | 9 ++- demo/Phonebook.Assets.yml | 2 + demo/Phonebook.traefik-dashboard.yml | 13 ++++ demo/assets/Dockerfile | 2 +- demo/values.yml | 40 +++++++------ 18 files changed, 241 insertions(+), 176 deletions(-) create mode 100644 Phonebook/phonebook/templates/traefik-rate-limit.yaml create mode 100644 Phonebook/phonebook/templates/traefik-tls-options.yaml create mode 100644 demo/Phonebook.traefik-dashboard.yml diff --git a/.azure/pipelines/Phonebook.preview.yml b/.azure/pipelines/Phonebook.preview.yml index 53e983112..fd56ce455 100644 --- a/.azure/pipelines/Phonebook.preview.yml +++ b/.azure/pipelines/Phonebook.preview.yml @@ -66,16 +66,17 @@ jobs: vmImage: 'ubuntu-16.04' steps: - task: HelmInstaller@1 - inputs: - helmVersionToInstall: '2.14.2' - - script: helm dep update - workingDirectory: 'Phonebook/phonebook/' + displayName: Helm install latest + # inputs: + # helmVersionToInstall: '2.14.2' - task: HelmDeploy@0 displayName: Helm package inputs: command: package chartPath: Phonebook/phonebook destination: $(Build.ArtifactStagingDirectory) + arguments: --dependency-update + - publish: $(Build.ArtifactStagingDirectory) artifact: $(helm_artifact_name) @@ -93,37 +94,22 @@ jobs: artifact: $(helm_artifact_name) - task: HelmInstaller@1 - displayName: 'Install Helm' - - - task: Kubernetes@1 - displayName: 'Create Namespace' - inputs: - connectionType: 'Kubernetes Service Connection' - kubernetesServiceEndpoint: 'Phonebook Kubernetes Demo Cluster' - namespace: 'kube-public' - command: 'apply' - useConfigurationFile: true - configurationType: 'inline' - inline: | - apiVersion: v1 - kind: Namespace - metadata: - name: $(namespace) + displayName: Helm install latest + # inputs: + # helmVersionToInstall: '2.14.2' - task: HelmDeploy@0 displayName: 'helm upgrade' inputs: connectionType: 'Kubernetes Service Connection' kubernetesServiceConnection: 'Phonebook Kubernetes Demo Cluster' - namespace: $(namespace) + arguments: '--namespace $(namespace) --create-namespace --cleanup-on-fail --wait' command: upgrade chartType: FilePath chartPath: '$(Pipeline.Workspace)/$(helm_artifact_name)/phonebook-0.1.0.tgz' releaseName: phonebook-$(namespace) overrideValues: 'frontend.image.tag=$(image_tag_frontend),frontend.image.repository=$(image_repo),frontend.image.name=$(image_namespace),source.peoplesoft.image.tag=$(image_tag_source_peoplesoft),source.peoplesoft.image.name=$(image_namespace),traefik.enabled=false,host=$(image_tag_frontend).demo-phonebook.aquiver.de' valueFile: 'demo/values.yml' - recreate: true - tillerNamespace: kube-system - task: Kubernetes@1 displayName: 'Delete Namespace' @@ -135,7 +121,7 @@ jobs: arguments: 'namespace $(namespace)' - job: notify - displayName: 'Notify Github ' + displayName: 'Notify Github' pool: server dependsOn: deploy_preview steps: @@ -179,16 +165,15 @@ jobs: steps: - checkout: none - task: HelmInstaller@1 - displayName: 'Install Helm 2.14.2' - inputs: - helmVersionToInstall: 2.14.2 + displayName: Helm install latest + # inputs: + # helmVersionToInstall: '2.14.2' - task: HelmDeploy@0 inputs: connectionType: 'Kubernetes Service Connection' kubernetesServiceConnection: 'Phonebook Kubernetes Demo Cluster' command: 'delete' - arguments: '--purge phonebook-$(namespace)' - tillerNamespace: kube-system + arguments: '--purge phonebook-$(namespace) --namespace $(namespace)' - task: Kubernetes@1 displayName: 'Delete Namespace' condition: always() diff --git a/.azure/pipelines/pr/Phonebook.pr.yml b/.azure/pipelines/pr/Phonebook.pr.yml index a09956bb7..625fb3586 100644 --- a/.azure/pipelines/pr/Phonebook.pr.yml +++ b/.azure/pipelines/pr/Phonebook.pr.yml @@ -14,16 +14,16 @@ jobs: vmImage: 'ubuntu-16.04' steps: - task: HelmInstaller@1 - inputs: - helmVersionToInstall: '2.14.2' - - script: helm dep update - workingDirectory: 'Phonebook/phonebook/' + displayName: Helm install latest + # inputs: + # helmVersionToInstall: '2.14.2' - task: HelmDeploy@0 displayName: Helm package inputs: command: package chartPath: Phonebook/phonebook destination: $(Build.ArtifactStagingDirectory) + arguments: --dependency-update - task: PublishBuildArtifacts@1 inputs: pathToPublish: $(Build.ArtifactStagingDirectory) diff --git a/Phonebook/local-values.yml b/Phonebook/local-values.yml index 62de012de..8fa644027 100644 --- a/Phonebook/local-values.yml +++ b/Phonebook/local-values.yml @@ -17,42 +17,31 @@ source: replicaCount: 1 environment: Development +# Traefik Configuration traefik: - enabled: true - additional: - checkNewVersion: false - sendAnonymousUsage: false - dashboard: - # Enable the dashboard on Traefik - enable: true - # Expose the dashboard and api through an ingress route at /dashboard - # and /api This is not secure and SHOULD NOT be enabled on production - # deployments - ingressRoute: true + deployment: + enabled: true + # Only modify these do not touch "globalArguments" additionalArguments: - - '--providers.kubernetesingress' - - '--api.insecure=true' - logs: - loglevel: debug - globalArguments: - - '' - # Old - # startupArguments: - # - '' - # dashboard: - # enabled: true - # domain: board.demo-phonebook.local - # ingress: - # annotations: - # traefik.frontend.priority: '100' + - --entrypoints.web.http.redirections.entrypoint.to=:443 + - --entrypoints.websecure.http.tls.certResolver=default + - --certificatesresolvers.default.acme.httpchallenge=true + - --certificatesresolvers.default.acme.httpchallenge.entrypoint=web + - --certificatesresolvers.default.acme.storage=tmp/acme.json + - --certificatesresolvers.default.acme.email=phonebook-t-systems-mms@mg.telekom.de + - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory + - --api.dashboard=true + - --api=true - ssl: - enabled: true - enforced: true - rbac: - enabled: true - kubernetes: - namespaces: - - kube-public - - default + logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the logs use a text format (common), but you can + # also ask for the json format in the format option + # format: json + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: INFO + access: + # To enable access log + enabled: true diff --git a/Phonebook/phonebook/requirements.lock b/Phonebook/phonebook/requirements.lock index e6bc75340..dffb0130c 100644 --- a/Phonebook/phonebook/requirements.lock +++ b/Phonebook/phonebook/requirements.lock @@ -1,6 +1,6 @@ dependencies: - - name: traefik - repository: https://containous.github.io/traefik-helm-chart - version: 3.4.0 -digest: sha256:69f27dcbfa7eacbaa64365626276506c7050ab2c65d0db8780f4c2adc882d3d6 -generated: '2020-04-08T14:26:29.6008416+02:00' +- name: traefik + repository: https://helm.traefik.io/traefik + version: 9.4.3 +digest: sha256:fd64faa165f4cd75bce09c96fd7e5c0222fde2427ace15ce144e32bc452869f3 +generated: "2020-10-11T21:50:24.9918945+02:00" diff --git a/Phonebook/phonebook/requirements.yaml b/Phonebook/phonebook/requirements.yaml index 4c45a8156..558ebc961 100644 --- a/Phonebook/phonebook/requirements.yaml +++ b/Phonebook/phonebook/requirements.yaml @@ -1,6 +1,7 @@ dependencies: - name: traefik condition: traefik.enabled - version: 3.4.0 - appVersion: 2.1.3 - repository: https://containous.github.io/traefik-helm-chart + version: 9.4.3 + appVersion: 2.3.1 + repository: https://helm.traefik.io/traefik + diff --git a/Phonebook/phonebook/templates/frontend-deployment.yaml b/Phonebook/phonebook/templates/frontend-deployment.yaml index 2b175a8db..79db3f70d 100644 --- a/Phonebook/phonebook/templates/frontend-deployment.yaml +++ b/Phonebook/phonebook/templates/frontend-deployment.yaml @@ -1,9 +1,9 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "phonebook.fullname" . }} + name: {{ include "phonebook.fullname" . }}-frontend labels: - app.kubernetes.io/name: {{ include "phonebook.name" . }} + app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend helm.sh/chart: {{ include "phonebook.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} @@ -11,18 +11,20 @@ spec: replicas: {{ .Values.frontend.replicaCount }} selector: matchLabels: - app.kubernetes.io/name: {{ include "phonebook.name" . }} + app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: - app.kubernetes.io/name: {{ include "phonebook.name" . }} + app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend app.kubernetes.io/instance: {{ .Release.Name }} + annotations: + rollme: "{{ now | unixEpoch }}" spec: nodeSelector: 'beta.kubernetes.io/os': linux containers: - - name: {{ .Chart.Name }}-{{ .Values.frontend.name }} + - name: {{ .Chart.Name }}-{{ .Values.frontend.name }}-frontend image: "{{ .Values.frontend.image.repository }}/{{ .Values.frontend.image.name}}:{{ .Values.frontend.image.tag }}" imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} ports: @@ -75,4 +77,4 @@ spec: {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/Phonebook/phonebook/templates/frontend-ingress.yaml b/Phonebook/phonebook/templates/frontend-ingress.yaml index 59eee78fd..645ef0356 100644 --- a/Phonebook/phonebook/templates/frontend-ingress.yaml +++ b/Phonebook/phonebook/templates/frontend-ingress.yaml @@ -1,30 +1,37 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "phonebook.fullname" . -}} -apiVersion: extensions/v1beta1 -kind: Ingress +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute metadata: name: {{ $fullName }} + namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ include "phonebook.name" . }} + app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend helm.sh/chart: {{ include "phonebook.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: "web" - traefik.ingress.kubernetes.io/router.priority: "42" - traefik.ingress.kubernetes.io/router.tls: "true" - traefik.ingress.kubernetes.io/router.tls.certresolver: http-01 - kubernetes.io/ingress.class: traefik - {{- with .Values.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} spec: - rules: - - host: {{ .Values.host }} - http: - paths: - - path: / - backend: - serviceName: {{ $fullName }} - servicePort: http + entryPoints: + - web + - websecure + routes: + - kind: Rule + match: Host(`{{ .Values.host }}`) + priority: 40 + middlewares: + - name: ratelimit + namespace: {{ .Release.Namespace }} + services: + - kind: Service + name: {{ $fullName }}-frontend + namespace: {{ .Release.Namespace }} + passHostHeader: true + port: 80 + strategy: RoundRobin + weight: 10 + tls: + certResolver: default + options: + name: tlsoption + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/Phonebook/phonebook/templates/frontend-service.yaml b/Phonebook/phonebook/templates/frontend-service.yaml index 85d4d4c51..e0f7e1da5 100644 --- a/Phonebook/phonebook/templates/frontend-service.yaml +++ b/Phonebook/phonebook/templates/frontend-service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "phonebook.fullname" . }} + name: {{ include "phonebook.fullname" . }}-frontend labels: app.kubernetes.io/name: {{ include "phonebook.name" . }} helm.sh/chart: {{ include "phonebook.chart" . }} @@ -15,5 +15,5 @@ spec: protocol: TCP name: http selector: - app.kubernetes.io/name: {{ include "phonebook.name" . }} + app.kubernetes.io/name: {{ include "phonebook.name" . }}-frontend app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/Phonebook/phonebook/templates/source-peoplesoft-deployment.yaml b/Phonebook/phonebook/templates/source-peoplesoft-deployment.yaml index 542f4138e..2631d8dfe 100644 --- a/Phonebook/phonebook/templates/source-peoplesoft-deployment.yaml +++ b/Phonebook/phonebook/templates/source-peoplesoft-deployment.yaml @@ -18,6 +18,8 @@ spec: labels: app.kubernetes.io/name: {{ include "phonebook.name" . }}-peoplesoft app.kubernetes.io/instance: {{ .Release.Name }} + annotations: + rollme: "{{ now | unixEpoch }}" spec: nodeSelector: 'beta.kubernetes.io/os': linux @@ -32,17 +34,16 @@ spec: - name: https containerPort: 443 protocol: TCP - # TODO: use when issue #594 is resolved - # livenessProbe: - # httpGet: - # path: /health - # port: http - # initialDelaySeconds: 6 - # readinessProbe: - # httpGet: - # path: /health - # port: http - # initialDelaySeconds: 6 + livenessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 6 + readinessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 6 env: - name: ASPNETCORE_ENVIRONMENT value: "{{ .Values.source.peoplesoft.environment }}" diff --git a/Phonebook/phonebook/templates/source-peoplesoft-ingress.yaml b/Phonebook/phonebook/templates/source-peoplesoft-ingress.yaml index c9e9c2e26..7b307850c 100644 --- a/Phonebook/phonebook/templates/source-peoplesoft-ingress.yaml +++ b/Phonebook/phonebook/templates/source-peoplesoft-ingress.yaml @@ -1,29 +1,37 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "phonebook.fullname" . -}} -apiVersion: extensions/v1beta1 -kind: Ingress +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute metadata: name: {{ $fullName }}-peoplesoft + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "phonebook.name" . }}-peoplesoft helm.sh/chart: {{ include "phonebook.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - traefik.ingress.kubernetes.io/router.pathmatcher: PathPrefix - traefik.ingress.kubernetes.io/router.priority: "50" - traefik.ingress.kubernetes.io/router.tls: "true" - kubernetes.io/ingress.class: traefik - {{- with .Values.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} spec: - rules: - - host: {{ .Values.host }} - http: - paths: - - path: /api - backend: - serviceName: {{ $fullName }}-peoplesoft - servicePort: http + entryPoints: + - web + - websecure + routes: + - kind: Rule + match: Host(`{{ .Values.host }}`) && PathPrefix(`/api`) + priority: 50 + middlewares: + - name: ratelimit + namespace: {{ .Release.Namespace }} + services: + - kind: Service + name: {{ $fullName }}-peoplesoft + namespace: {{ .Release.Namespace }} + passHostHeader: true + port: 80 + strategy: RoundRobin + weight: 10 + tls: + certResolver: default + options: + name: tlsoption + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/Phonebook/phonebook/templates/traefik-rate-limit.yaml b/Phonebook/phonebook/templates/traefik-rate-limit.yaml new file mode 100644 index 000000000..ad824ffbb --- /dev/null +++ b/Phonebook/phonebook/templates/traefik-rate-limit.yaml @@ -0,0 +1,10 @@ +# prettier-ignore +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: ratelimit + namespace: {{ .Release.Namespace }} +spec: + rateLimit: + average: 100 + burst: 50 diff --git a/Phonebook/phonebook/templates/traefik-tls-options.yaml b/Phonebook/phonebook/templates/traefik-tls-options.yaml new file mode 100644 index 000000000..18b169e0e --- /dev/null +++ b/Phonebook/phonebook/templates/traefik-tls-options.yaml @@ -0,0 +1,22 @@ +# prettier-ignore +apiVersion: traefik.containo.us/v1alpha1 +kind: TLSOption +metadata: + name: tlsoption + namespace: {{ .Release.Namespace }} + +spec: + minVersion: VersionTLS12 + maxVersion: VersionTLS13 + curvePreferences: + - CurveP521 + - CurveP384 + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 diff --git a/Phonebook/phonebook/values.yaml b/Phonebook/phonebook/values.yaml index ca100c69b..6fc91fb95 100644 --- a/Phonebook/phonebook/values.yaml +++ b/Phonebook/phonebook/values.yaml @@ -34,40 +34,54 @@ source: ingress: enabled: true - annotations: {} # Traefik Configuration traefik: deployment: enabled: true + # Do not make changes here! They will be overridden. additionalArguments: + + # Find all options here: https://doc.traefik.io/traefik/reference/static-configuration/cli/ + globalArguments: + - '--global.checknewversion=false' + - '--global.sendanonymoususage=false' - --entryPoints.websecure.http.tls=true - --entrypoints.web.http.redirections.entrypoint.to=:443 + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.web.http.redirections.entrypoint.permanent=true - - --providers.kubernetesingress - - --providers.kubernetesingress.ingressclass=public - - --providers.kubernetesingress.ingressendpoint.publishedservice=kube-system/traefik-v2 - - --providers.kubernetescrd.ingressclass=public - - --serverstransport.insecureskipverify - # - --entryPoints.metrics.address=:8082 - # - --metrics.prometheus.entryPoint=metrics - # - --metrics.prometheus - # - --log.level=DEBUG - - --accesslog - - logs: - loglevel: warn - - globalArguments: - - '' - ssl: - enabled: true - enforced: true + # PSA Settings + - --serversTransport.forwardingTimeouts.responseHeaderTimeout=1s + - --serversTransport.forwardingTimeouts.dialTimeout=1s + - --serversTransport.maxIdleConnsPerHost=7 + # For the future: + # - --certificatesresolvers..acme.preferredchain + # - --certificatesresolvers..acme.keytype rbac: enabled: true + namespaced: false + + ingressRoute: + dashboard: + enabled: false - kubernetes: - namespaces: - - kube-public + providers: + kubernetesCRD: + enabled: true + kubernetesIngress: + enabled: true + + logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the logs use a text format (common), but you can + # also ask for the json format in the format option + # format: json + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: ERROR + access: + # To enable access log + enabled: false diff --git a/Phonebook/readme.md b/Phonebook/readme.md index 955f72ea3..6840ee043 100644 --- a/Phonebook/readme.md +++ b/Phonebook/readme.md @@ -7,7 +7,7 @@ We use [traefik](https://traefik.io/) under the hood. ### Installation -> Please make sure you have a running Kubernetes Cluster, with Tiller and Helm installed. +> Please make sure you have a running Kubernetes Cluster and Helm installed. 1. Create your `values.yml`. For settings look [here](#Settings). @@ -19,6 +19,11 @@ We use [traefik](https://traefik.io/) under the hood. contactEmail: &contactEmail '' employeePictureEndpoint: '' assetsEndpoint: '' + + traefik: + # Only modify these do not touch "globalArguments" + additionalArguments: + - --entrypoints.web.http.redirections.entrypoint.to=:443 ``` For a more complete Example have a look at our demo [values.yml](../demo/values.yml). @@ -67,6 +72,6 @@ You need `helm3` and a running kubernetes cluster. 1. Add `phonebook-demo.local` to your hosts, pointing to `localhost` (127.0.0.1). 2. cd into the `/Phonebook` Folder -3. `helm install -f ./local-values.yml -n phonebook .\phonebook\` +3. `helm upgrade --namespace default --install -values ./local-values.yml --set frontend.image.tag=1.43.7,source.peoplesoft.image.tag=4374 --wait phonebook .\phonebook\` Debug: `helm install --dry-run --debug -n phonebook .\phonebook\` diff --git a/demo/Phonebook.Assets.yml b/demo/Phonebook.Assets.yml index 17b2af596..c1eff340b 100644 --- a/demo/Phonebook.Assets.yml +++ b/demo/Phonebook.Assets.yml @@ -45,7 +45,9 @@ kind: Ingress metadata: name: phonebook-assets-ingress annotations: + kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.pathmatcher: PathPrefix + traefik.ingress.kubernetes.io/router.priority: '100' spec: rules: - http: diff --git a/demo/Phonebook.traefik-dashboard.yml b/demo/Phonebook.traefik-dashboard.yml new file mode 100644 index 000000000..076adfcd0 --- /dev/null +++ b/demo/Phonebook.traefik-dashboard.yml @@ -0,0 +1,13 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: traefik-dashboard +spec: + routes: + - match: Host(`board.demo-phonebook.aquiver.de`) + kind: Rule + services: + - name: api@internal + kind: TraefikService + middlewares: + - name: https-redirectscheme diff --git a/demo/assets/Dockerfile b/demo/assets/Dockerfile index 62c873abc..7989b57c9 100644 --- a/demo/assets/Dockerfile +++ b/demo/assets/Dockerfile @@ -6,6 +6,6 @@ COPY ./nginx/ ./ RUN rm -r /usr/share/nginx/html/* -COPY ./assets /usr/share/nginx/html +COPY ./assets /usr/share/nginx/html/assets CMD ["nginx"] diff --git a/demo/values.yml b/demo/values.yml index 85718be0e..9465c2012 100644 --- a/demo/values.yml +++ b/demo/values.yml @@ -44,21 +44,27 @@ affinity: {} traefik: deployment: enabled: true - ssl: - enabled: true - enforced: true - acme: - staging: false - enabled: true - email: *contactEmail - onHostRule: true - challengeType: 'http-01' - domains: - enabled: true - rbac: - enabled: true - kubernetes: - namespaces: - - kube-public - - default + # Only modify these do not touch "globalArguments" + additionalArguments: + - --entrypoints.web.http.redirections.entrypoint.to=:443 + - --entrypoints.websecure.http.tls.certResolver=default + - --certificatesresolvers.default.acme.httpchallenge=true + - --certificatesresolvers.default.acme.httpchallenge.entrypoint=web + - --certificatesresolvers.default.acme.storage=tmp/acme.json + - --certificatesresolvers.default.acme.email=phonebook-t-systems-mms@mg.telekom.de + # - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory + - --api.dashboard=true + - --api=true + + logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the logs use a text format (common), but you can + # also ask for the json format in the format option + # format: json + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: INFO + access: + # To enable access log + enabled: false