159 lines
3.3 KiB
Go Template
159 lines
3.3 KiB
Go Template
deployment:
|
|
replicas: 2
|
|
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 64Mi
|
|
limits:
|
|
cpu: 1
|
|
memory: 128Mi
|
|
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 1
|
|
maxSurge: 1
|
|
|
|
podDisruptionBudget:
|
|
enabled: true
|
|
minAvailable: 1
|
|
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/name
|
|
operator: In
|
|
values:
|
|
- traefik
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
additionalArguments:
|
|
- "--api.basePath=/fog/traefik"
|
|
|
|
persistence:
|
|
enabled: false
|
|
|
|
logs:
|
|
format: json
|
|
access:
|
|
enabled: true
|
|
format: json
|
|
|
|
service:
|
|
spec:
|
|
externalTrafficPolicy: Local
|
|
|
|
ingressRoute:
|
|
dashboard:
|
|
enabled: true
|
|
matchRule: Host(`fog.incngrnt.ca`) && (PathPrefix(`/fog/traefik/dashboard`) || PathPrefix(`/fog/traefik/api`))
|
|
entryPoints: ["websecure"]
|
|
middlewares:
|
|
- name: traefik-dashboard-auth
|
|
tls:
|
|
secretName: fog-incngrnt-ca-tls
|
|
|
|
ports:
|
|
websecure:
|
|
middlewares:
|
|
- traefik-rate-limit@kubernetescrd
|
|
web:
|
|
middlewares:
|
|
- traefik-redirectscheme@kubernetescrd
|
|
ssh:
|
|
port: 2222
|
|
expose:
|
|
default: true
|
|
exposedPort: 2222
|
|
protocol: TCP
|
|
|
|
|
|
extraObjects:
|
|
- apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: traefik-dashboard-auth-secret
|
|
type: kubernetes.io/basic-auth
|
|
stringData:
|
|
username: admin
|
|
password: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }}
|
|
|
|
- apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: traefik-dashboard-auth
|
|
spec:
|
|
basicAuth:
|
|
secret: traefik-dashboard-auth-secret
|
|
- apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: rate-limit
|
|
spec:
|
|
rateLimit:
|
|
average: 50
|
|
burst: 100
|
|
- apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: redirectscheme
|
|
spec:
|
|
redirectScheme:
|
|
scheme: https
|
|
permanent: true
|
|
- apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: fog-incngrnt-ca
|
|
namespace: traefik
|
|
spec:
|
|
secretName: fog-incngrnt-ca-tls
|
|
issuerRef:
|
|
name: letsencrypt-incngrnt
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- fog.incngrnt.ca
|
|
|
|
# other certs
|
|
- apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: goatchat-ca
|
|
namespace: goatchat
|
|
spec:
|
|
secretName: goatchat-ca-tls
|
|
issuerRef:
|
|
name: letsencrypt-goatchat
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- goatchat.ca
|
|
- apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: incngrnt-ca
|
|
namespace: incngrnt-web
|
|
spec:
|
|
secretName: incngrnt-ca-tls
|
|
issuerRef:
|
|
name: letsencrypt-incngrnt
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- incngrnt.ca
|
|
- apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: photos-incngrnt-ca
|
|
namespace: immich
|
|
spec:
|
|
secretName: photos-incngrnt-ca-tls
|
|
issuerRef:
|
|
name: letsencrypt-incngrnt
|
|
kind: ClusterIssuer
|
|
dnsNames:
|
|
- photos.incngrnt.ca
|