Skip to content

Instantly share code, notes, and snippets.

@coderanger

coderanger/traefik.yaml

Created November 6, 2018 20:12
Show Gist options
  • Save coderanger/1d6b4c53a62fe0de17a86d3cab79ae20 to your computer and use it in GitHub Desktop.
Save coderanger/1d6b4c53a62fe0de17a86d3cab79ae20 to your computer and use it in GitHub Desktop.
Download ZIP
Traefik quick start
Raw
traefik.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: traefik
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik
namespace: traefik
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik
rules:
- apiGroups: [""]
resources: [services, endpoints, secrets]
verbs: [get, list, watch]
- apiGroups: [extensions]
resources: [ingresses]
verbs: [get, list, watch]
- apiGroups: [extensions]
resources: [ingresses/status]
verbs: [update]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik
subjects:
- kind: ServiceAccount
name: traefik
namespace: traefik
---
apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-config
namespace: traefik
data:
traefik.toml: |
defaultEntryPoints = ["http","https"]
logLevel = "INFO"
[entryPoints.http]
address = ":8080"
compress = true
[entryPoints.https]
address = ":8443"
compress = true
[entryPoints.https.tls]
minVersion = "VersionTLS11"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
]
[entryPoints.traefik]
address = ":8888"
[kubernetes]
[kubernetes.ingressEndpoint]
publishedService = "traefik/traefik"
[api]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
namespace: traefik
labels:
app: traefik
spec:
replicas: 2
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik
terminationGracePeriodSeconds: 60
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: failure-domain.beta.kubernetes.io/zone
labelSelector:
matchLabels:
app: traefik
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app: traefik
containers:
- name: default
image: traefik:1.7.4
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
- name: admin
containerPort: 8888
volumeMounts:
- name: config-volume
mountPath: /etc/traefik
volumes:
- name: config-volume
configMap:
name: traefik-config
---
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: traefik
spec:
selector:
app: traefik
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 8080
name: web
- protocol: TCP
port: 443
targetPort: 8443
name: https
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment