Refactor Authelia,Longhorn,Traefik; Enable ingress middlewares; Update docs
This commit is contained in:
159
ingress/Traefik2.x/helmchartconfig-traefik.yaml
Normal file
159
ingress/Traefik2.x/helmchartconfig-traefik.yaml
Normal file
@ -0,0 +1,159 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChartConfig
|
||||
metadata:
|
||||
name: traefik
|
||||
namespace: kube-system
|
||||
spec:
|
||||
valuesContent: |-
|
||||
additionalArguments:
|
||||
- "--providers.file.directory=/etc/traefik/dynamic"
|
||||
- "--providers.file.watch=true"
|
||||
certResolvers:
|
||||
default:
|
||||
email: letsencrypt.org.danny@spamasaurus.com
|
||||
storage: /data/acme.json
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
delayBeforeCheck: 5m0s
|
||||
resolvers:
|
||||
- 1.1.1.1:53
|
||||
- 1.0.0.1:53
|
||||
deployment:
|
||||
initContainers:
|
||||
- name: volume-permissions
|
||||
image: busybox:latest
|
||||
command:
|
||||
[
|
||||
"sh",
|
||||
"-c",
|
||||
"touch /data/acme.json; chown 65532 /data/acme.json; chmod -v 600 /data/acme.json",
|
||||
]
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
runAsGroup: 0
|
||||
runAsUser: 0
|
||||
volumeMounts:
|
||||
- name: traefik-data
|
||||
mountPath: /data
|
||||
env:
|
||||
- name: CF_API_EMAIL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: traefik-cloudflare
|
||||
key: CF_API_EMAIL
|
||||
- name: CF_API_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: traefik-cloudflare
|
||||
key: CF_API_KEY
|
||||
extraObjects:
|
||||
- apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: traefik-file-provider
|
||||
namespace: kube-system
|
||||
data:
|
||||
config.yml: |
|
||||
http:
|
||||
middlewares:
|
||||
2fa-authentication:
|
||||
forwardAuth:
|
||||
address: "https://auth.spamasaurus.com/api/verify?rd=https://auth.spamasaurus.com/"
|
||||
trustForwardHeader: true
|
||||
security-headers:
|
||||
headers:
|
||||
forceSTSHeader: true
|
||||
stsSeconds: 315360000
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
compression:
|
||||
compress: {}
|
||||
tls:
|
||||
options:
|
||||
defaults:
|
||||
minVersion: VersionTLS12
|
||||
sniStrict: true
|
||||
curvePreferences:
|
||||
- secp521r1
|
||||
- secp384r1
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
- TLS_CHACHA20_POLY1305_SHA256
|
||||
- TLS_FALLBACK_SCSV
|
||||
- apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: traefik-cloudflare
|
||||
namespace: kube-system
|
||||
spec:
|
||||
encryptedData:
|
||||
CF_API_EMAIL: AgCeBTkyKJ2iOEug2JLlnSt7nsR+UZDiCz+vYyUsk4HRmvPj2j6Vy46jzF3N26eDXA5glaL95OVIfrakAZ6StEe2tfb0PwQJcHxLsrzS95WN/9EqMpPz3PtoOFhqtLrOj9T05Q92RlY5E8nY5CEHAO0pdMUN8WR+mAm5coL4Cd5MFg54f+Y3U4NTG3DgeED5sE3O9u6kBMenSYsvD/9Bn3crigK/imE7NtDYn/cDLkxDPyL05gGzLScp9pzhChHe303vdLFy+NbXrVKB2p2PXxz/4aB48CIN/e8mdUGb/DTPakSbG1x4EKea+5N5FtxnZx+0mCmSiYwAH+kYvg25Wnf08+2CQsiaFbbTBWYjO9pkvrADOZ0IV/66fOIOaAQIxh2hztLgM/AAuuWsMV5CLSNG4JfnEMVwztWLxj/lz3vKpSQnzzh9DfX/Yzz4QtZlneCooc9TvhUn9UxPqB4ydXEyUUw8DAKQjVxVs0MmnVwp+tKY+xCUSRPPQ9Z1PvGS+i0m6L7Fm5WVXEUZT2jFSeBCHm+UBkY7COvm1VHinTviNZYXtP0tWCty8eg2AvbOl5vxoV2MJRkqYy8mfnRRlxY5zvKSdDjWgFQoHQgHjjKZqV2RE/PEaEfoQ+PLZSigkr2vFf6uFQ5P5riS69MaqvcwvBhYj5AnB3Ev8NW/kljRx6HeJWijEiLFuUmXqgHhtjoNfhRUjrGH25/XIXokAPA+McxCVbwFEQkiGAj69Wb6LQ/tu90=
|
||||
CF_API_KEY: AgBMs0EeSS9OW2zHjxIZqzEuvVf09phrzsD+5L90DKWsnQVUsV1kmSYk7fun6A76vlR5gnSlWLVl1n2EezNHnViXKyIwu1s01vJ+rTPvNcTdkGWGYB8ZYnqvIe7PB3L4pzaSjOcHJ6jazByz1GFHf5hQC9AdaFtPX6ie8EGV7vOD8fic35BMRV/Y3Qc77W1U0mmA22hgHyvTCqdvlObbkHd23a3ArFXk+ELdPM4E3sPefFWjF2nZOJ/4ltouKs/O4+D2RXc1Am3N8cxKyMc7rTBtz69BLJppyTj4DaAbwq+hN8A328wi9oAuu6ifY7zpd2w0exw3uOfAGoksQZrldYDnTc2w/ecrijcBmcVGQb2AoBS1m+ZXJIdii6E3oyW3wpTcPsgdS+z+xviBnQMtScr+KMHTRlayaQXfEc9kFPp+qqAlf+mIq+dB8xFtNCT2qICWThh3LKZh6i6SkYpR+kFBzqd2wqpjyBLIRAwkAKF1NvR1KQtYsMYNAMlchJ6nhcLz2GmmHqTG9L+NmSafEdLbOhy7lnofpHZ94xCvs75+AISobYVxSXPTERff4NOcb492JT7ojYBfSjD9aZq5B1KU0A6r8+gErK3SKfKh9DkT1lotIV/giOvKfAfJhecUFRRqeCrJPXJVeKJxbLRhDL2i3lEvQqIru/bxebuw5t83rU/2SD+fANgmjRvsz5w9x+pbeg9VyRMJerx9bLb+Gw+enDBqq+s5QIyNK1t5b5J+H+ta1uZO
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: traefik-cloudflare
|
||||
namespace: kube-system
|
||||
type: Opaque
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: true
|
||||
entryPoints:
|
||||
- websecure
|
||||
matchRule: Host(`ingress.spamasaurus.com`)
|
||||
middlewares:
|
||||
# - name: 2fa-authentication@file
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
logs:
|
||||
general:
|
||||
level: DEBUG
|
||||
persistence:
|
||||
enabled: true
|
||||
name: traefik-data
|
||||
path: /data
|
||||
storageClass: longhorn
|
||||
ports:
|
||||
web:
|
||||
redirectTo:
|
||||
port: websecure
|
||||
websecure:
|
||||
tls:
|
||||
options: defaults@file
|
||||
certResolver: default
|
||||
domains:
|
||||
- main: '*.spamasaurus.com'
|
||||
sans:
|
||||
- 'spamasaurus.com'
|
||||
- main: '*.bessems.com'
|
||||
sans:
|
||||
- 'bessems.com'
|
||||
- main: '*.bessems.eu'
|
||||
sans:
|
||||
- 'bessems.eu'
|
||||
- main: '*.gabaldon.eu'
|
||||
sans:
|
||||
- 'gabaldon.eu'
|
||||
- main: '*.gabaldon.nl'
|
||||
sans:
|
||||
- 'gabaldon.nl'
|
||||
- main: '*.itch.fyi'
|
||||
sans:
|
||||
- 'itch.fyi'
|
||||
service:
|
||||
spec:
|
||||
loadBalancerIP: "192.168.154.240"
|
||||
updateStrategy:
|
||||
type: Recreate
|
||||
rollingUpdate: null
|
||||
volumes:
|
||||
- name: traefik-file-provider
|
||||
type: configMap
|
||||
mountPath: /etc/traefik/dynamic
|
||||
Reference in New Issue
Block a user