Work on PodSecurityPolicy
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
f668bb276c
commit
3bb04bb45c
10 changed files with 132 additions and 50 deletions
64
templates/traefik-ingressroute.yml.j2
Normal file
64
templates/traefik-ingressroute.yml.j2
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: traefik
|
||||
namespace: {{ traefik_namespace }}
|
||||
labels:
|
||||
app: traefik
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- https
|
||||
routes:
|
||||
# Match is the rule corresponding to an underlying router.
|
||||
# Later on, match could be the simple form of a path prefix, e.g. just "/bar",
|
||||
# but for now we only support a traefik style matching rule.
|
||||
# - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
|
||||
- match: Host(`traefik.{{ traefik_domain }}`)
|
||||
# kind could eventually be one of "Rule", "Path", "Host", "Method", "Header",
|
||||
# "Parameter", etc, to support simpler forms of rule matching, but for now we
|
||||
# only support "Rule".
|
||||
kind: Rule
|
||||
{% if basic_auth is defined or ingress_whitelist is defined %}
|
||||
middlewares:
|
||||
{% if ingress_whitelist is defined %}
|
||||
- name: traefik-ipwhitelist
|
||||
{% endif %}
|
||||
{% if basic_auth is defined %}
|
||||
- name: basic-auth
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
services:
|
||||
- name: api@internal
|
||||
kind: TraefikService
|
||||
# - name: traefik-dashboard
|
||||
# port: 8080
|
||||
# # (default 1) A weight used by the weighted round-robin strategy (WRR).
|
||||
# weight: 1
|
||||
# # (default true) PassHostHeader controls whether to leave the request's Host
|
||||
# # Header as it was before it reached the proxy, or whether to let the proxy set it
|
||||
# # to the destination (backend) host.
|
||||
# passHostHeader: true
|
||||
# responseForwarding:
|
||||
# # (default 100ms) Interval between flushes of the buffered response body to the client.
|
||||
# flushInterval: 100ms
|
||||
- match: Host(`traefik.{{ traefik_domain }}`) && PathPrefix(`/ping`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: ping@internal
|
||||
kind: TraefikService
|
||||
- match: Host(`traefik.{{ traefik_domain }}`) && PathPrefix(`/metrics`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: prometheus@internal
|
||||
kind: TraefikService
|
||||
|
||||
|
||||
|
||||
tls:
|
||||
{% if traefik_dashboard_certificate is defined %}
|
||||
secretName: {{ traefik_dashboard_certificate }}
|
||||
{% endif %}
|
||||
options:
|
||||
name: default
|
||||
namespace: {{ traefik_namespace }}
|
||||
Loading…
Add table
Add a link
Reference in a new issue