adrien/ansible-role-k8s-traefik
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
ansible-role-k8s-traefik/templates/traefik-ondemand-plugin.yml.j2

134 lines
3.6 KiB
Django/Jinja
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: sablier
labels:
app.kubernetes.io/name: sablier
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: sablier
template:
metadata:
labels:
app.kubernetes.io/name: sablier
spec:
serviceAccountName: sablier
serviceAccount: sablier
containers:
- name: sablier
image: sablierapp/sablier:{{ traefik_sabblier_version }}
args:
- "start"
- "--provider.name=kubernetes"
- "--server.port=10000"
- "--storage.file=/dev/shm/state.json"
ports:
- containerPort: 10000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
# --configFile=path/to/myconfigfile.yml
---
apiVersion: v1
kind: Service
metadata:
name: sablier
spec:
selector:
app.kubernetes.io/name: sablier
ports:
- protocol: TCP
port: 10000
targetPort: 10000
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: sablier
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: sablier
# namespace: {{ traefik_namespace }}
rules:
- apiGroups:
- apps
- ""
resources:
- deployments
- statefulsets
verbs:
- get # Retrieve info about specific dep
- list # Events
- watch # Events
- apiGroups:
- apps
- ""
resources:
- deployments/scale
- statefulsets/scale
verbs:
- patch # Scale up and down
- get # Retrieve info about specific dep
- update # Scale up and down
- list # Events
- watch # Events
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: sablier
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: sablier
subjects:
- kind: ServiceAccount
name: sablier
namespace: {{ traefik_namespace }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-traefik-to-sablier
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: sablier
ingress:
- ports:
- port: 10000
from:
- podSelector:
matchLabels:
app.kubernetes.io/name: traefik
policyTypes:
- Ingress
#---
#apiVersion: traefik.io/v1alpha1
#kind: Middleware
#metadata:
# name: ondemand
#spec:
# plugin:
# names: toto # Comma separated names of containers/services/deployments etc.
# group: default # Group name to use to filter by label, ignored if names is set
# dynamic:
# displayName: My Title # (Optional) Defaults to the middleware name
# refreshFrequency: 5s # (Optional) The loading page refresh frequency
# showDetails: "true" # (Optional) Set to true or false to show details specifcally for this middleware, unset to use Sablier server defaults
# theme: hacker-terminal # (Optional) The theme to use
# sablierUrl: http://sablier.{{ traefik_namespace }}:10000 # The sablier URL service, must be reachable from the Traefik instance
# sessionDuration: 1m # The session duration after which containers/services/deployments instances are shutdown
Reference in a new issue View git blame Copy permalink