From bfebd40a762546519b7c10ad7d0b4924ad08ee28 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Sat, 26 Oct 2019 09:18:30 +1100 Subject: [PATCH] updates and ingress controllers --- kubernetes/deployments/deployment.yaml | 2 +- .../ingress/controller/traefik-configmap.yaml | 174 ++++++++++++++++++ .../controller/traefik-deployment.yaml | 69 +++++++ .../ingress/controller/traefik-rbac.yaml | 43 +++++ .../ingress/controller/traefik-webui.yaml | 14 ++ kubernetes/ingress/ingress.yaml | 18 ++ kubernetes/services/service.yaml | 11 ++ 7 files changed, 330 insertions(+), 1 deletion(-) create mode 100644 kubernetes/ingress/controller/traefik-configmap.yaml create mode 100644 kubernetes/ingress/controller/traefik-deployment.yaml create mode 100644 kubernetes/ingress/controller/traefik-rbac.yaml create mode 100644 kubernetes/ingress/controller/traefik-webui.yaml create mode 100644 kubernetes/ingress/ingress.yaml create mode 100644 kubernetes/services/service.yaml diff --git a/kubernetes/deployments/deployment.yaml b/kubernetes/deployments/deployment.yaml index adfc3ca..1e68a69 100644 --- a/kubernetes/deployments/deployment.yaml +++ b/kubernetes/deployments/deployment.yaml @@ -22,7 +22,7 @@ spec: spec: containers: - name: example-app - image: aimvector/golang:1.0.0 + image: aimvector/python:1.0.0 imagePullPolicy: Always ports: - containerPort: 5000 diff --git a/kubernetes/ingress/controller/traefik-configmap.yaml b/kubernetes/ingress/controller/traefik-configmap.yaml new file mode 100644 index 0000000..6b991a2 --- /dev/null +++ b/kubernetes/ingress/controller/traefik-configmap.yaml @@ -0,0 +1,174 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: traefik-config + namespace: kube-system +data: + config.toml: |- + [metrics] + [metrics.prometheus] + entryPoint = "traefik" + buckets = [0.1,0.3,1.2,5.0] + [entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.http.redirect] + entryPoint = "https" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + [acme] + email = "your-email-here@my-awesome-app.org" + storage = "acme.json" + entryPoint = "https" + onHostRule = true + [[acme.domains]] + main = "local1.com" + [acme.httpChallenge] + entryPoint = "http" + ################################################################ + # Global configuration + ################################################################ + + # Enable debug mode + # + # Optional + # Default: false + # + # debug = true + + # Log level + # + # Optional + # Default: "ERROR" + # + # logLevel = "DEBUG" + + ################################################################ + # Entrypoints configuration + ################################################################ + + # Entrypoints definition + # + # Optional + # Default: + #[entrypoints] + # [entrypoints.web] + # address = ":80" + + ################################################################ + # Traefik logs configuration + ################################################################ + + # Traefik logs + # Enabled by default and log to stdout + # + # Optional + # + # [traefikLog] + + # Sets the filepath for the traefik log. If not specified, stdout will be used. + # Intermediate directories are created if necessary. + # + # Optional + # Default: os.Stdout + # + # filePath = "log/traefik.log" + + # Format is either "json" or "common". + # + # Optional + # Default: "common" + # + # format = "common" + + ################################################################ + # Access logs configuration + ################################################################ + + # Enable access logs + # By default it will write to stdout and produce logs in the textual + # Common Log Format (CLF), extended with additional fields. + # + # Optional + # + # [accessLog] + + # Sets the file path for the access log. If not specified, stdout will be used. + # Intermediate directories are created if necessary. + # + # Optional + # Default: os.Stdout + # + # filePath = "/path/to/log/log.txt" + + # Format is either "json" or "common". + # + # Optional + # Default: "common" + # + # format = "common" + + ################################################################ + # API and dashboard configuration + ################################################################ + + # Enable API and dashboard + #[api] + + # Name of the related entry point + # + # Optional + # Default: "traefik" + # + # entryPoint = "traefik" + + # Enabled Dashboard + # + # Optional + # Default: true + # + # dashboard = false + + ################################################################ + # Ping configuration + ################################################################ + + # Enable ping + #[ping] + + # Name of the related entry point + # + # Optional + # Default: "traefik" + # + # entryPoint = "traefik" + + ################################################################ + # Docker configuration backend + ################################################################ + + # Enable Docker configuration backend + #[docker] + + # Docker server endpoint. Can be a tcp or a unix socket endpoint. + # + # Required + # Default: "unix:///var/run/docker.sock" + # + # endpoint = "tcp://10.10.10.10:2375" + + # Default domain used. + # Can be overridden by setting the "traefik.domain" label on a container. + # + # Optional + # Default: "" + # + # domain = "docker.localhost" + + # Expose containers by default in traefik + # + # Optional + # Default: true + # + # exposedByDefault = true diff --git a/kubernetes/ingress/controller/traefik-deployment.yaml b/kubernetes/ingress/controller/traefik-deployment.yaml new file mode 100644 index 0000000..b32c7c1 --- /dev/null +++ b/kubernetes/ingress/controller/traefik-deployment.yaml @@ -0,0 +1,69 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-ingress-controller + namespace: kube-system +--- +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: traefik-ingress-controller + namespace: kube-system + labels: + k8s-app: traefik-ingress-lb +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: traefik-ingress-lb + template: + metadata: + labels: + k8s-app: traefik-ingress-lb + name: traefik-ingress-lb + spec: + serviceAccountName: traefik-ingress-controller + terminationGracePeriodSeconds: 60 + containers: + - image: traefik:v1.7.18-alpine + name: traefik-ingress-lb + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + - name: admin + containerPort: 8080 + args: + - --api + - --kubernetes + - --logLevel=INFO + - --configFile=/etc/traefik/config.toml + volumeMounts: + - name: traefik-config + mountPath: /etc/traefik/ + volumes: + - name: traefik-config + configMap: + name: traefik-config +--- +kind: Service +apiVersion: v1 +metadata: + name: traefik-ingress-service + namespace: kube-system +spec: + selector: + k8s-app: traefik-ingress-lb + type: LoadBalancer + ports: + - protocol: TCP + port: 80 + name: web + - protocol: TCP + port: 443 + name: https + - protocol: TCP + port: 8080 + name: admin diff --git a/kubernetes/ingress/controller/traefik-rbac.yaml b/kubernetes/ingress/controller/traefik-rbac.yaml new file mode 100644 index 0000000..8d2bf72 --- /dev/null +++ b/kubernetes/ingress/controller/traefik-rbac.yaml @@ -0,0 +1,43 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: traefik-ingress-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-ingress-controller +subjects: +- kind: ServiceAccount + name: traefik-ingress-controller + namespace: kube-system \ No newline at end of file diff --git a/kubernetes/ingress/controller/traefik-webui.yaml b/kubernetes/ingress/controller/traefik-webui.yaml new file mode 100644 index 0000000..a5ea622 --- /dev/null +++ b/kubernetes/ingress/controller/traefik-webui.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: traefik-web-ui + namespace: kube-system +spec: + selector: + k8s-app: traefik-ingress-lb + ports: + - name: web + port: 80 + targetPort: 8080 +--- diff --git a/kubernetes/ingress/ingress.yaml b/kubernetes/ingress/ingress.yaml new file mode 100644 index 0000000..55993da --- /dev/null +++ b/kubernetes/ingress/ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: example-service + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/frontend-entry-points: http,https + #traefik.ingress.kubernetes.io/redirect-entry-point: https + #traefik.ingress.kubernetes.io/redirect-permanent: "true" +spec: + rules: + - host: marcel.test + http: + paths: + - path: / + backend: + serviceName: example-service + servicePort: 80 \ No newline at end of file diff --git a/kubernetes/services/service.yaml b/kubernetes/services/service.yaml new file mode 100644 index 0000000..eec4232 --- /dev/null +++ b/kubernetes/services/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: example-service +spec: + selector: + app: example-app + ports: + - protocol: TCP + port: 80 + targetPort: 5000 \ No newline at end of file