128 lines
2.8 KiB
YAML
128 lines
2.8 KiB
YAML
# apiVersion: v1
|
|
# kind: Secret
|
|
# metadata:
|
|
# name: basic-auth-users-secret
|
|
# namespace: kubernetes-dashboard
|
|
# data:
|
|
# users: dXNlcjokYXByMSREdjgvWEFWayR1RmhjMlNyalloMGJuR09IYmNrV2oxCgo=
|
|
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: selfsigned
|
|
spec:
|
|
selfSigned: {}
|
|
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: kboard.taefik.local
|
|
namespace: kubernetes-dashboard
|
|
spec:
|
|
dnsNames:
|
|
- kboard.taefik.local
|
|
secretName: kboard.taefik.local
|
|
issuerRef:
|
|
name: selfsigned
|
|
kind: ClusterIssuer
|
|
|
|
# ---
|
|
|
|
# apiVersion: traefik.io/v1alpha1
|
|
# kind: ServersTransport
|
|
# metadata:
|
|
# name: insecure-transport
|
|
# namespace: kubernetes-dashboard
|
|
# spec:
|
|
# serverName: kubernetes-dashboard-kong-proxy
|
|
# insecureSkipVerify: true
|
|
---
|
|
# Declaring the user list
|
|
# apiVersion: traefik.io/v1alpha1
|
|
# kind: Middleware
|
|
# metadata:
|
|
# name: ingress-auth
|
|
# namespace: kubernetes-dashboard
|
|
# spec:
|
|
# basicAuth:
|
|
# secret: basic-auth-users-secret
|
|
|
|
# ---
|
|
# apiVersion: traefik.io/v1alpha1
|
|
# kind: Middleware
|
|
# metadata:
|
|
# name: strip-dashboard
|
|
# namespace: kubernetes-dashboard
|
|
# spec:
|
|
# stripPrefix:
|
|
# prefixes:
|
|
# - "/kboard"
|
|
# forceSlash: true
|
|
|
|
# ---
|
|
# Host(`test.traefik.local`) && PathPrefix(`/kboard`)
|
|
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: kubernetes-dashboard-ingress
|
|
namespace: kubernetes-dashboard
|
|
spec:
|
|
entryPoints:
|
|
# - web
|
|
- websecure
|
|
routes:
|
|
- match: Host(`kboard.taefik.local`)
|
|
kind: Rule
|
|
# middlewares:
|
|
# - name: ingress-auth
|
|
# namespace: kubernetes-dashboard
|
|
# - name: strip-dashboard
|
|
# namespace: kubernetes-dashboard
|
|
services:
|
|
- name: kubernetes-dashboard-kong-proxy
|
|
port: 443
|
|
# scheme: https
|
|
namespace: kubernetes-dashboard
|
|
serversTransport: insecure-transport
|
|
# Use the secret generated by cert-manager
|
|
tls:
|
|
secretName: kboard.taefik.local
|
|
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: ServersTransport
|
|
metadata:
|
|
name: insecure-transport
|
|
namespace: kubernetes-dashboard
|
|
spec:
|
|
insecureSkipVerify: true
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
annotations:
|
|
kubernetes.io/ingress.class: "traefik"
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
traefik.ingress.kubernetes.io/service.serverstransport: "kube-system@insecure-transport"
|
|
name: dashboard
|
|
namespace: kubernetes-dashboard
|
|
spec:
|
|
rules:
|
|
- host: dashboard.example.com
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: kubernetes-dashboard
|
|
port:
|
|
number: 443
|
|
tls:
|
|
- hosts:
|
|
- dashboard.example.com
|
|
secretName: dashboard-ingress-cert
|