mirror of
https://github.com/jpetazzo/container.training.git
synced 2026-02-14 17:49:59 +00:00
942f20812b
The section about Ingress has been both simplified (separating the content about taints and tolerations) and made somewhat deeper, to make it more compatible with both live classes and recorded videos. A new section about setting up Ingress Controllers has been added.
124 lines
2.4 KiB
YAML
124 lines
2.4 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: traefik
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: traefik
|
|
namespace: traefik
|
|
---
|
|
kind: DaemonSet
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: traefik
|
|
namespace: traefik
|
|
labels:
|
|
app: traefik
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: traefik
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: traefik
|
|
name: traefik
|
|
spec:
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
# If, for some reason, our CNI plugin doesn't support hostPort,
|
|
# we can enable hostNetwork instead. That should work everywhere
|
|
# but it doesn't provide the same isolation.
|
|
#hostNetwork: true
|
|
serviceAccountName: traefik
|
|
terminationGracePeriodSeconds: 60
|
|
containers:
|
|
- image: traefik:v3.5
|
|
name: traefik
|
|
ports:
|
|
- name: http
|
|
containerPort: 80
|
|
hostPort: 80
|
|
- name: https
|
|
containerPort: 443
|
|
hostPort: 443
|
|
- name: admin
|
|
containerPort: 8080
|
|
hostPort: 8080
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
add:
|
|
- NET_BIND_SERVICE
|
|
args:
|
|
- --accesslog
|
|
- --api
|
|
- --api.insecure
|
|
- --entrypoints.http.Address=:80
|
|
- --entrypoints.https.Address=:443
|
|
- --global.sendAnonymousUsage=true
|
|
- --log.level=INFO
|
|
- --metrics.prometheus
|
|
- --providers.kubernetesingress
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: traefik
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- services
|
|
- endpoints
|
|
- secrets
|
|
- nodes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- networking.k8s.io
|
|
resources:
|
|
- ingresses
|
|
- ingressclasses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- discovery.k8s.io
|
|
resources:
|
|
- endpointslices
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: traefik
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: traefik
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: traefik
|
|
namespace: traefik
|
|
---
|
|
kind: IngressClass
|
|
apiVersion: networking.k8s.io/v1
|
|
metadata:
|
|
name: traefik
|
|
annotations:
|
|
ingressclass.kubernetes.io/is-default-class: "true"
|
|
spec:
|
|
controller: traefik.io/ingress-controller
|