akashop/traefik/traefik-deployment.yml

kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-deployment
  namespace: traefik
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      # serviceAccountName: traefik-account
      serviceAccountName: traefik-ingress-controller
      containers:
        - name: traefik
          image: traefik:latest
          args:
            - --api.insecure
            - --log.level=DEBUG

            # access log - https://doc.traefik.io/traefik/observability/access-logs/#limiting-the-fieldsincluding-headers
            - --accesslog.filepath=/root/traefik/access.log
            - --accesslog.fields.headers.names.X-Forwarded-For=keep
            - --accesslog.fields.headers.names.User-Agent=keep

            # - --providers.kubernetesingress
            # - --providers.kubernetesingress.allowexternalnameservices=true
            - --providers.kubernetescrd
            - --providers.kubernetescrd.allowCrossNamespace=true

            - --entrypoints.web.address=:80
            - --entrypoints.websecure.address=:443
            
            # Get real client IP using proxy protocol 
            # https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol
            - --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16
            - --entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16

            # Get real client IP from X-Forwarded-For
            # - --entrypoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.2.0.0/16
            # - --entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,172.233.168.36/32

            - --certificatesresolvers.le.acme.email=learn@akamai.com
            - --certificatesresolvers.le.acme.storage=acme.json
            - --certificatesresolvers.le.acme.tlschallenge=true
            - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
            # - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
            # change caServer to production https://acme-v02.api.letsencrypt.org/directory
          ports:
            - name: web
              containerPort: 80
            - name: websecure
              containerPort: 443
            - name: dashboard
              containerPort: 8080
new file: akashop/deployment.yml 2024-04-01 07:49:44 +00:00			`kind: Deployment`
			`apiVersion: apps/v1`
			`metadata:`
			`name: traefik-deployment`
new file: akashop/hpa.yml 2024-04-26 07:55:41 +00:00			`namespace: traefik`
new file: akashop/deployment.yml 2024-04-01 07:49:44 +00:00			`labels:`
			`app: traefik`

			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: traefik`
			`template:`
			`metadata:`
			`labels:`
			`app: traefik`
			`spec:`
new file: traefik/kubernetes-crd-rbac.yml 2024-04-04 06:09:53 +00:00			`# serviceAccountName: traefik-account`
			`serviceAccountName: traefik-ingress-controller`
new file: akashop/deployment.yml 2024-04-01 07:49:44 +00:00			`containers:`
			`- name: traefik`
			`image: traefik:latest`
			`args:`
			`- --api.insecure`
			`- --log.level=DEBUG`
modified: traefik/traefik-deployment.yml 2024-04-29 09:08:50 +00:00
			`# access log - https://doc.traefik.io/traefik/observability/access-logs/#limiting-the-fieldsincluding-headers`
			`- --accesslog.filepath=/root/traefik/access.log`
			`- --accesslog.fields.headers.names.X-Forwarded-For=keep`
			`- --accesslog.fields.headers.names.User-Agent=keep`

new file: traefik/kubernetes-crd-rbac.yml 2024-04-04 06:09:53 +00:00			`# - --providers.kubernetesingress`
			`# - --providers.kubernetesingress.allowexternalnameservices=true`
			`- --providers.kubernetescrd`
			`- --providers.kubernetescrd.allowCrossNamespace=true`
modified: traefik/traefik-deployment.yml 2024-04-29 09:08:50 +00:00
new file: akashop/deployment.yml 2024-04-01 07:49:44 +00:00			`- --entrypoints.web.address=:80`
			`- --entrypoints.websecure.address=:443`
modified: traefik/traefik-deployment.yml 2024-04-29 09:08:50 +00:00
			`# Get real client IP using proxy protocol`
			`# https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol`
			`- --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16`
			`- --entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16`

			`# Get real client IP from X-Forwarded-For`
			`# - --entrypoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.2.0.0/16`
			`# - --entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,172.233.168.36/32`

new file: akashop/deployment.yml 2024-04-01 07:49:44 +00:00			`- --certificatesresolvers.le.acme.email=learn@akamai.com`
			`- --certificatesresolvers.le.acme.storage=acme.json`
			`- --certificatesresolvers.le.acme.tlschallenge=true`
modified: traefik/traefik-deployment.yml 2024-04-29 09:08:50 +00:00			`- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory`
			`# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory`
modified: traefik/02-traefik.yml 2024-04-04 07:59:17 +00:00			`# change caServer to production https://acme-v02.api.letsencrypt.org/directory`
new file: akashop/deployment.yml 2024-04-01 07:49:44 +00:00			`ports:`
			`- name: web`
			`containerPort: 80`
			`- name: websecure`
			`containerPort: 443`
			`- name: dashboard`
			`containerPort: 8080`