➜ git clone git@xxx
➜ cd traefik
TrafficType: internal
serviceType: ClusterIP
nodeSelector: {
edgenode: "true"
}
tolerations:
- key: "dedicated"
operator: "Equal"
value: "internal"
effect: "NoSchedule"
kubernetes:
labelSelector: traffic-type=internal
ssl:
enabled: true
defaultCert:
defaultKey:
acme:
enabled: false
#默认打开dashboard, 设置认证和白名单
dashboard:
enabled: true
domain: traefik-internal.gxd88.cn
ingress:
labels:
traffic-type: internal
annotations:
traefik.ingress.kubernetes.io/whitelist-source-range: "172.16.0.0/12, 10.40.0.0/16, 10.40.0.0/16"
auth:
basic:
admin: $apr1$grwXYah.$V9Xqu.CNQOneRssUSQTui0
gzip:
enabled: true
accessLogs:
enabled: true
format: json
rbac:
enabled: true
deployment:
hostPort:
httpEnabled: true
httpsEnabled: true
dashboardEnabled: true
TrafficType: external
serviceType: ClusterIP
replicas: 1
nodeSelector: {
edgenode: "true"
}
tolerations:
- key: "dedicated"
operator: "Equal"
value: "external"
effect: "NoSchedule"
kubernetes:
labelSelector: traffic-type=external
ssl:
enabled: true
enforced: false
insecureSkipVerify: false
tlsMinVersion: VersionTLS12
defaultCert:
defaultKey:
acme:
enabled: true
email: gongxiude@gxd88.cn
staging: trues
logging: true
domains:
enabled: true
domainsList:
- main: "*.gxd88.cn"
challengeType: dns-01
dnsProvider:
name: dnspod
dnspod:
DNSPOD_API_KEY: "62355,2a66ccb57a10930963c230d1ea53ef40"
persistence:
enabled: true
annotations: {volume.beta.kubernetes.io/storage-class: "example-nfs"}
storageClass: "example-nfs"
accessMode: ReadWriteOnce
size: 1Gi
dashboard:
enabled: true
domain: traefik-external.gxd88.cn
service:
ingress:
labels:
traffic-type: external
annotations:
traefik.ingress.kubernetes.io/whitelist-source-range: "172.16.0.0/12, 10.40.0.0/16, 10.40.0.0/16"
auth:
basic:
admin: $apr1$grwXYah.$V9Xqu.CNQOneRssUSQTui0
gzip:
enabled: true
accessLogs:
enabled: true
format: json
rbac:
enabled: true
metrics:
prometheus:
enabled: false
deployment:
hostPort:
httpEnabled: true
httpsEnabled: true
dashboardEnabled: true
TrafficType: external
replicas: 1
nodeSelector: {
edgenode: "true"
}
tolerations:
- key: "dedicated"
operator: "Equal"
value: "external"
effect: "NoSchedule"
kubernetes:
labelSelector: traffic-type=external
TrafficType: external|internal|public
nodeSelector:需要设置节点为边缘节点, edgenode: "true"
添加toleration,选择 dedicated=external|internal|public
Traffic 根据label 选择部署的场景traffic-type=external|internal|public
dashboard:
enabled: true
domain: traefik-external.gxd88.cn
ingress:
labels:
traffic-type: external
annotations:
traefik.ingress.kubernetes.io/whitelist-source-range: "172.16.0.0/12, 10.40.0.0/16, 10.40.0.0/16"
auth:
basic:
admin: $apr1$grwXYah.$V9Xqu.CNQOneRssUSQTui0
其中ingress.labels 设置为traffic-type: external|internal
annotations: traefik.ingress.kubernetes.io/whitelist-source-range 开启白名单
auth.basic dashboar 开启认证, 使用htpasswd来生成默认为admin/
Let's Encrypt 生成泛域名https证书
acme:
enabled: true
email: yunwei@wecsah.net
staging: true
logging: true
domains:
enabled: true
domainsList:
- main: "*.gxd88.cn"
challengeType: dns-01
dnsProvider:
name: dnspod
dnspod:
DNSPOD_API_KEY: ""
persistence:
enabled: true
annotations: {volume.beta.kubernetes.io/storage-class: "example-nfs"}
storageClass: "example-nfs"
accessMode: ReadWriteOnce
size: 1Gi