feat(helm-traefik): Setting up Traefik using Helm-chart

QUICKSTART.md

@@ -43,7 +43,7 @@ kubectl apply -f metallb/00-manifest.yml
 ## Configure MetalLB
 
 ```shell
-kubectl apply -f metallb/02-configration.yml
+kubectl apply -f metallb/01-configuration.yml
 ```
 
 # Traefik

main.tf

@@ -30,22 +30,21 @@ provider "helm" {
 #  version    = "1.11.5"
 #}
 
-#resource "kubernetes_namespace" "traefik" {
-#  metadata {
-#    name = "traefik"
-#  }
-#}
-#
-#resource "helm_release" "traefik" {
-#  name = "traefik"
-#
-#  repository = "https://helm.traefik.io/traefik"
-#  chart      = "traefik"
-#  namespace  = "traefik"
-#  version    = "10.20.0"
-#
-#}
-#
+resource "kubernetes_namespace" "traefik" {
+  metadata {
+    name = "traefik-system"
+  }
+}
+
+resource "helm_release" "traefik" {
+  name = "traefik"
+
+  repository = "https://helm.traefik.io/traefik"
+  chart      = "traefik"
+  namespace  = "traefik"
+  version    = "10.20.0"
+}
+
 #resource "kubernetes_service" "traefik" {
 #  metadata {
 #    name      = "traefik"
@@ -66,58 +65,59 @@ provider "helm" {
 #  }
 #}
 
-resource "kubernetes_namespace" "test" {
-  metadata {
-    name = "nginx"
-  }
-}
+//resource "kubernetes_namespace" "test" {
+//  metadata {
+//    name = "nginx"
+//  }
+//}
+//
+//resource "kubernetes_service" "test" {
+//  metadata {
+//    name      = "nginx"
+//    namespace = kubernetes_namespace.test.metadata.0.name
+//  }
+//  spec {
+//    selector = {
+//      app = kubernetes_deployment.test.spec.0.template.0.metadata.0.labels.app
+//    }
+//
+//    type = "LoadBalancer"
+//    port {
+//      protocol    = "TCP"
+//      port        = 80
+//      target_port = 80
+//    }
+//  }
+//}
+//
+//resource "kubernetes_deployment" "test" {
+//  metadata {
+//    name      = "nginx"
+//    namespace = kubernetes_namespace.test.metadata.0.name
+//  }
+//  spec {
+//    replicas = 2
+//    selector {
+//      match_labels = {
+//        app = "MyTestApp"
+//      }
+//    }
+//    template {
+//      metadata {
+//        labels = {
+//          app = "MyTestApp"
+//        }
+//      }
+//      spec {
+//        container {
+//          image = "nginx"
+//          name  = "nginx-container"
+//          port {
+//            container_port = 80
+//          }
+//        }
+//      }
+//    }
+//  }
+//}
 
-resource "kubernetes_deployment" "test" {
-  metadata {
-    name      = "nginx"
-    namespace = kubernetes_namespace.test.metadata.0.name
-  }
-  spec {
-    replicas = 2
-    selector {
-      match_labels = {
-        app = "MyTestApp"
-      }
-    }
-    template {
-      metadata {
-        labels = {
-          app = "MyTestApp"
-        }
-      }
-      spec {
-        container {
-          image = "nginx"
-          name  = "nginx-container"
-          port {
-            container_port = 80
-          }
-        }
-      }
-    }
-  }
-}
-
-resource "kubernetes_service" "test" {
-  metadata {
-    name      = "nginx"
-    namespace = kubernetes_namespace.test.metadata.0.name
-  }
-  spec {
-    selector = {
-      app = kubernetes_deployment.test.spec.0.template.0.metadata.0.labels.app
-    }
-
-    type = "LoadBalancer"
-    port {
-      protocol    = "TCP"
-      port        = 80
-      target_port = 80
-    }
-  }
-}

traefik/03-deployment.yml

@@ -31,7 +31,7 @@ spec:
             - --api.insecure
             - --accesslog
             - --entrypoints.web.Address=:8000
-            - --entrypoints.websecure.Address=:4443
+            - --entrypoints.websecure.Address=:8443
             - --providers.kubernetescrd
             - --certificatesresolvers.myresolver.acme.tlschallenge
             - --certificatesresolvers.myresolver.acme.email=veghag@gmail.com
@@ -43,6 +43,6 @@ spec:
             - name: web
               containerPort: 8000
             - name: websecure
-              containerPort: 4443
+              containerPort: 8443
             - name: admin
               containerPort: 8080

traefik/custom-values.yaml

@@ -0,0 +1,9 @@
+# File custom-values.yml
+## Install with "helm install --values=traefik/custom-values.yml traefik traefik/traefik
+additionalArguments:
+  - "--log.level=DEBUG"
+  - "--api.insecure"
+  - "--accesslog"
+  - "--certificatesresolvers.myresolver.acme.tlschallenge"
+  - "--certificatesresolvers.myresolver.acme.email=veghag@gmail.com"
+  - "--certificatesresolvers.myresolver.acme.storage=acme.json"

whoami/00-whoami.yml

@@ -41,23 +41,6 @@ spec:
             - name: web
               containerPort: 80
 
----
-# IngressRoute for insecure whoami address
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: simpleingressroute
-  namespace: default
-spec:
-  entryPoints:
-    - web
-  routes:
-    - match: Host(`test.ratatoskr.myddns.rocks`) && PathPrefix(`/notls`)
-      kind: Rule
-      services:
-        - name: whoami
-          port: 80
-
 ---
 # IngressRoute for secure whoami address
 apiVersion: traefik.containo.us/v1alpha1
@@ -69,10 +52,27 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`test.ratatoskr.myddns.rocks`) && PathPrefix(`/tls`)
+    - match: Host(`whoami.ratatoskr.myddns.rocks`)
       kind: Rule
       services:
         - name: whoami
           port: 80
   tls:
     certResolver: myresolver
+
+---
+## IngressRoute for insecure whoami address
+#apiVersion: traefik.containo.us/v1alpha1
+#kind: IngressRoute
+#metadata:
+#  name: simpleingressroute
+#  namespace: default
+#spec:
+#  entryPoints:
+#    - web
+#  routes:
+#    - match: Host(`test.ratatoskr.myddns.rocks`) && PathPrefix(`/notls`)
+#      kind: Rule
+#      services:
+#        - name: whoami
+#          port: 80