diff --git a/env.yaml.bash b/env.yaml.bash index e22cdb6..9bdd552 100755 --- a/env.yaml.bash +++ b/env.yaml.bash @@ -13,6 +13,7 @@ networking: contact: letsEncryptEmail: ops@example.com # FIXME + letsEncryptProductionEnabled: false metallb: secretkey: "$(pwgen -s 256 1)" diff --git a/k8s/riju.yaml b/k8s/riju.yaml index dc25937..66d97a4 100644 --- a/k8s/riju.yaml +++ b/k8s/riju.yaml @@ -119,6 +119,3 @@ spec: - name: http port: 80 targetPort: 6119 - ---- -kind: Ingress diff --git a/k8s/traefik-config.in.yaml b/k8s/traefik-config.in.yaml index ec668cd..de709d8 100644 --- a/k8s/traefik-config.in.yaml +++ b/k8s/traefik-config.in.yaml @@ -15,19 +15,27 @@ data: tls: true healthcheck: address: ":9000/tcp" + metrics: + address: ":9100/tcp" docker: address: ":31000/tcp" http: tls: true ping: entryPoint: "healthcheck" + metrics: + prometheus: + entryPoint: "metrics" providers: kubernetescrd: true kubernetesingress: true certificatesResolvers: riju: acme: + {{- if not .contact.letsEncryptProductionEnabled }} + caServer: https://acme-staging-v02.api.letsencrypt.org/directory + {{- end }} email: "{{ .contact.letsEncryptEmail }}" - storage: acme.json + storage: /data/acme.json httpChallenge: entryPoint: http diff --git a/k8s/traefik.yaml b/k8s/traefik.yaml index 4a9f4df..840a82f 100644 --- a/k8s/traefik.yaml +++ b/k8s/traefik.yaml @@ -1,8 +1,21 @@ # Based on traefik/traefik helm chart 20.8.0 for traefik v2.9.6 --- -apiVersion: apps/v1 +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + namespace: traefik + name: traefik-data +spec: + accessModes: [ReadWriteOnce] + resources: + requests: + storage: 128Mi + storageClassName: openebs-hostpath + +--- kind: Deployment +apiVersion: apps/v1 metadata: namespace: traefik name: traefik @@ -83,7 +96,8 @@ spec: configMap: name: traefik-config - name: data - emptyDir: {} + persistentVolumeClaim: + claimName: traefik-data - name: tmp emptyDir: {} securityContext: