136 lines
3.6 KiB
YAML
136 lines
3.6 KiB
YAML
---
|
|
- name: Install Gateway API CRDs
|
|
shell: |
|
|
microk8s kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/experimental-install.yaml
|
|
register: install_crds
|
|
changed_when: "'configured' in install_crds.stdout or 'created' in install_crds.stdout"
|
|
|
|
- name: Install Traefik CRDs
|
|
shell: |
|
|
microk8s kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
|
|
register: install_traefik_crds
|
|
changed_when: "'configured' in install_traefik_crds.stdout or 'created' in install_traefik_crds.stdout"
|
|
|
|
- name: Add Traefik Helm Repo
|
|
kubernetes.core.helm_repository:
|
|
name: traefik
|
|
repo_url: https://traefik.github.io/charts
|
|
|
|
- name: Install Traefik with Gateway API support
|
|
kubernetes.core.helm:
|
|
name: traefik
|
|
chart_ref: traefik/traefik
|
|
release_namespace: traefik
|
|
create_namespace: true
|
|
values:
|
|
providers:
|
|
kubernetesGateway:
|
|
enabled: true
|
|
experimentalChannel: true
|
|
ports:
|
|
web:
|
|
port: 80
|
|
websecure:
|
|
port: 443
|
|
ssh:
|
|
port: 2222
|
|
expose:
|
|
default: true
|
|
exposedPort: 2222
|
|
protocol: TCP
|
|
service:
|
|
type: LoadBalancer
|
|
gateway:
|
|
enabled: false
|
|
gatewayClass:
|
|
enabled: false
|
|
securityContext:
|
|
capabilities:
|
|
drop: [ALL]
|
|
add: [NET_BIND_SERVICE]
|
|
runAsNonRoot: true
|
|
runAsUser: 65532
|
|
runAsGroup: 65532
|
|
skip_crds: true
|
|
wait: true
|
|
|
|
- name: Create Gateway Class
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: GatewayClass
|
|
metadata:
|
|
name: traefik
|
|
spec:
|
|
controllerName: traefik.io/gateway-controller
|
|
|
|
- name: Create Gateway
|
|
kubernetes.core.k8s:
|
|
definition:
|
|
apiVersion: gateway.networking.k8s.io/v1
|
|
kind: Gateway
|
|
metadata:
|
|
name: main-gateway
|
|
namespace: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
spec:
|
|
gatewayClassName: traefik
|
|
listeners:
|
|
- name: web
|
|
port: 80
|
|
protocol: HTTP
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
- name: websecure
|
|
port: 443
|
|
protocol: HTTPS
|
|
hostname: git.svc.pguia.com
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: git-svc-pguia-com-tls
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
- name: ssh
|
|
port: 2222
|
|
protocol: TCP
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
- name: argocd-https
|
|
port: 443
|
|
protocol: HTTPS
|
|
hostname: argocd.svc.pguia.com
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: argocd-svc-pguia-com-tls
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
- name: grafana-https
|
|
port: 443
|
|
protocol: HTTPS
|
|
hostname: grafana.svc.pguia.com
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: grafana-svc-pguia-com-tls
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|
|
- name: ytd-https
|
|
port: 443
|
|
protocol: HTTPS
|
|
hostname: ytd.svc.pguia.com
|
|
tls:
|
|
mode: Terminate
|
|
certificateRefs:
|
|
- name: ytd-svc-pguia-com-tls
|
|
allowedRoutes:
|
|
namespaces:
|
|
from: All
|