t.behrendt/k
1
0
Fork 0
Code Issues 1 Pull Requests Actions Activity
Files
cd201803a170dc69caea9b058d44689df24adb11
k/traefik/traefik-config.yaml
Timo Behrendt cd201803a1
Some checks failed
Deploy / check-changes (push) Successful in 5s
Details
Deploy / deploy-node-labels (push) Has been skipped
Details
Deploy / deploy-coredns (push) Has been skipped
Details
Deploy / deploy-crowdsec (push) Successful in 13s
Details
Deploy / deploy-traefik (push) Failing after 11m12s
Details
feat: add crowdsec (#10) 
Reviewed-on: #10
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
2025-12-28 09:51:45 +01:00

101 lines
2.6 KiB
YAML
Raw Blame History

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
nodeSelector:
kubernetes.io/hostname: k3sh0
providers:
kubernetesCRD:
allowCrossNamespace: true
certResolvers:
letsencrypt:
email: admin@t00n.de
dnsChallenge:
provider: ionos
delayBeforeCheck: 60
resolvers:
- 1.1.1.1
storage: /data/acme-ionos.json
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`traefik.monitor.k8s.t000-n.de`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
middlewares:
- name: localipfilter
entryPoints: ["websecure"]
env:
- name: IONOS_API_KEY
valueFrom:
secretKeyRef:
key: apiKey
name: ionos-api-credentials
- name: CROWDSEC_BOUNCER_API_KEY
valueFrom:
secretKeyRef:
name: crowdsec-bouncer-api-key
key: api-key
ports:
web:
port: 8000
expose: true
exposedPort: 80
nodePort: 32080
websecure:
port: 8443
expose: true
exposedPort: 443
nodePort: 32443
tls:
enabled: true
certResolver: "letsencrypt"
service:
enabled: true
single: true
type: LoadBalancer
spec:
externalTrafficPolicy: Local
externalIPs:
- 192.168.0.50
- 192.168.0.51
- 192.168.0.52
- 192.168.0.53
persistence:
enabled: true
name: data
accessMode: ReadWriteMany
size: 1Gi
storageClass: longhorn
path: /data
extraObjects:
- apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: localipfilter
namespace: kube-system
spec:
ipWhiteList:
sourceRange:
- 192.168.0.0/24
- 172.16.0.0/16
- 10.0.0.0/8
- apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: adminbasicauth
namespace: kube-system
spec:
basicAuth:
secret: adminbasicauthsecret
experimental:
plugins:
crowdsec-bouncer-traefik-plugin:
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
version: v1.4.6
additionalArguments:
- "--providers.kubernetescrd"
- "--entrypoints.web.http.middlewares=crowdsec-bouncer@kubernetescrd"
- "--entrypoints.websecure.http.middlewares=internal-crowdsec-bouncer@kubernetescrd"
Reference in New Issue View Git Blame Copy Permalink