From 43034bb8c0cfb6083fbfce9a675828ea8da61e14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaros=C5=82aw=20Karcewicz?= Date: Sun, 27 Mar 2022 08:11:20 +0200 Subject: [PATCH] . --- Traefik-labs/dashboard.yml | 14 +++ Traefik-labs/nginx/czerwona/index.html | 15 ++++ Traefik-labs/nginx/nginx_czerwony.yml | 43 +++++++++ Traefik-labs/nginx/nginx_niebieski.yml | 43 +++++++++ Traefik-labs/nginx/nginx_zielony.yml | 43 +++++++++ Traefik-labs/nginx/niebieska/index.html | 15 ++++ Traefik-labs/nginx/zielona/index.html | 15 ++++ Traefik-labs/tls/basicauthssl.yaml | 62 +++++++++++++ Traefik-labs/tls/basicauthsslredirect.yaml | 75 ++++++++++++++++ Traefik-labs/tls/dashboard/dashboard.yml | 88 +++++++++++++++++++ Traefik-labs/tls/lets-issuer.yaml | 20 +++++ Traefik-labs/tls/letscert.yaml | 12 +++ Traefik-labs/tls/self-issuer.yaml | 6 ++ Traefik-labs/tls/selfsignedcert.yaml | 12 +++ Traefik-labs/traefik/dashboard/dashboard.yml | 41 +++++++++ Traefik-labs/traefik/ingressroute1.yml | 14 +++ Traefik-labs/traefik/ingressroute2.yml | 14 +++ Traefik-labs/traefik/ingressroute3.yml | 24 +++++ .../traefik/middlewares/basicauth.yml | 42 +++++++++ .../traefik/middlewares/redirectssl.yml | 48 ++++++++++ .../traefik/middlewares/stripprefix.yml | 41 +++++++++ Traefik-labs/traefik/wrr/wrr.yaml | 35 ++++++++ 22 files changed, 722 insertions(+) create mode 100644 Traefik-labs/dashboard.yml create mode 100644 Traefik-labs/nginx/czerwona/index.html create mode 100644 Traefik-labs/nginx/nginx_czerwony.yml create mode 100644 Traefik-labs/nginx/nginx_niebieski.yml create mode 100644 Traefik-labs/nginx/nginx_zielony.yml create mode 100644 Traefik-labs/nginx/niebieska/index.html create mode 100644 Traefik-labs/nginx/zielona/index.html create mode 100644 Traefik-labs/tls/basicauthssl.yaml create mode 100644 Traefik-labs/tls/basicauthsslredirect.yaml create mode 100644 Traefik-labs/tls/dashboard/dashboard.yml create mode 100644 Traefik-labs/tls/lets-issuer.yaml create mode 100644 Traefik-labs/tls/letscert.yaml create mode 100644 Traefik-labs/tls/self-issuer.yaml create mode 100644 Traefik-labs/tls/selfsignedcert.yaml create mode 100644 Traefik-labs/traefik/dashboard/dashboard.yml create mode 100644 Traefik-labs/traefik/ingressroute1.yml create mode 100644 Traefik-labs/traefik/ingressroute2.yml create mode 100644 Traefik-labs/traefik/ingressroute3.yml create mode 100644 Traefik-labs/traefik/middlewares/basicauth.yml create mode 100644 Traefik-labs/traefik/middlewares/redirectssl.yml create mode 100644 Traefik-labs/traefik/middlewares/stripprefix.yml create mode 100644 Traefik-labs/traefik/wrr/wrr.yaml diff --git a/Traefik-labs/dashboard.yml b/Traefik-labs/dashboard.yml new file mode 100644 index 0000000..a7cf378 --- /dev/null +++ b/Traefik-labs/dashboard.yml @@ -0,0 +1,14 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: dashboard + namespace: traefik +spec: + entryPoints: + - web + routes: + - match: Host(`traefik.adminakademia.pl`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) + kind: Rule + services: + - name: api@internal + kind: TraefikService \ No newline at end of file diff --git a/Traefik-labs/nginx/czerwona/index.html b/Traefik-labs/nginx/czerwona/index.html new file mode 100644 index 0000000..c999780 --- /dev/null +++ b/Traefik-labs/nginx/czerwona/index.html @@ -0,0 +1,15 @@ + +STRONA CZERWONA NGINX + + + +
STRONA CZERWONA NGINX !
+ + diff --git a/Traefik-labs/nginx/nginx_czerwony.yml b/Traefik-labs/nginx/nginx_czerwony.yml new file mode 100644 index 0000000..793306b --- /dev/null +++ b/Traefik-labs/nginx/nginx_czerwony.yml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: nginx + name: nginx-deploy-czerwony +spec: + replicas: 1 + selector: + matchLabels: + run: nginx-czerwony + template: + metadata: + labels: + run: nginx-czerwony + spec: + containers: + - name: nginx-czerwony + image: nginx + ports: + - containerPort: 80 + volumeMounts: + - name: html-czerwony + mountPath: /usr/share/nginx/html + volumes: + - name: html-czerwony + configMap: + name: czerwony-html + +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx-deploy-czerwony + labels: + app: nginx +spec: +# type: ClusterIP + ports: + - port: 80 + protocol: TCP + selector: + run: nginx-czerwony diff --git a/Traefik-labs/nginx/nginx_niebieski.yml b/Traefik-labs/nginx/nginx_niebieski.yml new file mode 100644 index 0000000..9d66709 --- /dev/null +++ b/Traefik-labs/nginx/nginx_niebieski.yml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: nginx + name: nginx-deploy-niebieski +spec: + replicas: 1 + selector: + matchLabels: + run: nginx-niebieski + template: + metadata: + labels: + run: nginx-niebieski + spec: + containers: + - name: nginx-niebieski + image: nginx + ports: + - containerPort: 80 + volumeMounts: + - name: html-niebieski + mountPath: /usr/share/nginx/html + volumes: + - name: html-niebieski + configMap: + name: niebieski-html + +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx-deploy-niebieski + labels: + app: nginx +spec: +# type: ClusterIP + ports: + - port: 80 + protocol: TCP + selector: + run: nginx-niebieski \ No newline at end of file diff --git a/Traefik-labs/nginx/nginx_zielony.yml b/Traefik-labs/nginx/nginx_zielony.yml new file mode 100644 index 0000000..a2b3be8 --- /dev/null +++ b/Traefik-labs/nginx/nginx_zielony.yml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: nginx + name: nginx-deploy-zielony +spec: + replicas: 1 + selector: + matchLabels: + run: nginx-zielony + template: + metadata: + labels: + run: nginx-zielony + spec: + containers: + - name: nginx-zielony + image: nginx + ports: + - containerPort: 80 + volumeMounts: + - name: html-zielony + mountPath: /usr/share/nginx/html + volumes: + - name: html-zielony + configMap: + name: zielony-html + +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx-deploy-zielony + labels: + app: nginx +spec: +# type: ClusterIP + ports: + - port: 80 + protocol: TCP + selector: + run: nginx-zielony \ No newline at end of file diff --git a/Traefik-labs/nginx/niebieska/index.html b/Traefik-labs/nginx/niebieska/index.html new file mode 100644 index 0000000..f33c369 --- /dev/null +++ b/Traefik-labs/nginx/niebieska/index.html @@ -0,0 +1,15 @@ + +STRONA NIEBIESKA NGINX + + + +
STRONA NIEBIESKA NGINX !
+ + diff --git a/Traefik-labs/nginx/zielona/index.html b/Traefik-labs/nginx/zielona/index.html new file mode 100644 index 0000000..14e5ec9 --- /dev/null +++ b/Traefik-labs/nginx/zielona/index.html @@ -0,0 +1,15 @@ + +STRONA ZIELONA NGINX + + + +
STRONA ZIELONA NGINX !
+ + diff --git a/Traefik-labs/tls/basicauthssl.yaml b/Traefik-labs/tls/basicauthssl.yaml new file mode 100644 index 0000000..3cfb354 --- /dev/null +++ b/Traefik-labs/tls/basicauthssl.yaml @@ -0,0 +1,62 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: nginx-basicauth +spec: + basicAuth: + secret: authsecret + + +--- +# Przyklad: +# htpasswd -nb user password | base64 +# dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo= + + +apiVersion: v1 +kind: Secret +metadata: + name: authsecret + +data: + users: | + dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo= + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx-http + namespace: default +spec: + entryPoints: + - web + routes: + - match: Host(`nginx.adminakademia.pl`) + kind: Rule + middlewares: + - name: nginx-basicauth + services: + - name: nginx-deploy-czerwony + port: 80 + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx-https + namespace: default +spec: + entryPoints: + - websecure + routes: + - match: Host(`nginx.adminakademia.pl`) + kind: Rule + middlewares: + - name: nginx-basicauth + services: + - name: nginx-deploy-czerwony + port: 80 + tls: + secretName: nginx.adminakademia.pl \ No newline at end of file diff --git a/Traefik-labs/tls/basicauthsslredirect.yaml b/Traefik-labs/tls/basicauthsslredirect.yaml new file mode 100644 index 0000000..e0f09da --- /dev/null +++ b/Traefik-labs/tls/basicauthsslredirect.yaml @@ -0,0 +1,75 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: nginx-redirect-scheme +spec: + redirectScheme: + scheme: https + permanent: true + port: "443" + + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: nginx-basicauth +spec: + basicAuth: + secret: authsecret + + +--- +# Przyklad: +# htpasswd -nb user password | base64 +# dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo= + + +apiVersion: v1 +kind: Secret +metadata: + name: authsecret + +data: + users: | + dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo= + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx-http + namespace: default +spec: + entryPoints: + - web + routes: + - match: Host(`testcert.adminakademia.pl`) + kind: Rule + middlewares: + - name: nginx-redirect-scheme + services: + - name: nginx-deploy-czerwony + port: 80 + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx-https + namespace: default +spec: + entryPoints: + - websecure + routes: + - match: Host(`testcert.adminakademia.pl`) + kind: Rule + middlewares: + - name: nginx-basicauth + services: + - name: nginx-deploy-czerwony + port: 80 + tls: + secretName: testcert.adminakademia.pl \ No newline at end of file diff --git a/Traefik-labs/tls/dashboard/dashboard.yml b/Traefik-labs/tls/dashboard/dashboard.yml new file mode 100644 index 0000000..1810715 --- /dev/null +++ b/Traefik-labs/tls/dashboard/dashboard.yml @@ -0,0 +1,88 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: traefik.adminakademia.pl + namespace: traefik +spec: + dnsNames: + - traefik.adminakademia.pl + secretName: traefik.adminakademia.pl + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: traefik-redirect-scheme + namespace: traefik +spec: + redirectScheme: + scheme: https + permanent: true + port: "443" + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: dashboard-basicauth + namespace: traefik +spec: + basicAuth: + secret: dashboardsecret + + +--- +apiVersion: v1 +kind: Secret +metadata: + name: dashboardsecret + namespace: traefik +data: + users: | + dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo= + + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: dashboard-http + namespace: traefik +spec: + entryPoints: + - web + routes: + - match: Host(`traefik.adminakademia.pl`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) + kind: Rule + middlewares: + - name: traefik-redirect-scheme + services: + - name: api@internal + kind: TraefikService + + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: dashboard-https + namespace: traefik +spec: + entryPoints: + - websecure + routes: + - match: Host(`traefik.adminakademia.pl`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) + kind: Rule + middlewares: + - name: dashboard-basicauth + services: + - name: api@internal + kind: TraefikService + tls: + secretName: traefik.adminakademia.pl diff --git a/Traefik-labs/tls/lets-issuer.yaml b/Traefik-labs/tls/lets-issuer.yaml new file mode 100644 index 0000000..f573480 --- /dev/null +++ b/Traefik-labs/tls/lets-issuer.yaml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production + namespace: default +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # server: https://acme-staging-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: kontakt@adminakademia.pl + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-production + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + class: traefik \ No newline at end of file diff --git a/Traefik-labs/tls/letscert.yaml b/Traefik-labs/tls/letscert.yaml new file mode 100644 index 0000000..2b4981e --- /dev/null +++ b/Traefik-labs/tls/letscert.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: testcert.adminakademia.pl + namespace: default +spec: + dnsNames: + - testcert.adminakademia.pl + secretName: testcert.adminakademia.pl + issuerRef: + name: letsencrypt-production + kind: ClusterIssuer diff --git a/Traefik-labs/tls/self-issuer.yaml b/Traefik-labs/tls/self-issuer.yaml new file mode 100644 index 0000000..07d2b7b --- /dev/null +++ b/Traefik-labs/tls/self-issuer.yaml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned +spec: + selfSigned: {} \ No newline at end of file diff --git a/Traefik-labs/tls/selfsignedcert.yaml b/Traefik-labs/tls/selfsignedcert.yaml new file mode 100644 index 0000000..acb6ccc --- /dev/null +++ b/Traefik-labs/tls/selfsignedcert.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nginx.adminakademia.pl + namespace: default +spec: + dnsNames: + - nginx.adminakademia.pl + secretName: nginx.adminakademia.pl + issuerRef: + name: selfsigned + kind: ClusterIssuer \ No newline at end of file diff --git a/Traefik-labs/traefik/dashboard/dashboard.yml b/Traefik-labs/traefik/dashboard/dashboard.yml new file mode 100644 index 0000000..2393973 --- /dev/null +++ b/Traefik-labs/traefik/dashboard/dashboard.yml @@ -0,0 +1,41 @@ + +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: dashboard-basicauth + namespace: traefik +spec: + basicAuth: + secret: dashboardsecret + + +--- +apiVersion: v1 +kind: Secret +metadata: + name: dashboardsecret + namespace: traefik +data: + users: | + dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo= + + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: dashboard + namespace: traefik +spec: + entryPoints: + - web + routes: + - match: Host(`traefik.adminakademia.pl`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) + kind: Rule + middlewares: + - name: dashboard-basicauth + services: + - name: api@internal + kind: TraefikService + diff --git a/Traefik-labs/traefik/ingressroute1.yml b/Traefik-labs/traefik/ingressroute1.yml new file mode 100644 index 0000000..4c3e34e --- /dev/null +++ b/Traefik-labs/traefik/ingressroute1.yml @@ -0,0 +1,14 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx + namespace: default +spec: + entryPoints: + - web + routes: + - match: Host(`nginx.adminakademia.pl`) + kind: Rule + services: + - name: nginx-deploy-czerwony + port: 80 diff --git a/Traefik-labs/traefik/ingressroute2.yml b/Traefik-labs/traefik/ingressroute2.yml new file mode 100644 index 0000000..975c7ab --- /dev/null +++ b/Traefik-labs/traefik/ingressroute2.yml @@ -0,0 +1,14 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx + namespace: default +spec: + entryPoints: + - web + routes: + - match: Host(`nginx.adminakademia.pl`, `nginx.adminrulez.pl`) + kind: Rule + services: + - name: nginx-deploy-czerwony + port: 80 diff --git a/Traefik-labs/traefik/ingressroute3.yml b/Traefik-labs/traefik/ingressroute3.yml new file mode 100644 index 0000000..a7d1e4e --- /dev/null +++ b/Traefik-labs/traefik/ingressroute3.yml @@ -0,0 +1,24 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx + namespace: default +spec: + entryPoints: + - web + routes: + - match: Host(`czerwony.adminakademia.pl`) + kind: Rule + services: + - name: nginx-deploy-czerwony + port: 80 + - match: Host(`zielony.adminakademia.pl`) + kind: Rule + services: + - name: nginx-deploy-zielony + port: 80 + - match: Host(`niebieski.adminakademia.pl`) + kind: Rule + services: + - name: nginx-deploy-niebieski + port: 80 diff --git a/Traefik-labs/traefik/middlewares/basicauth.yml b/Traefik-labs/traefik/middlewares/basicauth.yml new file mode 100644 index 0000000..790a637 --- /dev/null +++ b/Traefik-labs/traefik/middlewares/basicauth.yml @@ -0,0 +1,42 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: nginx-basicauth +spec: + basicAuth: + secret: authsecret + + +--- +# Przyklad: +# htpasswd -nb user password | base64 +# dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo= + + +apiVersion: v1 +kind: Secret +metadata: + name: authsecret + +data: + users: | + dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo= + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx + namespace: default +spec: + entryPoints: + - web + routes: + - match: Host(`nginx.adminakademia.pl`) + kind: Rule + middlewares: + - name: nginx-basicauth + services: + - name: nginx-deploy-czerwony + port: 80 diff --git a/Traefik-labs/traefik/middlewares/redirectssl.yml b/Traefik-labs/traefik/middlewares/redirectssl.yml new file mode 100644 index 0000000..0b5975c --- /dev/null +++ b/Traefik-labs/traefik/middlewares/redirectssl.yml @@ -0,0 +1,48 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: nginx-redirectssl +spec: + redirectScheme: + scheme: https + permanent: true + port: "443" + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx-http + namespace: default +spec: + entryPoints: + - web + routes: + - match: Host(`nginx.adminakademia.pl`) + kind: Rule + middlewares: + - name: nginx-redirectssl + services: + - name: nginx-deploy-czerwony + port: 80 + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx-https + namespace: default +spec: + entryPoints: + - websecure + routes: + - match: Host(`nginx.adminakademia.pl`) + kind: Rule + services: + - name: nginx-deploy-czerwony + port: 80 + tls: + certResolver: letsencrypt + diff --git a/Traefik-labs/traefik/middlewares/stripprefix.yml b/Traefik-labs/traefik/middlewares/stripprefix.yml new file mode 100644 index 0000000..e1f1ae5 --- /dev/null +++ b/Traefik-labs/traefik/middlewares/stripprefix.yml @@ -0,0 +1,41 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: nginx-stripprefix +spec: + stripPrefix: + prefixes: + - /zielony + - /niebieski + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx + namespace: default +spec: + entryPoints: + - web + routes: + - match: Host(`nginx.adminakademia.pl`) + kind: Rule + services: + - name: nginx-deploy-czerwony + port: 80 + - match: Host(`nginx.adminakademia.pl`) && Path(`/zielony`) + kind: Rule + middlewares: + - name: nginx-stripprefix + services: + - name: nginx-deploy-zielony + port: 80 + - match: Host(`nginx.adminakademia.pl`) && Path(`/niebieski`) + kind: Rule + middlewares: + - name: nginx-stripprefix + services: + - name: nginx-deploy-niebieski + port: 80 + diff --git a/Traefik-labs/traefik/wrr/wrr.yaml b/Traefik-labs/traefik/wrr/wrr.yaml new file mode 100644 index 0000000..b316669 --- /dev/null +++ b/Traefik-labs/traefik/wrr/wrr.yaml @@ -0,0 +1,35 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: TraefikService +metadata: + name: nginx-wrr + namespace: default +spec: + weighted: + services: + - name: nginx-deploy-czerwony + port: 80 + weight: 0 + - name: nginx-deploy-zielony + port: 80 + weight: 3 + - name: nginx-deploy-niebieski + port: 80 + weight: 1 + + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: nginx + namespace: default +spec: + entryPoints: + - web + routes: + - match: Host(`nginx.adminakademia.pl`) + kind: Rule + services: + - name: nginx-wrr + kind: TraefikService +