.

Traefik-labs/tls/basicauthssl.yaml

@@ -0,0 +1,62 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: nginx-basicauth
+spec:
+  basicAuth:
+    secret: authsecret
+
+
+---
+# Przyklad:
+#   htpasswd -nb user password | base64
+#   dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo=
+
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authsecret
+
+data:
+  users: |
+    dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo=
+
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx-http
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.adminakademia.pl`)
+      kind: Rule
+      middlewares:
+        - name: nginx-basicauth
+      services:
+        - name: nginx-deploy-czerwony
+          port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx-https
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`nginx.adminakademia.pl`)
+      kind: Rule
+      middlewares:
+        - name: nginx-basicauth
+      services:
+        - name: nginx-deploy-czerwony
+          port: 80
+  tls:
+      secretName: nginx.adminakademia.pl

Traefik-labs/tls/basicauthsslredirect.yaml

@@ -0,0 +1,75 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: nginx-redirect-scheme
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+    port: "443"
+
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: nginx-basicauth
+spec:
+  basicAuth:
+    secret: authsecret
+
+
+---
+# Przyklad:
+#   htpasswd -nb user password | base64
+#   dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo=
+
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authsecret
+
+data:
+  users: |
+    dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo=
+
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx-http
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`testcert.adminakademia.pl`)
+      kind: Rule
+      middlewares:
+        - name: nginx-redirect-scheme
+      services:
+        - name: nginx-deploy-czerwony
+          port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx-https
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`testcert.adminakademia.pl`)
+      kind: Rule
+      middlewares:
+        - name: nginx-basicauth
+      services:
+        - name: nginx-deploy-czerwony
+          port: 80
+  tls:
+      secretName: testcert.adminakademia.pl

Traefik-labs/tls/dashboard/dashboard.yml

@@ -0,0 +1,88 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: traefik.adminakademia.pl
+  namespace: traefik
+spec:
+  dnsNames:
+    - traefik.adminakademia.pl
+  secretName: traefik.adminakademia.pl
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: traefik-redirect-scheme
+  namespace: traefik
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+    port: "443"
+
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: dashboard-basicauth
+  namespace: traefik
+spec:
+  basicAuth:
+    secret: dashboardsecret
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dashboardsecret
+  namespace: traefik
+data:
+  users: |
+    dXNlcjokYXByMSRMSHp4QW9oNyQ3SHhWYU84RGY2aUlCcE5XOG40TEYwCgo=
+
+
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: dashboard-http
+  namespace: traefik
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`traefik.adminakademia.pl`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
+      kind: Rule
+      middlewares:
+        - name: traefik-redirect-scheme
+      services:
+        - name: api@internal
+          kind: TraefikService
+
+
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: dashboard-https
+  namespace: traefik
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`traefik.adminakademia.pl`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
+      kind: Rule
+      middlewares:
+        - name: dashboard-basicauth
+      services:
+        - name: api@internal
+          kind: TraefikService
+  tls:
+      secretName: traefik.adminakademia.pl

Traefik-labs/tls/lets-issuer.yaml

@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-production
+  namespace: default
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: kontakt@adminakademia.pl
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-production
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: traefik

Traefik-labs/tls/letscert.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: testcert.adminakademia.pl
+  namespace: default
+spec:
+  dnsNames:
+    - testcert.adminakademia.pl
+  secretName: testcert.adminakademia.pl
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer

Traefik-labs/tls/self-issuer.yaml

@@ -0,0 +1,6 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned
+spec:
+  selfSigned: {}

Traefik-labs/tls/selfsignedcert.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nginx.adminakademia.pl
+  namespace: default
+spec:
+  dnsNames:
+    - nginx.adminakademia.pl
+  secretName: nginx.adminakademia.pl
+  issuerRef:
+    name: selfsigned
+    kind: ClusterIssuer