· 6 years ago · Apr 14, 2020, 08:50 AM
1apiVersion: apps/v1
2kind: DaemonSet
3metadata:
4 name: ingress-controller-traefik
5 labels:
6 helm.sh/chart: traefik-0.1.0
7 app.kubernetes.io/name: traefik
8 app.kubernetes.io/instance: ingress-controller
9 app.kubernetes.io/version: "2.1.2"
10 app.kubernetes.io/managed-by: Helm
11spec:
12 selector:
13 matchLabels:
14 app.kubernetes.io/name: traefik
15 app.kubernetes.io/instance: ingress-controller
16 updateStrategy:
17 type: RollingUpdate
18 template:
19 metadata:
20 labels:
21 app.kubernetes.io/name: traefik
22 app.kubernetes.io/instance: ingress-controller
23 spec:
24 serviceAccountName: ingress-controller-traefik
25 securityContext:
26 {}
27 terminationGracePeriodSeconds: 60
28 containers:
29 - name: traefik
30 securityContext:
31 {}
32 image: "traefik:2.1.2"
33 imagePullPolicy: IfNotPresent
34 ports:
35 - name: traefik
36 containerPort: 9000
37 protocol: TCP
38 - name: web
39 containerPort: 8000
40 protocol: TCP
41 - name: websecure
42 containerPort: 8443
43 protocol: TCP
44 livenessProbe:
45 httpGet:
46 path: /ping
47 port: 9000
48 failureThreshold: 3
49 initialDelaySeconds: 10
50 periodSeconds: 10
51 successThreshold: 1
52 timeoutSeconds: 5
53 resources:
54 limits:
55 cpu: "2"
56 memory: 4Gi
57 requests:
58 cpu: "1"
59 memory: 4Gi
60 env:
61 - name: CF_API_EMAIL
62 valueFrom:
63 secretKeyRef:
64 name: ingress-controller-traefik
65 key: CF_API_EMAIL
66 - name: CF_API_KEY
67 valueFrom:
68 secretKeyRef:
69 name: ingress-controller-traefik
70 key: CF_API_KEY
71 args:
72 - "--entryPoints.traefik.address=:9000"
73 - "--entryPoints.web.address=:8000"
74 - "--entryPoints.websecure.address=:8443"
75 - "--entryPoints.websecure.http.tls.domains[0].main=*.prod.apteka.tech"
76 - "--entryPoints.websecure.http.tls.domains[0].sans[0]=prod.apteka.tech"
77 - "--entrypoints.websecure.http.tls.certresolver=cf"
78 - "--api"
79 - "--providers.file.directory=/conf"
80 - "--ping=true"
81 - "--providers.kubernetescrd"
82 - "--certificatesResolvers.cf.acme.email=zibarev@katren.ru"
83 - "--certificatesResolvers.cf.acme.storage=acme.json"
84 - "--certificatesResolvers.cf.acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
85 - "--certificatesResolvers.cf.acme.dnsChallenge.provider=cloudflare"
86 - "--certificatesResolvers.cf.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
87 # - "--certificatesresolvers.cf.acme.dnschallenge.delaybeforecheck=10"
88 - "--metrics.prometheus=true"
89 - "--serverstransport.insecureskipverify=true"
90 - "--log.level=INFO"
91 volumeMounts:
92 - name: aru-tls-cert
93 readOnly: true
94 mountPath: /tls
95 - name: dashboard-conf
96 mountPath: /conf/dashboard-conf.yaml
97 subPath: dashboard-conf.yaml
98 volumes:
99 - name: aru-tls-cert
100 secret:
101 defaultMode: 0600
102 secretName: aru-tls-cert
103 - name: dashboard-conf
104 configMap:
105 name: ingress-controller-traefik
106 affinity:
107 nodeAffinity:
108 requiredDuringSchedulingIgnoredDuringExecution:
109 nodeSelectorTerms:
110 - matchExpressions:
111 - key: yandex.cloud/node-group-id
112 operator: In
113 values:
114 - cat9rrmmit3d6ql842pj
115 - matchExpressions:
116 - key: yandex.cloud/node-group-id
117 operator: In
118 values:
119 - cat2j4fli0h5o85n5o1u
120 - matchExpressions:
121 - key: yandex.cloud/node-group-id
122 operator: In
123 values:
124 - catdteuvdg27id9s9h7k