Nik Afiq
f33fdc4044
- Created ansible.cfg for configuration settings - Added inventory.yml for host definitions - Implemented bootstrap playbook for Minisforum setup - Developed setup playbook for K3s installation - Defined common role with user and package management tasks - Established K3s server role with configuration and installation tasks - Included Traefik Helm values for ingress management
89 lines
2.2 KiB
YAML
89 lines
2.2 KiB
YAML
# Traefik Helm values — Phase 1
|
|
# Chart: traefik/traefik
|
|
# Deploy:
|
|
# helm repo add traefik https://helm.traefik.io/traefik
|
|
# helm repo update
|
|
# helm upgrade --install traefik traefik/traefik \
|
|
# --namespace traefik --create-namespace \
|
|
# -f values/traefik.yml
|
|
|
|
globalArguments:
|
|
- "--global.checknewversion=false"
|
|
- "--global.sendanonymoususage=false"
|
|
|
|
additionalArguments:
|
|
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
|
|
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
|
|
- "--certificatesresolvers.letsencrypt.acme.email=nik@nik4nao.xyz"
|
|
- "--certificatesresolvers.letsencrypt.acme.storage=/data/traefik/acme.json"
|
|
|
|
entryPoints:
|
|
web:
|
|
address: ":80"
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: websecure
|
|
scheme: https
|
|
websecure:
|
|
address: ":443"
|
|
|
|
ingressClass:
|
|
enabled: true
|
|
isDefaultIngressClass: true
|
|
|
|
service:
|
|
type: LoadBalancer
|
|
# K3s includes ServiceLB (klipper) — it will bind this to the node's IP automatically
|
|
|
|
persistence:
|
|
enabled: false
|
|
existingClaim: ""
|
|
storageClass: ""
|
|
path: /data/traefik
|
|
size: 128Mi
|
|
accessMode: ReadWriteOnce
|
|
|
|
volumes:
|
|
- name: traefik-data
|
|
hostPath:
|
|
path: /data/traefik
|
|
type: DirectoryOrCreate
|
|
|
|
volumeMounts:
|
|
- name: traefik-data
|
|
mountPath: /data/traefik
|
|
|
|
deployment:
|
|
replicas: 1
|
|
# Pin to Minisforum (primary node)
|
|
# Remove this section in Phase 2 once you have a multi-node cluster
|
|
# and only want Traefik on the server node
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: node-role
|
|
operator: In
|
|
values:
|
|
- primary
|
|
|
|
dashboard:
|
|
enabled: true
|
|
# Accessible internally at http://traefik.192.168.7.7.nip.io or via IngressRoute
|
|
# Do NOT expose the dashboard externally
|
|
ingressRoute:
|
|
dashboard:
|
|
enabled: true
|
|
matchRule: Host(`traefik.home.arpa`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
|
|
entryPoints:
|
|
- websecure
|
|
# Add BasicAuth middleware here if you want dashboard password protection
|
|
|
|
logs:
|
|
general:
|
|
level: INFO
|
|
access:
|
|
enabled: true
|