64 lines
1.3 KiB
YAML
64 lines
1.3 KiB
YAML
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
namespace: kubernetes-dashboard
|
|
name: allow-local-only
|
|
spec:
|
|
ipAllowList:
|
|
sourceRange:
|
|
- 127.0.0.1/32
|
|
- 192.168.0.0/16
|
|
- 10.0.0.0/8
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: redirect-https
|
|
namespace: kubernetes-dashboard
|
|
spec:
|
|
redirectScheme:
|
|
scheme: https
|
|
permanent: true
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: ServersTransport
|
|
metadata:
|
|
name: insecure-transport
|
|
namespace: kubernetes-dashboard
|
|
spec:
|
|
insecureSkipVerify: true
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: dashboard-certificate
|
|
namespace: kubernetes-dashboard
|
|
spec:
|
|
secretName: k8s-skrd-fun-tls
|
|
dnsNames:
|
|
- "k8s.skrd.fun"
|
|
issuerRef:
|
|
name: letsencrypt-prod
|
|
kind: ClusterIssuer
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: dashboard-ingress
|
|
namespace: kubernetes-dashboard
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: "Host(`k8s.skrd.fun`)"
|
|
kind: Rule
|
|
middlewares:
|
|
- name: allow-local-only
|
|
- name: redirect-https
|
|
services:
|
|
- name: kubernetes-dashboard-kong-proxy
|
|
port: 443
|
|
serversTransport: insecure-transport
|
|
tls:
|
|
secretName: k8s-skrd-fun-tls
|