changed traefik edge to k3s traefik

2026-01-18 01:47:46 +01:00
parent 9529662386
commit 826207877b
9 changed files with 210 additions and 2 deletions
--- a/infrastructure/traefik-app.yaml
+++ b/infrastructure/traefik-app.yaml
@@ -43,6 +43,71 @@ spec:
            allowCrossNamespace: true
            publishedService:
              enabled: true
+          # File Provider für Edge-Config (dynamic configs)
+          file:
+            directory: /etc/traefik/dynamic
+            watch: true
+        # ACME/Certificates für TLS Termination (Edge-Funktionalität)
+        certificatesResolvers:
+          le:
+            acme:
+              email: acme@infrastructure.stabify.de
+              storage: /certs/acme.json
+              dnsChallenge:
+                provider: cloudflare
+                delayBeforeCheck: 10
+        # Additional Arguments für File Provider (Edge-Config)
+        additionalArguments:
+          - "--providers.file.directory=/etc/traefik/dynamic"
+          - "--providers.file.watch=true"
+        # ACME/Certificates für TLS Termination (Edge-Funktionalität)
+        certificatesResolvers:
+          le:
+            acme:
+              email: acme@infrastructure.stabify.de
+              storage: /certs/acme.json
+              dnsChallenge:
+                provider: cloudflare
+                delayBeforeCheck: 10
+        # Extra Volumes (ConfigMaps + PVC für ACME)
+        extraVolumes:
+          - name: traefik-edge-dynamic-k3s
+            type: configMap
+            configMap:
+              name: traefik-edge-dynamic-k3s
+          - name: traefik-edge-dynamic-legacy
+            type: configMap
+            configMap:
+              name: traefik-edge-dynamic-legacy
+          - name: traefik-edge-acme
+            type: persistentVolumeClaim
+            persistentVolumeClaim:
+              claimName: traefik-edge-acme
+        # Extra Volume Mounts
+        extraVolumeMounts:
+          - name: traefik-edge-dynamic-k3s
+            mountPath: /etc/traefik/dynamic/10-k3s.yaml
+            subPath: 10-k3s.yaml
+            readOnly: true
+          - name: traefik-edge-dynamic-legacy
+            mountPath: /etc/traefik/dynamic/20-legacy-vm.yaml
+            subPath: 20-legacy-vm.yaml
+            readOnly: true
+          - name: traefik-edge-acme
+            mountPath: /certs
+            readOnly: false
+        # Environment Variables für Cloudflare DNS Challenge
+        env:
+          - name: CF_DNS_API_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: traefik-edge-cloudflare
+                key: CF_DNS_API_TOKEN
+          - name: CF_API_EMAIL
+            valueFrom:
+              secretKeyRef:
+                name: traefik-edge-cloudflare
+                key: CF_API_EMAIL
  destination:
    server: https://kubernetes.default.svc
    namespace: traefik-system