From 2ea1042d7e801c9ebd83e2e3ca276e534fa3e9f0 Mon Sep 17 00:00:00 2001
From: LordMathis <matus@namesny.com>
Date: Mon, 16 Sep 2024 21:34:41 +0200
Subject: [PATCH] Add traefik

---
 .../base/traefik/kustomization.yaml           |  7 ++
 infrastructure/base/traefik/release.yaml      | 17 +++++
 infrastructure/base/traefik/repository.yaml   |  8 ++
 .../prod/traefik/kustomization.yaml           |  8 ++
 infrastructure/prod/traefik/values.yaml       | 73 +++++++++++++++++++
 5 files changed, 113 insertions(+)
 create mode 100644 infrastructure/base/traefik/kustomization.yaml
 create mode 100644 infrastructure/base/traefik/release.yaml
 create mode 100644 infrastructure/base/traefik/repository.yaml
 create mode 100644 infrastructure/prod/traefik/kustomization.yaml
 create mode 100644 infrastructure/prod/traefik/values.yaml

diff --git a/infrastructure/base/traefik/kustomization.yaml b/infrastructure/base/traefik/kustomization.yaml
new file mode 100644
index 0000000..50ca97a
--- /dev/null
+++ b/infrastructure/base/traefik/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+
+resources:
+  - repository.yaml
+  - release.yaml
diff --git a/infrastructure/base/traefik/release.yaml b/infrastructure/base/traefik/release.yaml
new file mode 100644
index 0000000..5f97447
--- /dev/null
+++ b/infrastructure/base/traefik/release.yaml
@@ -0,0 +1,17 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: traefik
+  namespace: kube-system
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: traefik
+      version: 28.2.0
+      sourceRef:
+        kind: HelmRepository
+        name: traefik
+      interval: 10m
+  values:
+    replicaCount: 2
\ No newline at end of file
diff --git a/infrastructure/base/traefik/repository.yaml b/infrastructure/base/traefik/repository.yaml
new file mode 100644
index 0000000..0790e65
--- /dev/null
+++ b/infrastructure/base/traefik/repository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: traefik-helm-repo
+  namespace: kube-system
+spec:
+  interval: 10m
+  url: https://helm.traefik.io/traefik
\ No newline at end of file
diff --git a/infrastructure/prod/traefik/kustomization.yaml b/infrastructure/prod/traefik/kustomization.yaml
new file mode 100644
index 0000000..f17f2c1
--- /dev/null
+++ b/infrastructure/prod/traefik/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base/podinfo
+patches:
+  - path: podinfo-values.yaml
+    target:
+      kind: HelmRelease
\ No newline at end of file
diff --git a/infrastructure/prod/traefik/values.yaml b/infrastructure/prod/traefik/values.yaml
new file mode 100644
index 0000000..7694ffc
--- /dev/null
+++ b/infrastructure/prod/traefik/values.yaml
@@ -0,0 +1,73 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: traefik
+  namespace: kube-system
+spec:
+  values:        
+    deployment:
+      initContainers:
+      - name: volume-permissions
+        image: busybox:1.36@sha256:34b191d63fbc93e25e275bfccf1b5365664e5ac28f06d974e8d50090fbb49f41
+        command: ["sh", "-c", "touch /data/acme.json; chown 65532:65532 /data/acme.json; chmod -v 600 /data/acme.json; chown -R 65532:65532 /var/log/traefik"]
+        securityContext:
+          runAsNonRoot: false
+          runAsGroup: 0
+          runAsUser: 0
+        volumeMounts:
+          - name: data
+            mountPath: /data
+          - name: access-log
+            mountPath: /var/log/traefik
+      additionalVolumes:
+      - name: access-log
+        hostPath:
+          path:  /var/log/traefik/
+    certResolvers:
+      letsencrypt:
+        email: admin@example.com
+        dnsChallenge:
+          provider: cloudflare
+          delayBeforeCheck: 30
+          resolvers:
+          - 1.1.1.1
+          - 8.8.8.8
+        storage: /data/acme.json
+    envFrom:
+    - secretRef:
+        name: traefik-cf-secret
+    additionalVolumeMounts:
+    - name: access-log
+      mountPath: /var/log/traefik/
+    logs:
+      access:
+        enabled: true
+        filePath: /var/log/traefik/access.log
+    ingressRoute:
+      dashboard:
+        enabled: true
+        matchRule: Host(`traefik.namesny.com`)
+        entryPoints: ["websecure"]
+        middlewares:
+          - name: "auth-authelia@kubernetescrd"
+    providers:
+      kubernetesCRD:
+        allowCrossNamespace: true
+    persistence:
+      enabled: true
+      storageClass: retain-local-path
+    ports:
+      websecure:
+        tls:
+          enabled: true
+          certResolver: letsencrypt
+          domains:
+          - main: namesny.com
+            sans:
+            - "*.namesny.com"
+      web:
+        redirectTo:
+          port: websecure
+    service:
+      spec:
+        externalTrafficPolicy: Local