mirror of https://github.com/easzlab/kubeasz.git
96 lines
2.0 KiB
YAML
96 lines
2.0 KiB
YAML
---
|
||
kind: ClusterRole
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
metadata:
|
||
name: traefik-ingress-controller
|
||
rules:
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- pods
|
||
- services
|
||
- endpoints
|
||
- secrets
|
||
verbs:
|
||
- get
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- extensions
|
||
resources:
|
||
- ingresses
|
||
verbs:
|
||
- get
|
||
- list
|
||
- watch
|
||
---
|
||
kind: ClusterRoleBinding
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
metadata:
|
||
name: traefik-ingress-controller
|
||
roleRef:
|
||
apiGroup: rbac.authorization.k8s.io
|
||
kind: ClusterRole
|
||
name: traefik-ingress-controller
|
||
subjects:
|
||
- kind: ServiceAccount
|
||
name: traefik-ingress-controller
|
||
namespace: kube-system
|
||
---
|
||
apiVersion: v1
|
||
kind: ServiceAccount
|
||
metadata:
|
||
name: traefik-ingress-controller
|
||
namespace: kube-system
|
||
---
|
||
kind: Deployment
|
||
apiVersion: apps/v1beta1
|
||
metadata:
|
||
name: traefik-ingress-controller
|
||
namespace: kube-system
|
||
labels:
|
||
k8s-app: traefik-ingress-lb
|
||
spec:
|
||
replicas: 1
|
||
selector:
|
||
matchLabels:
|
||
k8s-app: traefik-ingress-lb
|
||
template:
|
||
metadata:
|
||
labels:
|
||
k8s-app: traefik-ingress-lb
|
||
name: traefik-ingress-lb
|
||
spec:
|
||
serviceAccountName: traefik-ingress-controller
|
||
terminationGracePeriodSeconds: 60
|
||
containers:
|
||
- image: traefik:v1.7.12
|
||
imagePullPolicy: IfNotPresent
|
||
name: traefik-ingress-lb
|
||
args:
|
||
- --api
|
||
- --kubernetes
|
||
- --logLevel=INFO
|
||
---
|
||
kind: Service
|
||
apiVersion: v1
|
||
metadata:
|
||
name: traefik-ingress-service
|
||
namespace: kube-system
|
||
spec:
|
||
selector:
|
||
k8s-app: traefik-ingress-lb
|
||
ports:
|
||
- protocol: TCP
|
||
# 该端口为 traefik ingress-controller的服务端口
|
||
port: 80
|
||
# 集群hosts文件中设置的 NODE_PORT_RANGE 作为 NodePort的可用范围
|
||
# 从默认20000~40000之间选一个可用端口,让ingress-controller暴露给外部的访问
|
||
nodePort: 23456
|
||
name: web
|
||
- protocol: TCP
|
||
# 该端口为 traefik 的管理WEB界面
|
||
port: 8080
|
||
name: admin
|
||
type: NodePort
|