基本框架

2026-03-21 04:36:06 +08:00
commit de1be1dbe5
125 changed files with 10302 additions and 0 deletions
--- a/ansible/files/traefik-dashboard-acme/traefik-dashboard-acme.yaml
+++ b/ansible/files/traefik-dashboard-acme/traefik-dashboard-acme.yaml
@@ -0,0 +1,49 @@
+# 03-03 Traefik Dashboard + ACME 合并配置（HelmChartConfig）
+# 含：Dashboard、ACME（Cloudflare DNS-01）、ping、PROXY protocol（与 03-02 一致）
+# 使用前：替换 <YOUR_REAL_EMAIL>，创建 cloudflare-api-token Secret，按实际修改 nodeSelector/trustedIPs
+# 部署：kubectl apply -f traefik-dashboard-acme.yaml
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: traefik
+  namespace: kube-system
+spec:
+  valuesContent: |-
+    ports:
+      web:
+        expose: true
+      websecure:
+        expose: true
+
+    additionalArguments:
+      - "--api.dashboard=true"
+      - "--api.insecure=true"
+
+      - "--log.level=INFO"
+      - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
+      - "--certificatesresolvers.cloudflare.acme.email=<YOUR_REAL_EMAIL>"
+      - "--certificatesresolvers.cloudflare.acme.storage=/data/acme.json"
+      # - "--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"  # 测试用，上线前删除
+      - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
+      - "--certificatesresolvers.cloudflare.acme.dnschallenge.propagation.delayBeforeChecks=600"
+
+      - "--ping=true"
+      - "--ping.entryPoint=websecure"
+
+      - "--entrypoints.web.proxyProtocol.trustedIPs=192.168.2.0/24"
+      - "--entrypoints.websecure.proxyProtocol.trustedIPs=192.168.2.0/24"
+
+    env:
+      - name: CF_DNS_API_TOKEN
+        valueFrom:
+          secretKeyRef:
+            name: cloudflare-api-token
+            key: api-token
+
+    nodeSelector:
+      kubernetes.io/hostname: ylc61
+
+    ingressRoute:
+      dashboard:
+        enabled: true