jack/Deploy-Laboratory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
31709425e27e8a6f23315b084bc28d46ef6be126
Deploy-Laboratory/ansible/files/03-03/traefik-dashboard-acme.yaml
Jack 31709425e2 对齐文件规范
2026-03-27 16:58:41 +08:00

75 lines
2.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 03-03 Traefik Dashboard + ACME合并版 HelmChartConfig
# 说明:同一 chart 只能有一份 HelmChartConfigname: traefik所以 Dashboard 与 ACME 必须合并。
# 使用前:替换 <YOUR_REAL_EMAIL>;创建 cloudflare-api-token Secret按实际修改 nodeSelector/trustedIPs/hosts。
---
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
ports:
web:
expose: true
websecure:
expose: true
traefik:
expose: true
additionalArguments:
# Dashboard
- "--api.dashboard=true"
- "--api.insecure=true"
# ACMECloudflare DNS-01
- "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
- "--certificatesresolvers.cloudflare.acme.email=<YOUR_REAL_EMAIL>"
- "--certificatesresolvers.cloudflare.acme.storage=/data/acme.json"
# - "--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.cloudflare.acme.dnschallenge.propagation.delayBeforeChecks=600"
# 健康检查:/ping 走 443给 HAProxy https httpchk 用)
- "--ping=true"
- "--ping.entryPoint=websecure"
# PROXY protocolHAProxy 前置时需要)
- "--entrypoints.web.proxyProtocol.trustedIPs=192.168.2.0/24"
- "--entrypoints.websecure.proxyProtocol.trustedIPs=192.168.2.0/24"
env:
- name: CF_DNS_API_TOKEN
valueFrom:
secretKeyRef:
name: cloudflare-api-token
key: api-token
nodeSelector:
kubernetes.io/hostname: ylc61
# persistence将 /data 持久化local-path PVC保证 acme.json 落盘
persistence:
enabled: true
name: data
accessMode: ReadWriteOnce
size: 128Mi
path: /data
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
namespace: kube-system
spec:
entryPoints:
- web
routes:
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
Reference in New Issue View Git Blame Copy Permalink