saiyam1814/gist:25b77af095042160353aeeccfbd85830

## gistfile1.txt
Ingress - https://kubernetes.io/docs/concepts/services-networking/ingress/
Ingress controller - https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/
DEMO 1
=======================
Centos 7 system
yum install docker -y
systemctl start docker
systemctl enable docker
#install docker-compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

# create a file docker-compose.yml
version: '3'

services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:v2.2
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
      # The HTTP port
      - "80:80"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock

docker-compose up -d
IP:8080/api/rawdata

{"routers":{"api@internal":{"entryPoints":["traefik"],"service":"api@internal","rule":"PathPrefix(`/api`)","priority":2147483646,"status":"enabled","using":["traefik"]},"dashboard@internal":{"entryPoints":["traefik"],"middlewares":["dashboard_redirect@internal","dashboard_stripprefix@internal"],"service":"dashboard@internal","rule":"PathPrefix(`/`)","priority":2147483645,"status":"enabled","using":["traefik"]},"portainer@docker":{"entryPoints":["http"],"service":"portainer","rule":"Host(`portainer`)","status":"enabled","using":["http"]},"reverse-proxy-root@docker":{"entryPoints":["http"],"service":"reverse-proxy-root","rule":"Host(`reverse-proxy-root`)","status":"enabled","using":["http"]}},"middlewares":{"dashboard_redirect@internal":{"redirectRegex":{"regex":"^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$","replacement":"${1}/dashboard/","permanent":true},"status":"enabled","usedBy":["dashboard@internal"]},"dashboard_stripprefix@internal":{"stripPrefix":{"prefixes":["/dashboard/","/dashboard"]},"status":"enabled","usedBy":["dashboard@internal"]}},"services":{"api@internal":{"status":"enabled","usedBy":["api@internal"]},"dashboard@internal":{"status":"enabled","usedBy":["dashboard@internal"]},"noop@internal":{"status":"enabled"},"portainer@docker":{"loadBalancer":{"servers":[{"url":"http://172.17.0.2:8000"}],"passHostHeader":true},"status":"enabled","usedBy":["portainer@docker"],"serverStatus":{"http://172.17.0.2:8000":"UP"}},"reverse-proxy-root@docker":{"loadBalancer":{"servers":[{"url":"http://172.19.0.2:80"}],"passHostHeader":true},"status":"enabled","usedBy":["reverse-proxy-root@docker"],"serverStatus":{"http://172.19.0.2:80":"UP"}}}}

# ...
  whoami:
    # A container that exposes an API to show its IP address
    image: containous/whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"

# docker-compose up -d whoami
curl -H Host:whoami.docker.localhost http://127.0.0.1
docker-compose up -d --scale whoami=2
curl -H Host:whoami.docker.localhost http://127.0.0.1
=======================================================

DEMO 2
Kubernetes ingress

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutes.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRoute
    plural: ingressroutes
    singular: ingressroute
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: middlewares.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: Middleware
    plural: middlewares
    singular: middleware
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressroutetcps.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRouteTCP
    plural: ingressroutetcps
    singular: ingressroutetcp
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: ingressrouteudps.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: IngressRouteUDP
    plural: ingressrouteudps
    singular: ingressrouteudp
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: tlsoptions.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TLSOption
    plural: tlsoptions
    singular: tlsoption
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: tlsstores.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TLSStore
    plural: tlsstores
    singular: tlsstore
  scope: Namespaced

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: traefikservices.traefik.containo.us

spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: TraefikService
    plural: traefikservices
    singular: traefikservice
  scope: Namespaced

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller

rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - traefik.containo.us
    resources:
      - middlewares
      - ingressroutes
      - traefikservices
      - ingressroutetcps
      - ingressrouteudps
      - tlsoptions
      - tlsstores
    verbs:
      - get
      - list
      - watch

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller

roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
  - kind: ServiceAccount
    name: traefik-ingress-controller
    namespace: default

=====================
apiVersion: v1
kind: Secret
metadata:
  name: traefik-manual-token
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: traefik-ingress-controller
type: kubernetes.io/service-account-token
=====================
apiVersion: v1
kind: Service
metadata:
  name: traefik

spec:
  ports:
    - protocol: TCP
      name: web
      port: 8000
    - protocol: TCP
      name: admin
      port: 8080
    - protocol: TCP
      name: websecure
      port: 4443
  selector:
    app: traefik
  type: NodePort

---
apiVersion: v1
kind: Service
metadata:
  name: whoami

spec:
  ports:
    - protocol: TCP
      name: web
      port: 80
  selector:
    app: whoami
=================================
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: default
  name: traefik-ingress-controller

---
kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: default
  name: traefik
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      containers:
        - name: traefik
          image: traefik:v2.2
          args:
            - --api.insecure
            - --accesslog
            - --entrypoints.web.Address=:8000
            - --entrypoints.websecure.Address=:4443
            - --providers.kubernetescrd
            - --providers.kubernetesingress=true
            - --certificatesresolvers.myresolver.acme.tlschallenge
            - --certificatesresolvers.myresolver.acme.email=foo@you.com
            - --certificatesresolvers.myresolver.acme.storage=acme.json
            # Please note that this is the staging Let's Encrypt server.
            # Once you get things working, you should remove that whole line altogether.
            - --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
          ports:
            - name: web
              containerPort: 8000
            - name: websecure
              containerPort: 4443
            - name: admin
              containerPort: 8080

---
kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: default
  name: whoami
  labels:
    app: whoami

spec:
  replicas: 2
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - name: whoami
          image: containous/whoami
          ports:
            - name: web
              containerPort: 80
====================================

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: simpleingressroute
  namespace: default
spec:
  entryPoints:
    - web
  routes:
  - match: PathPrefix(`/notls`)
    kind: Rule
    services:
    - name: whoami
      port: 80

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroutetls
  namespace: default
spec:
  entryPoints:
    - websecure
  routes:
  - match: PathPrefix(`/tls`)
    kind: Rule
    services:
    - name: whoami
      port: 80
  tls:
    certResolver: myresolver
	Ingress - https://kubernetes.io/docs/concepts/services-networking/ingress/
	Ingress controller - https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/
	DEMO 1
	=======================
	Centos 7 system
	yum install docker -y
	systemctl start docker
	systemctl enable docker
	#install docker-compose
	sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
	sudo chmod +x /usr/local/bin/docker-compose

	# create a file docker-compose.yml
	version: '3'

	services:
	reverse-proxy:
	# The official v2 Traefik docker image
	image: traefik:v2.2
	# Enables the web UI and tells Traefik to listen to docker
	command: --api.insecure=true --providers.docker
	ports:
	# The HTTP port
	- "80:80"
	# The Web UI (enabled by --api.insecure=true)
	- "8080:8080"
	volumes:
	# So that Traefik can listen to the Docker events
	- /var/run/docker.sock:/var/run/docker.sock

	docker-compose up -d
	IP:8080/api/rawdata

	{"routers":{"api@internal":{"entryPoints":["traefik"],"service":"api@internal","rule":"PathPrefix(`/api`)","priority":2147483646,"status":"enabled","using":["traefik"]},"dashboard@internal":{"entryPoints":["traefik"],"middlewares":["dashboard_redirect@internal","dashboard_stripprefix@internal"],"service":"dashboard@internal","rule":"PathPrefix(`/`)","priority":2147483645,"status":"enabled","using":["traefik"]},"portainer@docker":{"entryPoints":["http"],"service":"portainer","rule":"Host(`portainer`)","status":"enabled","using":["http"]},"reverse-proxy-root@docker":{"entryPoints":["http"],"service":"reverse-proxy-root","rule":"Host(`reverse-proxy-root`)","status":"enabled","using":["http"]}},"middlewares":{"dashboard_redirect@internal":{"redirectRegex":{"regex":"^(http:\\/\\/(\\[[\\w:.]+\\]\|[\\w\\._-]+)(:\\d+)?)\\/$","replacement":"${1}/dashboard/","permanent":true},"status":"enabled","usedBy":["dashboard@internal"]},"dashboard_stripprefix@internal":{"stripPrefix":{"prefixes":["/dashboard/","/dashboard"]},"status":"enabled","usedBy":["dashboard@internal"]}},"services":{"api@internal":{"status":"enabled","usedBy":["api@internal"]},"dashboard@internal":{"status":"enabled","usedBy":["dashboard@internal"]},"noop@internal":{"status":"enabled"},"portainer@docker":{"loadBalancer":{"servers":[{"url":"http://172.17.0.2:8000"}],"passHostHeader":true},"status":"enabled","usedBy":["portainer@docker"],"serverStatus":{"http://172.17.0.2:8000":"UP"}},"reverse-proxy-root@docker":{"loadBalancer":{"servers":[{"url":"http://172.19.0.2:80"}],"passHostHeader":true},"status":"enabled","usedBy":["reverse-proxy-root@docker"],"serverStatus":{"http://172.19.0.2:80":"UP"}}}}

	# ...
	whoami:
	# A container that exposes an API to show its IP address
	image: containous/whoami
	labels:
	- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"

	# docker-compose up -d whoami
	curl -H Host:whoami.docker.localhost http://127.0.0.1
	docker-compose up -d --scale whoami=2
	curl -H Host:whoami.docker.localhost http://127.0.0.1
	=======================================================

	DEMO 2
	Kubernetes ingress

	apiVersion: apiextensions.k8s.io/v1beta1
	kind: CustomResourceDefinition
	metadata:
	name: ingressroutes.traefik.containo.us

	spec:
	group: traefik.containo.us
	version: v1alpha1
	names:
	kind: IngressRoute
	plural: ingressroutes
	singular: ingressroute
	scope: Namespaced

	---
	apiVersion: apiextensions.k8s.io/v1beta1
	kind: CustomResourceDefinition
	metadata:
	name: middlewares.traefik.containo.us

	spec:
	group: traefik.containo.us
	version: v1alpha1
	names:
	kind: Middleware
	plural: middlewares
	singular: middleware
	scope: Namespaced

	---
	apiVersion: apiextensions.k8s.io/v1beta1
	kind: CustomResourceDefinition
	metadata:
	name: ingressroutetcps.traefik.containo.us

	spec:
	group: traefik.containo.us
	version: v1alpha1
	names:
	kind: IngressRouteTCP
	plural: ingressroutetcps
	singular: ingressroutetcp
	scope: Namespaced

	---
	apiVersion: apiextensions.k8s.io/v1beta1
	kind: CustomResourceDefinition
	metadata:
	name: ingressrouteudps.traefik.containo.us

	spec:
	group: traefik.containo.us
	version: v1alpha1
	names:
	kind: IngressRouteUDP
	plural: ingressrouteudps
	singular: ingressrouteudp
	scope: Namespaced

	---
	apiVersion: apiextensions.k8s.io/v1beta1
	kind: CustomResourceDefinition
	metadata:
	name: tlsoptions.traefik.containo.us

	spec:
	group: traefik.containo.us
	version: v1alpha1
	names:
	kind: TLSOption
	plural: tlsoptions
	singular: tlsoption
	scope: Namespaced

	---
	apiVersion: apiextensions.k8s.io/v1beta1
	kind: CustomResourceDefinition
	metadata:
	name: tlsstores.traefik.containo.us

	spec:
	group: traefik.containo.us
	version: v1alpha1
	names:
	kind: TLSStore
	plural: tlsstores
	singular: tlsstore
	scope: Namespaced

	---
	apiVersion: apiextensions.k8s.io/v1beta1
	kind: CustomResourceDefinition
	metadata:
	name: traefikservices.traefik.containo.us

	spec:
	group: traefik.containo.us
	version: v1alpha1
	names:
	kind: TraefikService
	plural: traefikservices
	singular: traefikservice
	scope: Namespaced

	---
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: traefik-ingress-controller

	rules:
	- apiGroups:
	- ""
	resources:
	- services
	- endpoints
	- secrets
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- extensions
	resources:
	- ingresses
	verbs:
	- get
	- list
	- watch
	- apiGroups:
	- extensions
	resources:
	- ingresses/status
	verbs:
	- update
	- apiGroups:
	- traefik.containo.us
	resources:
	- middlewares
	- ingressroutes
	- traefikservices
	- ingressroutetcps
	- ingressrouteudps
	- tlsoptions
	- tlsstores
	verbs:
	- get
	- list
	- watch

	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1beta1
	metadata:
	name: traefik-ingress-controller

	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: traefik-ingress-controller
	subjects:
	- kind: ServiceAccount
	name: traefik-ingress-controller
	namespace: default

	=====================
	apiVersion: v1
	kind: Secret
	metadata:
	name: traefik-manual-token
	namespace: kube-system
	annotations:
	kubernetes.io/service-account.name: traefik-ingress-controller
	type: kubernetes.io/service-account-token
	=====================
	apiVersion: v1
	kind: Service
	metadata:
	name: traefik

	spec:
	ports:
	- protocol: TCP
	name: web
	port: 8000
	- protocol: TCP
	name: admin
	port: 8080
	- protocol: TCP
	name: websecure
	port: 4443
	selector:
	app: traefik
	type: NodePort

	---
	apiVersion: v1
	kind: Service
	metadata:
	name: whoami

	spec:
	ports:
	- protocol: TCP
	name: web
	port: 80
	selector:
	app: whoami
	=================================
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	namespace: default
	name: traefik-ingress-controller

	---
	kind: Deployment
	apiVersion: apps/v1
	metadata:
	namespace: default
	name: traefik
	labels:
	app: traefik

	spec:
	replicas: 1
	selector:
	matchLabels:
	app: traefik
	template:
	metadata:
	labels:
	app: traefik
	spec:
	serviceAccountName: traefik-ingress-controller
	containers:
	- name: traefik
	image: traefik:v2.2
	args:
	- --api.insecure
	- --accesslog
	- --entrypoints.web.Address=:8000
	- --entrypoints.websecure.Address=:4443
	- --providers.kubernetescrd
	- --providers.kubernetesingress=true
	- --certificatesresolvers.myresolver.acme.tlschallenge
	- --certificatesresolvers.myresolver.acme.email=foo@you.com
	- --certificatesresolvers.myresolver.acme.storage=acme.json
	# Please note that this is the staging Let's Encrypt server.
	# Once you get things working, you should remove that whole line altogether.
	- --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
	ports:
	- name: web
	containerPort: 8000
	- name: websecure
	containerPort: 4443
	- name: admin
	containerPort: 8080

	---
	kind: Deployment
	apiVersion: apps/v1
	metadata:
	namespace: default
	name: whoami
	labels:
	app: whoami

	spec:
	replicas: 2
	selector:
	matchLabels:
	app: whoami
	template:
	metadata:
	labels:
	app: whoami
	spec:
	containers:
	- name: whoami
	image: containous/whoami
	ports:
	- name: web
	containerPort: 80
	====================================

	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: simpleingressroute
	namespace: default
	spec:
	entryPoints:
	- web
	routes:
	- match: PathPrefix(`/notls`)
	kind: Rule
	services:
	- name: whoami
	port: 80

	---
	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: ingressroutetls
	namespace: default
	spec:
	entryPoints:
	- websecure
	routes:
	- match: PathPrefix(`/tls`)
	kind: Rule
	services:
	- name: whoami
	port: 80
	tls:
	certResolver: myresolver
No results found