Init jafner.dev (not working)

jafner-dev/5etools/Deployment.yaml

@@ -6,7 +6,7 @@ spec:
   selector:
     matchLabels:
       app: 5etools
-  replicas: 2
+  replicas: 1
   template:
     metadata:
       labels:
@@ -15,5 +15,8 @@ spec:
       containers:
       - name: 5etools
         image: jafner/5etools-docker
+        env:
+        - name: SOURCE
+          value: "GITHUB-NOIMG"
         ports:
         - containerPort: 80

jafner-dev/5etools/Service.yaml

@@ -0,0 +1,12 @@
+apiVersion: "v1"
+kind: "Service"
+metadata:
+  name: "s5etools"
+  namespace: "default"
+spec:
+  ports:
+  - protocol: "TCP"
+    name: web
+    port: 80
+  selector:
+    app: "5etools"

jafner-dev/traefik/ClusterRole.yaml

@@ -0,0 +1,50 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: traefik-ingress-controller
+
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - traefik.containo.us
+    resources:
+      - middlewares
+      - middlewaretcps
+      - ingressroutes
+      - traefikservices
+      - ingressroutetcps
+      - ingressrouteudps
+      - tlsoptions
+      - tlsstores
+      - serverstransports
+    verbs:
+      - get
+      - list
+      - watch
+

jafner-dev/traefik/ClusterRoleBinding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: traefik-ingress-controller
+
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+  - kind: ServiceAccount
+    name: traefik-ingress-controller
+    namespace: default

jafner-dev/traefik/Deployment.yaml

@@ -0,0 +1,40 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  namespace: default
+  name: traefik
+  labels:
+    app: traefik
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: traefik
+  template:
+    metadata:
+      labels:
+        app: traefik
+    spec:
+      serviceAccountName: traefik-ingress-controller
+      containers:
+        - name: traefik
+          image: traefik:v2.9
+          args:
+            - --api.insecure
+            - --accesslog
+            - --entrypoints.web.Address=:80
+            - --entrypoints.websecure.Address=:443
+            - --providers.kubernetescrd
+            - --certificatesresolvers.myresolver.acme.tlschallenge
+            - --certificatesresolvers.myresolver.acme.email=jafner425@gmail.com
+            - --certificatesresolvers.myresolver.acme.storage=acme.json
+            # Please note that this is the staging Let's Encrypt server.
+            # Once you get things working, you should remove that whole line altogether.
+            - --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+          ports:
+            - name: web
+              containerPort: 8000
+            - name: websecure
+              containerPort: 4443
+            - name: admin
+              containerPort: 8080

jafner-dev/traefik/IngressRoute.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: 5e-jafner-dev
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`5e.jafner.dev`)
+    kind: Rule
+    services:
+    - name: s5etools
+      port: 80
+  tls:
+    certResolver: myresolver

jafner-dev/traefik/README.md

@@ -0,0 +1,21 @@
+These configurations must be applied in the following order:
+
+1. CustomResourceDefinition.yaml
+2. ClusterRole.yaml
+3. ClusterRoleBinding.yaml
+4. Service.yaml
+5. ServiceAccount.yaml
+6. Deployment.yaml
+7. IngressRoute.yaml
+8. TLSOption.yaml
+
+```
+kubectl apply -f CustomResourceDefinition.yaml && \
+kubectl apply -f ClusterRole.yaml && \
+kubectl apply -f ClusterRoleBinding.yaml && \
+kubectl apply -f ServiceAccount.yaml && \
+kubectl apply -f Service.yaml && \
+kubectl apply -f Deployment.yaml && \
+kubectl apply -f IngressRoute.yaml && \
+kubectl apply -f TLSOption.yaml
+```

jafner-dev/traefik/Service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik
+
+spec:
+  ports:
+    - protocol: TCP
+      name: web
+      port: 80
+      targetPort: 80
+    - protocol: TCP
+      name: admin
+      port: 8080
+      targetPort: 8080
+    - protocol: TCP
+      name: websecure
+      port: 443
+      targetPort: 443
+  selector:
+    app: traefik

jafner-dev/traefik/ServiceAccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: default
+  name: traefik-ingress-controller

jafner-dev/traefik/TLSOption.yaml

@@ -0,0 +1,16 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+  name: default
+  namespace: default
+spec:
+  minVersion: VersionTLS12
+  cipherSuites:
+    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   # TLS 1.2
+    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305    # TLS 1.2
+    - TLS_AES_256_GCM_SHA384                  # TLS 1.3
+    - TLS_CHACHA20_POLY1305_SHA256            # TLS 1.3
+  curvePreferences:
+    - CurveP521
+    - CurveP384
+  sniStrict: true