biondizzle/m3db-vke-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
m3db-vke-setup/09-m3coordinator-ingressroute.yaml
biondizzle a6c59d6a65 Replace LB with Traefik ingress for TLS + basic auth 
- Remove m3coordinator LoadBalancer service (was using deprecated AutoSSL)
- Add Traefik ingress controller with Let's Encrypt ACME
- Add basic auth middleware for external access
- Update test scripts with auth support and fixed protobuf encoding
- Add multi-tenancy documentation (label-based isolation)
- Update README with Traefik deployment instructions
2026-04-01 05:19:14 +00:00

60 lines
1.3 KiB
YAML
Raw Permalink Blame History

##############################################################################
# M3 Coordinator IngressRoute
# Traefik handles TLS termination + basic auth
# External: https://m3db.vultrlabs.dev → Traefik → m3coordinator:7201
##############################################################################
---
# HTTP redirect to HTTPS
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: m3coordinator-redirect
namespace: m3db
spec:
entryPoints:
- web
routes:
- match: Host(`m3db.vultrlabs.dev`)
kind: Rule
middlewares:
- name: redirect-https
namespace: m3db
services:
- name: m3coordinator
port: 7201
---
# HTTPS with basic auth
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: m3coordinator
namespace: m3db
spec:
entryPoints:
- websecure
routes:
- match: Host(`m3db.vultrlabs.dev`)
kind: Rule
middlewares:
- name: basic-auth
namespace: m3db
services:
- name: m3coordinator
port: 7201
tls:
certResolver: letsencrypt
---
# HTTPS redirect middleware
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-https
namespace: m3db
spec:
redirectScheme:
scheme: https
permanent: true
Reference in New Issue View Git Blame Copy Permalink