feat(kubernetes): add initial setup for ArgoCD, Cert-Manager, MetalLB, and Traefik

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-07-13 14:25:53 +02:00
parent 4aa939426b
commit 76000f8123
30 changed files with 416 additions and 69 deletions
--- a/roles/kubernetes_traefik/defaults/main.yml
+++ b/roles/kubernetes_traefik/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+traefik_dashboard_hostname: "traefik.example.com"
+traefik_cert_resolver: "cert_resolver-prod"
--- a/roles/kubernetes_traefik/tasks/main.yml
+++ b/roles/kubernetes_traefik/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+# roles/traefik/tasks/main.yml
+
+- name: "Traefik | Enable dashboard"
+  kubernetes.core.k8s:
+    template: "helmchartconfig.yaml.j2"
+    state: present
+
+- name: "Traefik | Create dashboard ingress"
+  kubernetes.core.k8s:
+    template: "ingress.yaml.j2"
+    state: present
--- a/roles/kubernetes_traefik/templates/helmchartconfig.yaml.j2
+++ b/roles/kubernetes_traefik/templates/helmchartconfig.yaml.j2
@@ -0,0 +1,15 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: traefik
+  namespace: kube-system
+spec:
+  valuesContent: |-
+    dashboard:
+      enabled: true
+      ingressRoute: false
+    ports:
+      websecure:
+        tls:
+          enabled: true
--- a/roles/kubernetes_traefik/templates/ingress.yaml.j2
+++ b/roles/kubernetes_traefik/templates/ingress.yaml.j2
@@ -0,0 +1,25 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: traefik-dashboard
+  namespace: kube-system
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: "{{ traefik_cert_resolver }}"
+spec:
+  rules:
+  - host: "{{ traefik_dashboard_hostname }}"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: traefik
+            port:
+              name: traefik
+  tls:
+  - hosts:
+    - "{{ traefik_dashboard_hostname }}"
+    secretName: traefik-dashboard-tls