346 lines
6.9 KiB
YAML
346 lines
6.9 KiB
YAML
---
|
|
# Traefik IngressRoute 配置 - 所有服务的路由规则
|
|
# tags: traefik, ingressroute, https, ssl, routing, nginx-migration
|
|
# description: 使用 Traefik IngressRoute CRD 配置所有服务的域名路由和 HTTPS
|
|
# title: Traefik IngressRoute 完整配置
|
|
# createdAt: 2025-11-26
|
|
---
|
|
# Blinko - blinko.xiongxiao.me
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: blinko-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`blinko.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: blinko-external
|
|
port: 3111
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Chat - chat.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: chat-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`chat.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: chat-external
|
|
port: 3000
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Kevisual - kevisual.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: kevisual-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`kevisual.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: kevisual-external
|
|
port: 3005
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# WWW - www.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: www-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`www.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: www-external
|
|
port: 3005
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Immich - immich.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: immich-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`immich.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: immich-external
|
|
port: 2283
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Cloud - cloud.xiongxiao.me
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: cloud-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`cloud.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: cloud-external
|
|
port: 5212
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Docmost - docmost.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: docmost-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`docmost.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: docmost-external
|
|
port: 3011
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Drawio - drawio.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: drawio-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`drawio.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: drawio-external
|
|
port: 13000
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Minio - minio.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: minio-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`minio.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: minio-external
|
|
port: 9000
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Gist - gist.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: gist-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`gist.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: gist-external
|
|
port: 6157
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Webdav - webdav.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: webdav-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`webdav.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: webdav-external
|
|
port: 6060
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# ESM - esm.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: esm-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`esm.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: esm-external
|
|
port: 12000
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Umami - umami.xiongxiao.me (支持 WebSocket)
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: umami-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`umami.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: umami-external
|
|
port: 4004
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# PWD - pwd.xiongxiao.me
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: pwd-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`pwd.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: pwd-external
|
|
port: 8180
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Meilisearch - meilisearch.xiongxiao.me
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: meilisearch-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`meilisearch.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: meilisearch-external
|
|
port: 7700
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Memos - memos.xiongxiao.me
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: memos-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`memos.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: memos-external
|
|
port: 8181
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# Gitea - git.xiongxiao.me
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: gitea-https
|
|
namespace: default
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`git.xiongxiao.me`)
|
|
kind: Rule
|
|
services:
|
|
- name: gitea-external
|
|
port: 3000
|
|
tls:
|
|
certResolver: letsencrypt
|
|
---
|
|
# RBAC 配置
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
namespace: default
|
|
name: traefik-ingressroute-role
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups: ["traefik.io"]
|
|
resources: ["ingressroutes"]
|
|
verbs: ["get", "list", "watch", "create", "update", "delete"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: traefik-ingressroute-rolebinding
|
|
namespace: default
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: traefik-ingressroute-sa
|
|
namespace: kube-system
|
|
roleRef:
|
|
kind: Role
|
|
name: traefik-ingressroute-role
|
|
apiGroup: rbac.authorization.k8s.io
|