apiVersion: v1 kind: Namespace metadata: name: traefik --- apiVersion: v1 kind: ServiceAccount metadata: name: traefik namespace: traefik --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: traefik rules: - apiGroups: [""] resources: ["services", "endpoints", "pods", "secrets", "nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses", "ingressclasses"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: traefik roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik subjects: - kind: ServiceAccount name: traefik namespace: traefik --- apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: name: traefik spec: controller: traefik.io/ingress-controller --- apiVersion: v1 kind: Service metadata: name: traefik namespace: traefik spec: selector: app: traefik ports: - name: web protocol: TCP port: 80 targetPort: 80 - name: websecure protocol: TCP port: 443 targetPort: 443 --- apiVersion: apps/v1 kind: Deployment metadata: name: traefik namespace: traefik spec: selector: matchLabels: app: traefik replicas: 1 template: metadata: labels: app: traefik spec: serviceAccountName: traefik containers: - name: traefik image: traefik:v3.0.17 args: - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --providers.kubernetesingress - --providers.kubernetesingress.ingressclass=traefik - --providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik - --log.level=INFO ports: - name: web containerPort: 80 hostPort: 80 protocol: TCP - name: websecure containerPort: 443 hostPort: 443 protocol: TCP