Start by creating traefik required resources. You can directly use resources from the kubernetes/traefik templates: it does not contain variables. Those are taken from traefik docs mixed up with this PR for kubernetes 1.19 support and schemas.
Now that you have a router installed, you have to pass requests on your server to it. This setup use a single entry point directly binding some ports on the host server.
As you may have noticed in the step
Kickstart the cluster
, the metallb configuration use only dynamic adresses. But for the reverse proxy to work, we’ll need to be sure that our traefik router has a constant IP in your VPN. For this, modify your metallb configuration using the new kubernetes/metallb-configmap.yaml template. This new configuration declares a new address pool named frontend with a single IP in it.
Here is a graph of the RBAC setup we are going to implement:
We’ll use keycloak to proxy our authentication for all monitors, using a single realm. You may use several realms in real-life situations. This is probably the tough part, and you may tweak heavily the following guide. Moreover, I may forgot to write some instructions, or somes are heavily linked to your very own setup.
Now that we have our authentication service up and running, we can protect our dashboards installed in the step 06 - Monitoring: See what is going on using our Keycloak OpenID Connect provider. Here is a diagram on how authorization will be managed:
TODO
TODO
Again, we are going to set up a new instance of louketo-proxy.