From f218a5a38b7f5b85fde275beda76da967b18bcfb Mon Sep 17 00:00:00 2001
From: "nagle.zhang" <1247555725@qq.com>
Date: Fri, 22 Apr 2022 16:25:46 +0800
Subject: [PATCH] add traefik values for test purpose.

---
 bootstrap.sh       |  2 ++
 traefik-values.yml | 71 +++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 69 insertions(+), 4 deletions(-)

diff --git a/bootstrap.sh b/bootstrap.sh
index 304d964..e0b6b14 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -30,3 +30,5 @@ sudo -E helm install shlug-jitsi jitsi/jitsi-meet -f values.yml -n jitsi
 #  Once you get things working, you should remove that whole line altogether.
 #  - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
 
+helm repo add traefik https://helm.traefik.io/traefik
+sudo -E helm upgrade traefik traefik/traefik  --install -n kube-system --reuse-values -f traefik-values.yml
diff --git a/traefik-values.yml b/traefik-values.yml
index 3aee29b..6db1a47 100644
--- a/traefik-values.yml
+++ b/traefik-values.yml
@@ -2,9 +2,72 @@ globalArguments:
   - "--api.insecure"
   - "--accesslog"
   - "--providers.kubernetescrd"
-  - "--certificatesresolvers.shlug.acme.tlschallenge"
+#  - "--certificatesresolvers.shlug.acme.httpchallenge=true"
+#  - "--certificatesresolvers.shlug.acme.httpchallenge.entrypoint=web"
   - "--certificatesresolvers.shlug.acme.email=webmaster@shlug.org"
-  - "--certificatesresolvers.shlug.acme.storage=acme.json"
-  # Please note that this is the staging Let's Encrypt server.
-  # Once you get things working, you should remove that whole line altogether.
+  - "--certificatesresolvers.shlug.acme.storage=/data/acme.json"
   - "--certificatesresolvers.shlug.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+
+# Configure ports
+ports:
+  traefik:
+    port: 9000
+    expose: false
+    # The exposed port for this service
+    exposedPort: 9000
+    # The port protocol (TCP/UDP)
+    protocol: TCP
+  web:
+    port: 8000
+    # hostPort: 8000
+    expose: true
+    exposedPort: 80
+    # The port protocol (TCP/UDP)
+    protocol: TCP
+    # Use nodeport if set. This is useful if you have configured Traefik in a
+    # LoadBalancer
+    nodePort: 30080
+    # Port Redirections
+    # Added in 2.2, you can make permanent redirects via entrypoints.
+    # https://docs.traefik.io/routing/entrypoints/#redirection
+    # redirectTo: websecure
+  websecure:
+    port: 8443
+    # hostPort: 8443
+    expose: true
+    exposedPort: 443
+    # The port protocol (TCP/UDP)
+    protocol: TCP
+    nodePort: 30443
+    # Enable HTTP/3.
+    # Requires enabling experimental http3 feature and tls.
+    # Note that you cannot have a UDP entrypoint with the same port.
+    # http3: true
+    # Set TLS at the entrypoint
+    # https://doc.traefik.io/traefik/routing/entrypoints/#tls
+    tls:
+      enabled: true
+      # this is the name of a TLSOption definition
+      options: ""
+      certResolver: "httpchallenge"
+      domains: 
+        - main: jitsi-test.shlug.org
+
+      # - main: example.com
+      #   sans:
+      #     - foo.example.com
+      #     - bar.example.com
+  metrics:
+    port: 9100
+    # hostPort: 9100
+    # Defines whether the port is exposed if service.type is LoadBalancer or
+    # NodePort.
+    #
+    # You may not want to expose the metrics port on production deployments.
+    # If you want to access it from outside of your cluster,
+    # use `kubectl port-forward` or create a secure ingress
+    expose: false
+    # The exposed port for this service
+    exposedPort: 9100
+    # The port protocol (TCP/UDP)
+    protocol: TCP