Update haproxy-ingress-rbac.yaml

generate_kubeconfig.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Erstellt ein Token
+TOKEN=$(kubectl -n kube-system create token haproxy-sa)
+
+# Get Cluster Info
+CLUSTER_NAME=$(kubectl config view -o jsonpath='{.clusters[0].name}')
+CLUSTER_SERVER=$(kubectl config view -o jsonpath="{.clusters[0].cluster.server}")
+CA_DATA=$(kubectl config view --raw -o jsonpath="{.clusters[0].cluster.certificate-authority-data}")
+
+# Erstelle kubeconfig
+cat <<EOF > haproxy-kubeconfig.yaml
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority-data: ${CA_DATA}
+    server: ${CLUSTER_SERVER}
+  name: ${CLUSTER_NAME}
+contexts:
+- context:
+    cluster: ${CLUSTER_NAME}
+    user: haproxy-sa
+  name: haproxy-context
+current-context: haproxy-context
+users:
+- name: haproxy-sa
+  user:
+    token: ${TOKEN}
+EOF

haproxy-ingress-configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: haproxy-config
+  namespace: kube-system
+data:
+  ssl-redirect: "true"
+  timeout-http-request: "5s"
+  use-forwarded-headers: "true"

haproxy-ingress-rbac.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gateway
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gateway
+rules:
+- apiGroups: [""]
+  resources: ["endpoints", "services", "namespaces", "nodes"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gateway
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gateway
+subjects:
+- kind: ServiceAccount
+  name: gateway
+  namespace: kube-system