References   Add OpenAPI v3 schemas to CRDs by jrostand · Pull Request #157 · traefik/traefik-helm-chart · GitHub Start by creating traefik required resources. You can directly use resources from the  kubernetes/traefik templates: it does not contain variables. Those are taken from  traefik docs mixed up with  this PR for kubernetes 1.19 support and schemas. Please look forward for  this issue in traefik about official v1.

Now that you have a router installed, you have to pass requests on your server to it. This setup use a single entry point directly binding some ports on the host server. 1. Make a static and previsible configuration As you may have noticed in the step  Kickstart the cluster, the metallb configuration use only dynamic adresses. But for the reverse proxy to work, we’ll need to be sure that our traefik router has a constant IP in your VPN.

Here is a graph of the RBAC setup we are going to implement: 1. Setup keycloak We’ll use keycloak to proxy our authentication for all monitors, using a single realm. You may use several realms in real-life situations. This is probably the tough part, and you may tweak heavily the following guide. Moreover, I may forgot to write some instructions, or somes are heavily linked to your very own setup.

Now that we have our authentication service up and running, we can protect our dashboards installed in the step  06 - Monitoring: See what is going on using our Keycloak OpenID Connect provider. Here is a diagram on how authorization will be managed: Traefik dashboard TODO Kibana TODO Kube dashboard References   Protect Kubernetes Dashboard with OpenID Connect | by Hidetake Iwata | ITNEXT Again, we are going to set up a new instance of  louketo-proxy.