Initial commit.

infrastructure_setup/traefik/internal-middleware.yaml

@@ -0,0 +1,13 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: internal-only
+  namespace: kube-system
+spec:
+  ipWhiteList:
+    # Restrict to local private network ranges - adjust these to match your network
+    sourceRange:
+      - 127.0.0.1/32    # localhost
+      - 10.0.0.0/8      # Private network
+      - 172.16.0.0/12   # Private network
+      - 192.168.0.0/16  # Private network

infrastructure_setup/traefik/traefik-service.yaml

@@ -0,0 +1,27 @@
+---
+# Traefik service configuration with static LoadBalancer IP
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik
+  namespace: kube-system
+  annotations:
+    metallb.universe.tf/address-pool: production
+    metallb.universe.tf/allow-shared-ip: traefik-lb
+  labels:
+    app.kubernetes.io/instance: traefik-kube-system
+    app.kubernetes.io/name: traefik
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 192.168.8.240
+  selector:
+    app.kubernetes.io/instance: traefik-kube-system
+    app.kubernetes.io/name: traefik
+  ports:
+    - name: web
+      port: 80
+      targetPort: web
+    - name: websecure 
+      port: 443
+      targetPort: websecure
+  externalTrafficPolicy: Local