k3s-configs/infra/traefik/values.yaml

67 lines
1.5 KiB
YAML
Raw Permalink Normal View History

2023-11-28 21:18:02 +00:00
deployment:
initContainers:
- name: volume-permissions
image: busybox:1.36@sha256:34b191d63fbc93e25e275bfccf1b5365664e5ac28f06d974e8d50090fbb49f41
2024-01-08 08:40:04 +00:00
command: ["sh", "-c", "touch /data/acme.json; chown 65532:65532 /data/acme.json; chmod -v 600 /data/acme.json; chown -R 65532:65532 /var/log/traefik"]
2023-11-28 21:18:02 +00:00
securityContext:
runAsNonRoot: false
runAsGroup: 0
runAsUser: 0
volumeMounts:
- name: data
mountPath: /data
- name: access-log
mountPath: /var/log/traefik
additionalVolumes:
- name: access-log
hostPath:
path: /var/log/traefik/
certResolvers:
letsencrypt:
email: namesny.matus@gmail.com
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 30
resolvers:
- 1.1.1.1
- 8.8.8.8
storage: /data/acme.json
envFrom:
- secretRef:
name: traefik-cf-secret
additionalVolumeMounts:
- name: access-log
mountPath: /var/log/traefik/
logs:
access:
enabled: true
filePath: /var/log/traefik/access.log
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`traefik.namesny.com`)
entryPoints: ["websecure"]
middlewares:
- name: "auth-authelia@kubernetescrd"
providers:
kubernetesCRD:
allowCrossNamespace: true
persistence:
enabled: true
storageClass: retain-local-path
ports:
websecure:
tls:
enabled: true
certResolver: letsencrypt
domains:
- main: namesny.com
sans:
- "*.namesny.com"
web:
redirectTo:
port: websecure
service:
spec:
externalTrafficPolicy: Local