deployment: initContainers: - name: volume-permissions image: busybox:latest@sha256:6d9ac9237a84afe1516540f40a0fafdc86859b2141954b4d643af7066d598b74 command: ["sh", "-c", "touch /data/acme.json; chown 65532:65532 /data/acme.json; chmod -v 600 /data/acme.json; chown -R 65532:65532 /var/log/traefik"] securityContext: runAsNonRoot: false runAsGroup: 0 runAsUser: 0 volumeMounts: - name: data mountPath: /data - name: access-log mountPath: /var/log/traefik additionalVolumes: - name: access-log hostPath: path: /var/log/traefik/ certResolvers: letsencrypt: email: namesny.matus@gmail.com dnsChallenge: provider: cloudflare delayBeforeCheck: 30 resolvers: - 1.1.1.1 - 8.8.8.8 storage: /data/acme.json envFrom: - secretRef: name: traefik-cf-secret additionalVolumeMounts: - name: access-log mountPath: /var/log/traefik/ logs: access: enabled: true filePath: /var/log/traefik/access.log ingressRoute: dashboard: enabled: true matchRule: Host(`traefik.namesny.com`) entryPoints: ["websecure"] middlewares: - name: "auth-authelia@kubernetescrd" providers: kubernetesCRD: allowCrossNamespace: true persistence: enabled: true storageClass: retain-local-path ports: websecure: tls: enabled: true certResolver: letsencrypt domains: - main: namesny.com sans: - "*.namesny.com" web: redirectTo: port: websecure service: spec: externalTrafficPolicy: Local