k3s-configs/infra/traefik/values.yaml

68 lines
1.6 KiB
YAML
Executable File

deployment:
initContainers:
- name: volume-permissions
image: busybox:latest@sha256:ba76950ac9eaa407512c9d859cea48114eeff8a6f12ebaa5d32ce79d4a017dd8
command: ["sh", "-c", "rm /data/acme.json; touch /data/acme.json; chown 65532:65532 /data/acme.json; chmod -v 600 /data/acme.json; chown -R 65532:65532 /var/log/traefik"]
securityContext:
runAsNonRoot: false
runAsGroup: 0
runAsUser: 0
volumeMounts:
- name: data
mountPath: /data
- name: access-log
mountPath: /var/log/traefik
additionalVolumes:
- name: access-log
hostPath:
path: /var/log/traefik/
certResolvers:
letsencrypt:
email: namesny.matus@gmail.com
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 30
resolvers:
- 1.1.1.1
- 8.8.8.8
storage: /data/acme.json
envFrom:
- secretRef:
name: traefik-cf-secret
additionalVolumeMounts:
- name: access-log
mountPath: /var/log/traefik/
logs:
access:
enabled: true
filePath: /var/log/traefik/access.log
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`traefik.namesny.com`)
entryPoints: ["websecure"]
middlewares:
- name: "auth-authelia@kubernetescrd"
providers:
kubernetesCRD:
allowCrossNamespace: true
persistence:
enabled: true
storageClass: retain-local-path
ports:
websecure:
tls:
enabled: true
certResolver: letsencrypt
domains:
- main: namesny.com
sans:
- "*.namesny.com"
web:
redirectTo:
port: websecure
service:
spec:
externalTrafficPolicy: Local