fml
This commit is contained in:
parent
6b59d3dc49
commit
103647b98f
@ -1,18 +1,19 @@
|
|||||||
# Default values for Traefik
|
traefik:
|
||||||
image:
|
# Default values for Traefik
|
||||||
|
image:
|
||||||
repository: &traefikImage library/traefik
|
repository: &traefikImage library/traefik
|
||||||
name: *traefikImage
|
name: *traefikImage
|
||||||
# defaults to appVersion
|
# defaults to appVersion
|
||||||
tag: v2.6.0
|
tag: v2.6.0
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
cloudflaredmage:
|
cloudflaredmage:
|
||||||
image: &cloudflaredImage cloudflare/cloudflared:2022.5.3
|
image: &cloudflaredImage cloudflare/cloudflared:2022.5.3
|
||||||
|
|
||||||
#
|
#
|
||||||
# Configure the deployment
|
# Configure the deployment
|
||||||
#
|
#
|
||||||
deployment:
|
deployment:
|
||||||
enabled: true
|
enabled: true
|
||||||
# Can be either Deployment or DaemonSet
|
# Can be either Deployment or DaemonSet
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
@ -65,28 +66,28 @@ deployment:
|
|||||||
[]
|
[]
|
||||||
# - name: myRegistryKeySecretName
|
# - name: myRegistryKeySecretName
|
||||||
|
|
||||||
# Pod disruption budget
|
# Pod disruption budget
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
enabled: false
|
enabled: false
|
||||||
# maxUnavailable: 1
|
# maxUnavailable: 1
|
||||||
# maxUnavailable: 33%
|
# maxUnavailable: 33%
|
||||||
# minAvailable: 0
|
# minAvailable: 0
|
||||||
# minAvailable: 25%
|
# minAvailable: 25%
|
||||||
|
|
||||||
# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
||||||
ingressClass:
|
ingressClass:
|
||||||
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
||||||
enabled: false
|
enabled: false
|
||||||
isDefaultClass: false
|
isDefaultClass: false
|
||||||
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
||||||
fallbackApiVersion: ""
|
fallbackApiVersion: ""
|
||||||
|
|
||||||
# Activate Pilot integration
|
# Activate Pilot integration
|
||||||
pilot:
|
pilot:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
# Enable experimental features
|
# Enable experimental features
|
||||||
experimental:
|
experimental:
|
||||||
http3:
|
http3:
|
||||||
enabled: true
|
enabled: true
|
||||||
plugins:
|
plugins:
|
||||||
@ -94,8 +95,8 @@ experimental:
|
|||||||
kubernetesGateway:
|
kubernetesGateway:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
# Create an IngressRoute for the dashboard
|
# Create an IngressRoute for the dashboard
|
||||||
ingressRoute:
|
ingressRoute:
|
||||||
dashboard:
|
dashboard:
|
||||||
enabled: false
|
enabled: false
|
||||||
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
||||||
@ -103,29 +104,29 @@ ingressRoute:
|
|||||||
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
||||||
labels: {}
|
labels: {}
|
||||||
|
|
||||||
rollingUpdate:
|
rollingUpdate:
|
||||||
maxUnavailable: 1
|
maxUnavailable: 1
|
||||||
maxSurge: 1
|
maxSurge: 1
|
||||||
|
|
||||||
# Customize liveness and readiness probe values.
|
# Customize liveness and readiness probe values.
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
failureThreshold: 1
|
failureThreshold: 1
|
||||||
initialDelaySeconds: 10
|
initialDelaySeconds: 10
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
successThreshold: 1
|
successThreshold: 1
|
||||||
timeoutSeconds: 2
|
timeoutSeconds: 2
|
||||||
|
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
failureThreshold: 3
|
failureThreshold: 3
|
||||||
initialDelaySeconds: 10
|
initialDelaySeconds: 10
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
successThreshold: 1
|
successThreshold: 1
|
||||||
timeoutSeconds: 2
|
timeoutSeconds: 2
|
||||||
|
|
||||||
#
|
#
|
||||||
# Configure providers
|
# Configure providers
|
||||||
#
|
#
|
||||||
providers:
|
providers:
|
||||||
kubernetesCRD:
|
kubernetesCRD:
|
||||||
enabled: true
|
enabled: true
|
||||||
allowCrossNamespace: false
|
allowCrossNamespace: false
|
||||||
@ -150,33 +151,33 @@ providers:
|
|||||||
# By default this Traefik service
|
# By default this Traefik service
|
||||||
# pathOverride: ""
|
# pathOverride: ""
|
||||||
|
|
||||||
#
|
#
|
||||||
# Add volumes to the traefik pod. The volume name will be passed to tpl.
|
# Add volumes to the traefik pod. The volume name will be passed to tpl.
|
||||||
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
|
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
|
||||||
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
|
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
|
||||||
# additionalArguments:
|
# additionalArguments:
|
||||||
# - "--providers.file.filename=/config/dynamic.toml"
|
# - "--providers.file.filename=/config/dynamic.toml"
|
||||||
# - "--ping"
|
# - "--ping"
|
||||||
# - "--ping.entrypoint=web"
|
# - "--ping.entrypoint=web"
|
||||||
volumes:
|
volumes:
|
||||||
[]
|
[]
|
||||||
# - name: public-cert
|
# - name: public-cert
|
||||||
# mountPath: "/certs"
|
# mountPath: "/certs"
|
||||||
# type: emptyDir
|
# type: emptyDir
|
||||||
# - name: '{{ printf "%s-configs" .Release.Name }}'
|
# - name: '{{ printf "%s-configs" .Release.Name }}'
|
||||||
# mountPath: "/config"
|
# mountPath: "/config"
|
||||||
# type: configMap
|
# type: configMap
|
||||||
|
|
||||||
# Additional volumeMounts to add to the Traefik container
|
# Additional volumeMounts to add to the Traefik container
|
||||||
additionalVolumeMounts:
|
additionalVolumeMounts:
|
||||||
[]
|
[]
|
||||||
# For instance when using a logshipper for access logs
|
# For instance when using a logshipper for access logs
|
||||||
# - name: traefik-logs
|
# - name: traefik-logs
|
||||||
# mountPath: /var/log/traefik
|
# mountPath: /var/log/traefik
|
||||||
|
|
||||||
# Logs
|
# Logs
|
||||||
# https://docs.traefik.io/observability/logs/
|
# https://docs.traefik.io/observability/logs/
|
||||||
logs:
|
logs:
|
||||||
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
|
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
|
||||||
general:
|
general:
|
||||||
# By default, the logs use a text format (common), but you can
|
# By default, the logs use a text format (common), but you can
|
||||||
@ -219,7 +220,7 @@ logs:
|
|||||||
# Authorization: drop
|
# Authorization: drop
|
||||||
# Content-Type: keep
|
# Content-Type: keep
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
# datadog:
|
# datadog:
|
||||||
# address: 127.0.0.1:8125
|
# address: 127.0.0.1:8125
|
||||||
# influxdb:
|
# influxdb:
|
||||||
@ -231,7 +232,7 @@ metrics:
|
|||||||
# statsd:
|
# statsd:
|
||||||
# address: localhost:8125
|
# address: localhost:8125
|
||||||
|
|
||||||
tracing:
|
tracing:
|
||||||
{}
|
{}
|
||||||
# instana:
|
# instana:
|
||||||
# enabled: true
|
# enabled: true
|
||||||
@ -241,17 +242,17 @@ tracing:
|
|||||||
# globalTag: ""
|
# globalTag: ""
|
||||||
# prioritySampling: false
|
# prioritySampling: false
|
||||||
|
|
||||||
globalArguments:
|
globalArguments:
|
||||||
- "--global.checknewversion"
|
- "--global.checknewversion"
|
||||||
|
|
||||||
#
|
#
|
||||||
# Configure Traefik static configuration
|
# Configure Traefik static configuration
|
||||||
# Additional arguments to be passed at Traefik's binary
|
# Additional arguments to be passed at Traefik's binary
|
||||||
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
||||||
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
||||||
additionalArguments: []
|
additionalArguments: []
|
||||||
|
|
||||||
certResolvers:
|
certResolvers:
|
||||||
cf:
|
cf:
|
||||||
dnsChallenge:
|
dnsChallenge:
|
||||||
provider: cloudflare
|
provider: cloudflare
|
||||||
@ -263,32 +264,32 @@ certResolvers:
|
|||||||
- 1.0.0.1
|
- 1.0.0.1
|
||||||
# match the path to persistence
|
# match the path to persistence
|
||||||
storage: /data/acme.json
|
storage: /data/acme.json
|
||||||
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
|
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
|
||||||
# - "--log.level=DEBUG"
|
# - "--log.level=DEBUG"
|
||||||
|
|
||||||
# Environment variables to be passed to Traefik's binary
|
# Environment variables to be passed to Traefik's binary
|
||||||
env: []
|
env: []
|
||||||
# - name: SOME_VAR
|
# - name: SOME_VAR
|
||||||
# value: some-var-value
|
# value: some-var-value
|
||||||
# - name: SOME_VAR_FROM_CONFIG_MAP
|
# - name: SOME_VAR_FROM_CONFIG_MAP
|
||||||
# valueFrom:
|
# valueFrom:
|
||||||
# configMapRef:
|
# configMapRef:
|
||||||
# name: configmap-name
|
# name: configmap-name
|
||||||
# key: config-key
|
# key: config-key
|
||||||
# - name: SOME_SECRET
|
# - name: SOME_SECRET
|
||||||
# valueFrom:
|
# valueFrom:
|
||||||
# secretKeyRef:
|
# secretKeyRef:
|
||||||
# name: secret-name
|
# name: secret-name
|
||||||
# key: secret-key
|
# key: secret-key
|
||||||
|
|
||||||
envFrom:
|
envFrom:
|
||||||
# - configMapRef:
|
# - configMapRef:
|
||||||
# name: config-map-name
|
# name: config-map-name
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: traefik-secrets
|
name: traefik-secrets
|
||||||
|
|
||||||
# Configure ports
|
# Configure ports
|
||||||
ports:
|
ports:
|
||||||
# The name of this one can't be changed as it is used for the readiness and
|
# The name of this one can't be changed as it is used for the readiness and
|
||||||
# liveness probes, but you can adjust its config to your liking
|
# liveness probes, but you can adjust its config to your liking
|
||||||
traefik:
|
traefik:
|
||||||
@ -370,22 +371,22 @@ ports:
|
|||||||
# The port protocol (TCP/UDP)
|
# The port protocol (TCP/UDP)
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
|
|
||||||
# TLS Options are created as TLSOption CRDs
|
# TLS Options are created as TLSOption CRDs
|
||||||
# https://doc.traefik.io/traefik/https/tls/#tls-options
|
# https://doc.traefik.io/traefik/https/tls/#tls-options
|
||||||
# Example:
|
# Example:
|
||||||
tlsOptions:
|
tlsOptions:
|
||||||
default:
|
default:
|
||||||
sniStrict: true
|
sniStrict: true
|
||||||
minVersion: VersionTLS12
|
minVersion: VersionTLS12
|
||||||
# preferServerCipherSuites: true
|
# preferServerCipherSuites: true
|
||||||
# foobar:
|
# foobar:
|
||||||
# curvePreferences:
|
# curvePreferences:
|
||||||
# - CurveP521
|
# - CurveP521
|
||||||
# - CurveP384
|
# - CurveP384
|
||||||
|
|
||||||
# Options for the main traefik service, where the entrypoints traffic comes
|
# Options for the main traefik service, where the entrypoints traffic comes
|
||||||
# from.
|
# from.
|
||||||
service:
|
service:
|
||||||
enabled: true
|
enabled: true
|
||||||
type: NodePort
|
type: NodePort
|
||||||
# Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
|
# Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
|
||||||
@ -418,29 +419,29 @@ service:
|
|||||||
# - IPv4
|
# - IPv4
|
||||||
# - IPv6
|
# - IPv6
|
||||||
|
|
||||||
## Create HorizontalPodAutoscaler object.
|
## Create HorizontalPodAutoscaler object.
|
||||||
##
|
##
|
||||||
autoscaling:
|
autoscaling:
|
||||||
enabled: false
|
enabled: false
|
||||||
# minReplicas: 1
|
# minReplicas: 1
|
||||||
# maxReplicas: 10
|
# maxReplicas: 10
|
||||||
# metrics:
|
# metrics:
|
||||||
# - type: Resource
|
# - type: Resource
|
||||||
# resource:
|
# resource:
|
||||||
# name: cpu
|
# name: cpu
|
||||||
# targetAverageUtilization: 60
|
# targetAverageUtilization: 60
|
||||||
# - type: Resource
|
# - type: Resource
|
||||||
# resource:
|
# resource:
|
||||||
# name: memory
|
# name: memory
|
||||||
# targetAverageUtilization: 60
|
# targetAverageUtilization: 60
|
||||||
|
|
||||||
# Enable persistence using Persistent Volume Claims
|
# Enable persistence using Persistent Volume Claims
|
||||||
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
||||||
# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
|
# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
|
||||||
# additionalArguments:
|
# additionalArguments:
|
||||||
# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
|
# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
|
||||||
# It will persist TLS certificates.
|
# It will persist TLS certificates.
|
||||||
persistence:
|
persistence:
|
||||||
enabled: false
|
enabled: false
|
||||||
name: data
|
name: data
|
||||||
# existingClaim: ""
|
# existingClaim: ""
|
||||||
@ -451,34 +452,34 @@ persistence:
|
|||||||
annotations: {}
|
annotations: {}
|
||||||
# subPath: "" # only mount a subpath of the Volume into the pod
|
# subPath: "" # only mount a subpath of the Volume into the pod
|
||||||
|
|
||||||
# If hostNetwork is true, runs traefik in the host network namespace
|
# If hostNetwork is true, runs traefik in the host network namespace
|
||||||
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
|
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
|
||||||
# and replicas>1, a pod anti-affinity is recommended and will be set if the
|
# and replicas>1, a pod anti-affinity is recommended and will be set if the
|
||||||
# affinity is left as default.
|
# affinity is left as default.
|
||||||
hostNetwork: false
|
hostNetwork: false
|
||||||
|
|
||||||
# Whether Role Based Access Control objects like roles and rolebindings should be created
|
# Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||||
rbac:
|
rbac:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
# If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
|
# If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
|
||||||
# If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
|
# If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
|
||||||
namespaced: false
|
namespaced: false
|
||||||
|
|
||||||
# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
|
# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
|
||||||
podSecurityPolicy:
|
podSecurityPolicy:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
# The service account the pods will use to interact with the Kubernetes API
|
# The service account the pods will use to interact with the Kubernetes API
|
||||||
serviceAccount:
|
serviceAccount:
|
||||||
# If set, an existing service account is used
|
# If set, an existing service account is used
|
||||||
# If not set, a service account is created automatically using the fullname template
|
# If not set, a service account is created automatically using the fullname template
|
||||||
name: ""
|
name: ""
|
||||||
|
|
||||||
# Additional serviceAccount annotations (e.g. for oidc authentication)
|
# Additional serviceAccount annotations (e.g. for oidc authentication)
|
||||||
serviceAccountAnnotations: {}
|
serviceAccountAnnotations: {}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
{}
|
{}
|
||||||
# requests:
|
# requests:
|
||||||
# cpu: "100m"
|
# cpu: "100m"
|
||||||
@ -486,29 +487,29 @@ resources:
|
|||||||
# limits:
|
# limits:
|
||||||
# cpu: "300m"
|
# cpu: "300m"
|
||||||
# memory: "150Mi"
|
# memory: "150Mi"
|
||||||
affinity: {}
|
affinity: {}
|
||||||
# # This example pod anti-affinity forces the scheduler to put traefik pods
|
# # This example pod anti-affinity forces the scheduler to put traefik pods
|
||||||
# # on nodes where no other traefik pods are scheduled.
|
# # on nodes where no other traefik pods are scheduled.
|
||||||
# # It should be used when hostNetwork: true to prevent port conflicts
|
# # It should be used when hostNetwork: true to prevent port conflicts
|
||||||
# podAntiAffinity:
|
# podAntiAffinity:
|
||||||
# requiredDuringSchedulingIgnoredDuringExecution:
|
# requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
# - labelSelector:
|
# - labelSelector:
|
||||||
# matchExpressions:
|
# matchExpressions:
|
||||||
# - key: app.kubernetes.io/name
|
# - key: app.kubernetes.io/name
|
||||||
# operator: In
|
# operator: In
|
||||||
# values:
|
# values:
|
||||||
# - {{ template "traefik.name" . }}
|
# - {{ template "traefik.name" . }}
|
||||||
# topologyKey: kubernetes.io/hostname
|
# topologyKey: kubernetes.io/hostname
|
||||||
nodeSelector: {}
|
nodeSelector: {}
|
||||||
tolerations: []
|
tolerations: []
|
||||||
|
|
||||||
# Pods can have priority.
|
# Pods can have priority.
|
||||||
# Priority indicates the importance of a Pod relative to other Pods.
|
# Priority indicates the importance of a Pod relative to other Pods.
|
||||||
priorityClassName: ""
|
priorityClassName: ""
|
||||||
|
|
||||||
# Set the container security context
|
# Set the container security context
|
||||||
# To run the container with ports below 1024 this will need to be adjust to run as root
|
# To run the container with ports below 1024 this will need to be adjust to run as root
|
||||||
securityContext:
|
securityContext:
|
||||||
capabilities:
|
capabilities:
|
||||||
drop: [ALL]
|
drop: [ALL]
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
@ -516,5 +517,5 @@ securityContext:
|
|||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
runAsUser: 65532
|
runAsUser: 65532
|
||||||
|
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
fsGroup: 65532
|
fsGroup: 65532
|
||||||
|
28
apps/templates/traefik.yaml
Normal file
28
apps/templates/traefik.yaml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: traefik
|
||||||
|
namespace: default
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: default
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
path: Charts/traefik
|
||||||
|
repoURL: https://git.roxedus.dev/Roxedus/Argo.git
|
||||||
|
targetRevision: HEAD
|
||||||
|
helm:
|
||||||
|
version: v3
|
||||||
|
#valueFiles:
|
||||||
|
# - values.yaml
|
||||||
|
values: |
|
||||||
|
|
||||||
|
image:
|
||||||
|
tag: v2.6.0
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: true
|
||||||
|
selfHeal: true
|
Loading…
Reference in New Issue
Block a user