fml

Charts/traefik/values.yaml

@@ -1,18 +1,19 @@
-# Default values for Traefik
+traefik:
-image:
+  # Default values for Traefik
+  image:
     repository: &traefikImage library/traefik
     name: *traefikImage
     # defaults to appVersion
     tag: v2.6.0
     pullPolicy: IfNotPresent
 
-cloudflaredmage:
+  cloudflaredmage:
     image: &cloudflaredImage cloudflare/cloudflared:2022.5.3
 
-#
+  #
-# Configure the deployment
+  # Configure the deployment
-#
+  #
-deployment:
+  deployment:
     enabled: true
     # Can be either Deployment or DaemonSet
     kind: Deployment
@@ -65,28 +66,28 @@ deployment:
       []
       # - name: myRegistryKeySecretName
 
-# Pod disruption budget
+  # Pod disruption budget
-podDisruptionBudget:
+  podDisruptionBudget:
     enabled: false
     # maxUnavailable: 1
     # maxUnavailable: 33%
     # minAvailable: 0
     # minAvailable: 25%
 
-# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
+  # Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
-ingressClass:
+  ingressClass:
     # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
     enabled: false
     isDefaultClass: false
     # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
     fallbackApiVersion: ""
 
-# Activate Pilot integration
+  # Activate Pilot integration
-pilot:
+  pilot:
     enabled: true
 
-# Enable experimental features
+  # Enable experimental features
-experimental:
+  experimental:
     http3:
       enabled: true
     plugins:
@@ -94,8 +95,8 @@ experimental:
     kubernetesGateway:
       enabled: false
 
-# Create an IngressRoute for the dashboard
+  # Create an IngressRoute for the dashboard
-ingressRoute:
+  ingressRoute:
     dashboard:
       enabled: false
       # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
@@ -103,29 +104,29 @@ ingressRoute:
       # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
       labels: {}
 
-rollingUpdate:
+  rollingUpdate:
     maxUnavailable: 1
     maxSurge: 1
 
-# Customize liveness and readiness probe values.
+  # Customize liveness and readiness probe values.
-readinessProbe:
+  readinessProbe:
     failureThreshold: 1
     initialDelaySeconds: 10
     periodSeconds: 10
     successThreshold: 1
     timeoutSeconds: 2
 
-livenessProbe:
+  livenessProbe:
     failureThreshold: 3
     initialDelaySeconds: 10
     periodSeconds: 10
     successThreshold: 1
     timeoutSeconds: 2
 
-#
+  #
-# Configure providers
+  # Configure providers
-#
+  #
-providers:
+  providers:
     kubernetesCRD:
       enabled: true
       allowCrossNamespace: false
@@ -150,33 +151,33 @@ providers:
         # By default this Traefik service
         # pathOverride: ""
 
-#
+  #
-# Add volumes to the traefik pod. The volume name will be passed to tpl.
+  # Add volumes to the traefik pod. The volume name will be passed to tpl.
-# This can be used to mount a cert pair or a configmap that holds a config.toml file.
+  # This can be used to mount a cert pair or a configmap that holds a config.toml file.
-# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+  # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
-# additionalArguments:
+  # additionalArguments:
-# - "--providers.file.filename=/config/dynamic.toml"
+  # - "--providers.file.filename=/config/dynamic.toml"
-# - "--ping"
+  # - "--ping"
-# - "--ping.entrypoint=web"
+  # - "--ping.entrypoint=web"
-volumes:
+  volumes:
     []
     # - name: public-cert
     #   mountPath: "/certs"
     #   type: emptyDir
-# - name: '{{ printf "%s-configs" .Release.Name }}'
+  # - name: '{{ printf "%s-configs" .Release.Name }}'
-#   mountPath: "/config"
+  #   mountPath: "/config"
-#   type: configMap
+  #   type: configMap
 
-# Additional volumeMounts to add to the Traefik container
+  # Additional volumeMounts to add to the Traefik container
-additionalVolumeMounts:
+  additionalVolumeMounts:
     []
     # For instance when using a logshipper for access logs
     # - name: traefik-logs
     #   mountPath: /var/log/traefik
 
-# Logs
+  # Logs
-# https://docs.traefik.io/observability/logs/
+  # https://docs.traefik.io/observability/logs/
-logs:
+  logs:
     # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
     general:
       # By default, the logs use a text format (common), but you can
@@ -219,7 +220,7 @@ logs:
             # Authorization: drop
             # Content-Type: keep
 
-metrics:
+  metrics:
     # datadog:
     #   address: 127.0.0.1:8125
     # influxdb:
@@ -231,7 +232,7 @@ metrics:
     # statsd:
     #   address: localhost:8125
 
-tracing:
+  tracing:
     {}
     # instana:
     #   enabled: true
@@ -241,17 +242,17 @@ tracing:
     #   globalTag: ""
     #   prioritySampling: false
 
-globalArguments:
+  globalArguments:
     - "--global.checknewversion"
 
-#
+  #
-# Configure Traefik static configuration
+  # Configure Traefik static configuration
-# Additional arguments to be passed at Traefik's binary
+  # Additional arguments to be passed at Traefik's binary
-# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+  # All available options available on https://docs.traefik.io/reference/static-configuration/cli/
-## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
+  ## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
-additionalArguments: []
+  additionalArguments: []
 
-certResolvers:
+  certResolvers:
     cf:
       dnsChallenge:
         provider: cloudflare
@@ -263,32 +264,32 @@ certResolvers:
           - 1.0.0.1
       # match the path to persistence
       storage: /data/acme.json
-#  - "--providers.kubernetesingress.ingressclass=traefik-internal"
+  #  - "--providers.kubernetesingress.ingressclass=traefik-internal"
-#  - "--log.level=DEBUG"
+  #  - "--log.level=DEBUG"
 
-# Environment variables to be passed to Traefik's binary
+  # Environment variables to be passed to Traefik's binary
-env: []
+  env: []
-# - name: SOME_VAR
+  # - name: SOME_VAR
-#   value: some-var-value
+  #   value: some-var-value
-# - name: SOME_VAR_FROM_CONFIG_MAP
+  # - name: SOME_VAR_FROM_CONFIG_MAP
-#   valueFrom:
+  #   valueFrom:
-#     configMapRef:
+  #     configMapRef:
-#       name: configmap-name
+  #       name: configmap-name
-#       key: config-key
+  #       key: config-key
-# - name: SOME_SECRET
+  # - name: SOME_SECRET
-#   valueFrom:
+  #   valueFrom:
-#     secretKeyRef:
+  #     secretKeyRef:
-#       name: secret-name
+  #       name: secret-name
-#       key: secret-key
+  #       key: secret-key
 
-envFrom:
+  envFrom:
     # - configMapRef:
     #     name: config-map-name
     - secretRef:
         name: traefik-secrets
 
-# Configure ports
+  # Configure ports
-ports:
+  ports:
     # The name of this one can't be changed as it is used for the readiness and
     # liveness probes, but you can adjust its config to your liking
     traefik:
@@ -370,22 +371,22 @@ ports:
       # The port protocol (TCP/UDP)
       protocol: TCP
 
-# TLS Options are created as TLSOption CRDs
+  # TLS Options are created as TLSOption CRDs
-# https://doc.traefik.io/traefik/https/tls/#tls-options
+  # https://doc.traefik.io/traefik/https/tls/#tls-options
-# Example:
+  # Example:
-tlsOptions:
+  tlsOptions:
     default:
       sniStrict: true
       minVersion: VersionTLS12
-#     preferServerCipherSuites: true
+  #     preferServerCipherSuites: true
-#   foobar:
+  #   foobar:
-#     curvePreferences:
+  #     curvePreferences:
-#       - CurveP521
+  #       - CurveP521
-#       - CurveP384
+  #       - CurveP384
 
-# Options for the main traefik service, where the entrypoints traffic comes
+  # Options for the main traefik service, where the entrypoints traffic comes
-# from.
+  # from.
-service:
+  service:
     enabled: true
     type: NodePort
     # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
@@ -418,29 +419,29 @@ service:
     #   - IPv4
     #   - IPv6
 
-## Create HorizontalPodAutoscaler object.
+  ## Create HorizontalPodAutoscaler object.
-##
+  ##
-autoscaling:
+  autoscaling:
     enabled: false
-#   minReplicas: 1
+  #   minReplicas: 1
-#   maxReplicas: 10
+  #   maxReplicas: 10
-#   metrics:
+  #   metrics:
-#   - type: Resource
+  #   - type: Resource
-#     resource:
+  #     resource:
-#       name: cpu
+  #       name: cpu
-#       targetAverageUtilization: 60
+  #       targetAverageUtilization: 60
-#   - type: Resource
+  #   - type: Resource
-#     resource:
+  #     resource:
-#       name: memory
+  #       name: memory
-#       targetAverageUtilization: 60
+  #       targetAverageUtilization: 60
 
-# Enable persistence using Persistent Volume Claims
+  # Enable persistence using Persistent Volume Claims
-# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+  # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
-# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+  # After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
-# additionalArguments:
+  # additionalArguments:
-# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
+  # - "--certificatesresolvers.le.acme.storage=/data/acme.json"
-# It will persist TLS certificates.
+  # It will persist TLS certificates.
-persistence:
+  persistence:
     enabled: false
     name: data
     #  existingClaim: ""
@@ -451,34 +452,34 @@ persistence:
     annotations: {}
     # subPath: "" # only mount a subpath of the Volume into the pod
 
-# If hostNetwork is true, runs traefik in the host network namespace
+  # If hostNetwork is true, runs traefik in the host network namespace
-# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
+  # To prevent unschedulabel pods due to port collisions, if hostNetwork=true
-# and replicas>1, a pod anti-affinity is recommended and will be set if the
+  # and replicas>1, a pod anti-affinity is recommended and will be set if the
-# affinity is left as default.
+  # affinity is left as default.
-hostNetwork: false
+  hostNetwork: false
 
-# Whether Role Based Access Control objects like roles and rolebindings should be created
+  # Whether Role Based Access Control objects like roles and rolebindings should be created
-rbac:
+  rbac:
     enabled: true
 
     # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
     # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
     namespaced: false
 
-# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
+  # Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
-podSecurityPolicy:
+  podSecurityPolicy:
     enabled: false
 
-# The service account the pods will use to interact with the Kubernetes API
+  # The service account the pods will use to interact with the Kubernetes API
-serviceAccount:
+  serviceAccount:
     # If set, an existing service account is used
     # If not set, a service account is created automatically using the fullname template
     name: ""
 
-# Additional serviceAccount annotations (e.g. for oidc authentication)
+  # Additional serviceAccount annotations (e.g. for oidc authentication)
-serviceAccountAnnotations: {}
+  serviceAccountAnnotations: {}
 
-resources:
+  resources:
     {}
     # requests:
     #   cpu: "100m"
@@ -486,29 +487,29 @@ resources:
     # limits:
     #   cpu: "300m"
     #   memory: "150Mi"
-affinity: {}
+  affinity: {}
-# # This example pod anti-affinity forces the scheduler to put traefik pods
+  # # This example pod anti-affinity forces the scheduler to put traefik pods
-# # on nodes where no other traefik pods are scheduled.
+  # # on nodes where no other traefik pods are scheduled.
-# # It should be used when hostNetwork: true to prevent port conflicts
+  # # It should be used when hostNetwork: true to prevent port conflicts
-#   podAntiAffinity:
+  #   podAntiAffinity:
-#     requiredDuringSchedulingIgnoredDuringExecution:
+  #     requiredDuringSchedulingIgnoredDuringExecution:
-#       - labelSelector:
+  #       - labelSelector:
-#           matchExpressions:
+  #           matchExpressions:
-#             - key: app.kubernetes.io/name
+  #             - key: app.kubernetes.io/name
-#               operator: In
+  #               operator: In
-#               values:
+  #               values:
-#                 - {{ template "traefik.name" . }}
+  #                 - {{ template "traefik.name" . }}
-#         topologyKey: kubernetes.io/hostname
+  #         topologyKey: kubernetes.io/hostname
-nodeSelector: {}
+  nodeSelector: {}
-tolerations: []
+  tolerations: []
 
-# Pods can have priority.
+  # Pods can have priority.
-# Priority indicates the importance of a Pod relative to other Pods.
+  # Priority indicates the importance of a Pod relative to other Pods.
-priorityClassName: ""
+  priorityClassName: ""
 
-# Set the container security context
+  # Set the container security context
-# To run the container with ports below 1024 this will need to be adjust to run as root
+  # To run the container with ports below 1024 this will need to be adjust to run as root
-securityContext:
+  securityContext:
     capabilities:
       drop: [ALL]
     readOnlyRootFilesystem: true
@@ -516,5 +517,5 @@ securityContext:
     runAsNonRoot: true
     runAsUser: 65532
 
-podSecurityContext:
+  podSecurityContext:
     fsGroup: 65532

apps/templates/traefik.yaml

@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: traefik
+  namespace: default
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  project: default
+  source:
+    path: Charts/traefik
+    repoURL: https://git.roxedus.dev/Roxedus/Argo.git
+    targetRevision: HEAD
+    helm:
+      version: v3
+      #valueFiles:
+      #  - values.yaml
+      values: |
+
+        image:
+          tag: v2.6.0
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true