apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: traefik namespace: argo-cd finalizers: - resources-finalizer.argocd.argoproj.io spec: destination: server: https://kubernetes.default.svc namespace: traefik project: default source: chart: traefik helm: values: | image: repository: &traefikImage library/traefik name: *traefikImage tag: v2.8.0 pullPolicy: IfNotPresent deployment: additionalContainers: # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host - name: cloudflare image: ghcr.io/roxedus/pipelines:cloudflared-2022.6.3 args: ["tunnel", "--no-autoupdate", "run", "--token", "$(cloudflared)"] resources: limits: cpu: "800m" memory: "100Mi" requests: cpu: "300m" memory: "40Mi" envFrom: - secretRef: name: cloudflared-secrets - image: ghcr.io/roxedus/pipelines:traefik-cloudflare-tunnel-cca7aa94 name: auto-cloudflare resources: limits: cpu: "800m" memory: "100Mi" requests: cpu: "300m" memory: "40Mi" envFrom: - secretRef: name: auto-cloudflared-secrets env: - name: TRAEFIK_SERVICE_ENDPOINT value: http://localhost:8000 - name: TRAEFIK_API_ENDPOINT value: http://localhost:9000 - name: TRAEFIK_ENTRYPOINT value: web pilot: enabled: true experimental: http3: enabled: true plugins: enabled: false kubernetesGateway: enabled: false globalArguments: [] additionalArguments: - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32" - "--api.insecure=true" envFrom: - secretRef: name: traefik-secrets ports: traefik: port: 9000 expose: false exposedPort: 9000 protocol: TCP web: port: 8000 expose: false exposedPort: 80 protocol: TCP websecure: port: 8443 expose: false exposedPort: 443 protocol: TCP http3: true tls: enabled: true metrics: port: 9100 expose: true udp: port: 6666 protocol: UDP expose: true tlsOptions: default: sniStrict: true minVersion: VersionTLS12 service: enabled: true type: ClusterIP annotations: {} annotationsTCP: {} annotationsUDP: {} labels: {} spec: {} loadBalancerSourceRanges: [] externalIPs: [] certResolvers: {} repoURL: https://helm.traefik.io/traefik targetRevision: 10.24.0 syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true