apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: traefik namespace: argo-cd finalizers: - resources-finalizer.argocd.argoproj.io spec: destination: server: https://kubernetes.default.svc namespace: traefik project: default source: chart: traefik helm: values: | image: repository: &traefikImage library/traefik name: *traefikImage tag: v2.9.4 pullPolicy: IfNotPresent experimental: http3: enabled: true plugins: enabled: false kubernetesGateway: enabled: false # dnsPolicy: ClusterFirstWithHostNet # hostNetwork: true # nodeSelector: # hasDns: "true" # securityContext: # capabilities: # drop: [ALL] # add: [NET_BIND_SERVICE] # readOnlyRootFilesystem: true # runAsGroup: 0 # runAsNonRoot: false # runAsUser: 0 globalArguments: [] additionalArguments: # - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32" - "--api.insecure=true" - "--ping" - "--ping.entrypoint=traefik" envFrom: - secretRef: name: traefik-secrets persistence: enabled: true name: data accessMode: ReadWriteOnce size: 128Mi storageClass: "longhorn" path: /data ports: traefik: port: 9000 expose: true exposedPort: 9900 protocol: TCP web: port: 8080 exposedPort: 80 expose: true protocol: TCP redirectTo: websecure websecure: port: 4443 exposedPort: 443 expose: true protocol: TCP tls: enabled: true metrics: port: 9102 expose: false udp: port: 6666 protocol: UDP expose: true tlsOptions: default: sniStrict: true minVersion: VersionTLS12 service: enabled: true type: LoadBalancer deployment: initContainers: #The "volume-permissions" init container is required if you run into permission issues. #Related issue: https://github.com/traefik/traefik/issues/6825 - name: volume-permissions image: busybox:1.35 command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"] volumeMounts: - name: data mountPath: /data logs: general: level: DEBUG providers: kubernetesCRD: allowCrossNamespace: true kubernetesIngress: publishedService: enabled: true ingressClass: enabled: true isDefaultClass: true certResolvers: cloudflare: email: me@roxedus.dev #caServer: https://acme-staging-v02.api.letsencrypt.org/directory dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "8.8.8.8:53" storage: /data/acme.json repoURL: https://helm.traefik.io/traefik targetRevision: 20.6.0 syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true