apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: traefik namespace: argo-cd finalizers: - resources-finalizer.argocd.argoproj.io spec: destination: server: https://kubernetes.default.svc namespace: traefik project: default source: chart: traefik helm: values: | image: repository: &traefikImage library/traefik name: *traefikImage tag: v2.9.4 pullPolicy: IfNotPresent experimental: http3: enabled: true plugins: enabled: false kubernetesGateway: enabled: false dnsPolicy: ClusterFirstWithHostNet hostNetwork: true nodeSelector: hasDns: "true" securityContext: capabilities: drop: [ALL] add: [NET_BIND_SERVICE] readOnlyRootFilesystem: true runAsGroup: 0 runAsNonRoot: false runAsUser: 0 globalArguments: [] additionalArguments: # - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32" - "--api.insecure=true" envFrom: - secretRef: name: traefik-secrets ports: traefik: port: 9000 expose: true exposedPort: 9000 protocol: TCP web: port: 80 expose: false protocol: TCP websecure: port: 443 expose: false protocol: TCP tls: enabled: true metrics: port: 9100 expose: true udp: port: 6666 protocol: UDP expose: true tlsOptions: default: sniStrict: true minVersion: VersionTLS12 service: enabled: true type: NodePort annotations: {} annotationsTCP: {} annotationsUDP: {} labels: {} spec: {} loadBalancerSourceRanges: [] externalIPs: [] certResolvers: cloudflare: email: me@roxedus.dev dnsChallenge: provider: cloudflare storage: /data/acme.json repoURL: https://helm.traefik.io/traefik targetRevision: 10.24.0 syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true