134 lines
3.4 KiB
YAML
134 lines
3.4 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: traefik
|
|
namespace: argo-cd
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
destination:
|
|
server: https://kubernetes.default.svc
|
|
namespace: traefik
|
|
project: default
|
|
source:
|
|
chart: traefik
|
|
helm:
|
|
values: |
|
|
|
|
image:
|
|
repository: &traefikImage library/traefik
|
|
name: *traefikImage
|
|
tag: v2.9.4
|
|
pullPolicy: IfNotPresent
|
|
|
|
experimental:
|
|
http3:
|
|
enabled: true
|
|
plugins:
|
|
enabled: false
|
|
kubernetesGateway:
|
|
enabled: false
|
|
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
hostNetwork: true
|
|
nodeSelector:
|
|
hasDns: "true"
|
|
|
|
securityContext:
|
|
capabilities:
|
|
drop: [ALL]
|
|
add: [NET_BIND_SERVICE]
|
|
readOnlyRootFilesystem: true
|
|
runAsGroup: 0
|
|
runAsNonRoot: false
|
|
runAsUser: 0
|
|
|
|
globalArguments: []
|
|
|
|
additionalArguments:
|
|
# - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32"
|
|
- "--api.insecure=true"
|
|
- "--ping"
|
|
- "--ping.entrypoint=traefik"
|
|
envFrom:
|
|
- secretRef:
|
|
name: traefik-secrets
|
|
|
|
persistence:
|
|
enabled: true
|
|
name: data
|
|
accessMode: ReadWriteOnce
|
|
size: 128Mi
|
|
storageClass: "longhorn"
|
|
path: /data
|
|
|
|
ports:
|
|
traefik:
|
|
port: 9000
|
|
expose: true
|
|
exposedPort: 9000
|
|
protocol: TCP
|
|
web:
|
|
port: 80
|
|
expose: false
|
|
protocol: TCP
|
|
redirectTo: websecure
|
|
websecure:
|
|
port: 443
|
|
expose: false
|
|
protocol: TCP
|
|
tls:
|
|
enabled: true
|
|
metrics:
|
|
port: 9100
|
|
expose: true
|
|
udp:
|
|
port: 6666
|
|
protocol: UDP
|
|
expose: true
|
|
|
|
tlsOptions:
|
|
default:
|
|
sniStrict: true
|
|
minVersion: VersionTLS12
|
|
|
|
service:
|
|
enabled: true
|
|
type: NodePort
|
|
|
|
deployment:
|
|
initContainers:
|
|
#The "volume-permissions" init container is required if you run into permission issues.
|
|
#Related issue: https://github.com/traefik/traefik/issues/6825
|
|
- name: volume-permissions
|
|
image: busybox:1.35
|
|
command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 0:0 /data/acme.json"]
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
|
|
|
|
ingressClass:
|
|
enabled: true
|
|
isDefaultClass: true
|
|
|
|
certResolvers:
|
|
cloudflare:
|
|
email: me@roxedus.dev
|
|
#caServer: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
dnsChallenge:
|
|
provider: cloudflare
|
|
resolvers:
|
|
- "1.1.1.1:53"
|
|
- "8.8.8.8:53"
|
|
storage: /data/acme.json
|
|
|
|
repoURL: https://helm.traefik.io/traefik
|
|
targetRevision: 20.6.0
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|
|
syncOptions:
|
|
- CreateNamespace=true
|