Argo/apps.ol/templates/traefik.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: traefik
  namespace: argo-cd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: traefik
  project: default
  source:
    chart: traefik
    helm:
      values: |
          image:
            repository: &traefikImage library/traefik
            name: *traefikImage
            tag: v2.8.0
            pullPolicy: IfNotPresent
          deployment:
            additionalContainers:
              # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
              - name: cloudflare
                image: ghcr.io/roxedus/pipelines:cloudflared-2022.6.3
                args: ["tunnel", "--no-autoupdate", "run", "--token", "$(cloudflared)"]
                resources:
                  limits:
                    cpu: "800m"
                    memory: "100Mi"
                  requests:
                    cpu: "300m"
                    memory: "40Mi"
                envFrom:
                  - secretRef:
                      name: cloudflared-secrets
              - image: ghcr.io/roxedus/pipelines:traefik-cloudflare-tunnel-cca7aa94
                name: auto-cloudflare
                resources:
                  limits:
                    cpu: "800m"
                    memory: "100Mi"
                  requests:
                    cpu: "300m"
                    memory: "40Mi"
                envFrom:
                  - secretRef:
                      name: auto-cloudflared-secrets
                env:
                  - name: TRAEFIK_SERVICE_ENDPOINT
                    value: http://localhost:8000
                  - name: TRAEFIK_API_ENDPOINT
                    value: http://localhost:9000
                  - name: TRAEFIK_ENTRYPOINT
                    value: web

          pilot:
            enabled: true

          experimental:
            http3:
              enabled: true
            plugins:
              enabled: false
            kubernetesGateway:
              enabled: false

          globalArguments: []

          additionalArguments:
            - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32"
            - "--api.insecure=true"
          envFrom:

            - secretRef:
                name: traefik-secrets

          ports:
            traefik:
              port: 9000
              expose: false
              exposedPort: 9000
              protocol: TCP
            web:
              port: 8000
              expose: false
              exposedPort: 80
              protocol: TCP
            websecure:
              port: 8443
              expose: false
              exposedPort: 443
              protocol: TCP
              http3: true
              tls:
                enabled: true
            metrics:
              port: 9100
              expose: true
            udp:
              port: 6666
              protocol: UDP
              expose: true

          tlsOptions:
            default:
              sniStrict: true
              minVersion: VersionTLS12

          service:
            enabled: true
            type: ClusterIP
            annotations: {}
            annotationsTCP: {}
            annotationsUDP: {}
            labels: {}
            spec:
              {}
            loadBalancerSourceRanges:
              []
            externalIPs:
              []

          certResolvers: {}          

    repoURL: https://helm.traefik.io/traefik
    targetRevision: 10.24.0
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true