diff --git a/cluster/apps/traefik/helm-release.yaml b/cluster/apps/traefik/helm-release.yaml index bbbe964..cfbc168 100644 --- a/cluster/apps/traefik/helm-release.yaml +++ b/cluster/apps/traefik/helm-release.yaml @@ -14,5 +14,70 @@ spec: name: traefik-charts namespace: flux-system interval: 1m - valuesFiles: - - ./traefik-values.yaml \ No newline at end of file +# valuesFiles: +# - ./traefik-values.yaml + values: + additionalArguments: + - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare + - --certificatesresolvers.cloudflare.acme.email=seanomik@gmail.com + - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1 + - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json + + - --api.insecure + - --providers.kubernetesingress + + logs: + general: + level: DEBUG + + ports: + web: + expose: true + exposedPort: 8080 + # (optional) Permanent Redirect to HTTPS + # redirectTo: websecure + websecure: + tls: + exposed: true + exposedPort: 8443 + + enabled: true + certResolver: cloudflare + + + env: + - name: CF_DNS_API_TOKEN + valueFrom: + secretKeyRef: + key: apiToken + name: cloudflare-credentials + + # Disable Dashboard + ingressRoute: + dashboard: + enabled: false + + # Persistent Storage + persistence: + enabled: true + name: ssl-certs + size: 1Gi + path: /ssl-certs + + #deployment: + # initContainers: + # The "volume-permissions" init container is required if you run into permission issues. + # Related issue: https://github.com/containous/traefik/issues/6972 + # - name: volume-permissions + # image: busybox:1.31.1 + # command: ["sh", "-c", "chmod -Rv 600 /ssl-certs"] + # volumeMounts: + # - name: ssl-certs + # mountPath: /ssl-certs + + # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes. + ingressClass: + enabled: true + isDefaultClass: true + + namespaceOverride: traefik