apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: traefik namespace: traefik spec: interval: 5m chart: spec: chart: traefik version: '22.0.0' sourceRef: kind: HelmRepository name: traefik-charts namespace: flux-system interval: 1m # valuesFiles: # - ./traefik-values.yaml values: additionalArguments: # - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare # - --certificatesresolvers.cloudflare.acme.email=seanomik@gmail.com # - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1 # - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json - --api.insecure # - --providers.kubernetesingress # - --providers.kubernetescrd logs: general: level: DEBUG providers: kubernetesCRD: enabled: true allowCrossNamespace: false allowExternalNameServices: false allowEmptyServices: false # ingressClass: traefik-internal # labelSelector: environment=production,method=traefik namespaces: [] # - "default" kubernetesIngress: enabled: true allowExternalNameServices: false allowEmptyServices: false # ingressClass: traefik-internal # labelSelector: environment=production,method=traefik namespaces: [] # - "default" # IP used for Kubernetes Ingress endpoints publishedService: enabled: false # Published Kubernetes Service to copy status from. Format: namespace/servicename # By default this Traefik service # pathOverride: "" ports: traefik: port: 9000 expose: true exposedPort: 9000 # The port protocol (TCP/UDP) protocol: TCP web: port: 8000 expose: true exposedPort: 80 # (optional) Permanent Redirect to HTTPS # redirectTo: websecure protocol: TCP websecure: port: 8443 expose: true exposedPort: 443 protocol: TCP tls: enabled: true certResolver: cloudflare metrics: port: 9100 expose: true exposedPort: 9100 protocol: TCP # service: # enabled: true # single: true # type: LoadBalancer # externalIPs: # - 192.168.87.10 # env: # - name: CF_DNS_API_TOKEN # valueFrom: # secretKeyRef: # key: apiToken # name: cloudflare-credentials # Disable Dashboard ingressRoute: dashboard: enabled: false # matchRule: Host(`k3st.***REMOVED***`) && (PathPrefix(`/dashboard/`) || PathPrefix(`/api`)) # entryPoints: ["websecure"] # Persistent Storage persistence: enabled: true name: ssl-certs size: 1Gi path: /ssl-certs #deployment: # initContainers: # The "volume-permissions" init container is required if you run into permission issues. # Related issue: https://github.com/containous/traefik/issues/6972 # - name: volume-permissions # image: busybox:1.31.1 # command: ["sh", "-c", "chmod -Rv 600 /ssl-certs"] # volumeMounts: # - name: ssl-certs # mountPath: /ssl-certs # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes. ingressClass: enabled: true isDefaultClass: true metrics: prometheus: entryPoint: metrics namespaceOverride: traefik