apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: traefik namespace: traefik spec: interval: 5m chart: spec: chart: traefik version: '22.0.0' sourceRef: kind: HelmRepository name: traefik-charts namespace: flux-system interval: 1m values: additionalArguments: - --api.insecure logs: general: level: DEBUG providers: kubernetesCRD: enabled: true allowCrossNamespace: false allowExternalNameServices: false allowEmptyServices: false # ingressClass: traefik-internal # labelSelector: environment=production,method=traefik namespaces: [] # - "default" kubernetesIngress: enabled: true allowExternalNameServices: false allowEmptyServices: false # ingressClass: traefik-internal # labelSelector: environment=production,method=traefik namespaces: [] # - "default" # IP used for Kubernetes Ingress endpoints publishedService: enabled: false # Published Kubernetes Service to copy status from. Format: namespace/servicename # By default this Traefik service # pathOverride: "" service: annotations: metallb.universe.tf/allow-shared-ip: "main-ip-192.168.87.10" spec: loadBalancerIP: "192.168.87.10" ports: traefik: port: 9000 expose: true exposedPort: 9000 # The port protocol (TCP/UDP) protocol: TCP web: port: 8000 expose: true exposedPort: 80 redirectTo: websecure protocol: TCP websecure: port: 8443 expose: true exposedPort: 443 protocol: TCP tls: enabled: true #certResolver: cloudflare metrics: port: 9100 expose: true exposedPort: 9100 protocol: TCP # Disable Dashboard ingressRoute: dashboard: enabled: true annotations: cert-manager.io/cluster-issuer: "letsencrypt-production" traefik.ingress.kubernetes.io/router.middlewares: "traefik-authentik@kubernetescrd" entryPoints: [ "websecure" ] matchRule: Host(`traefik.${SECRET_DOMAIN}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes. ingressClass: enabled: true isDefaultClass: true metrics: prometheus: entryPoint: metrics namespaceOverride: traefik