k3s-cluster/cluster/core/networking/traefik/helm-release.yaml

137 lines
3.5 KiB
YAML

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: traefik
namespace: traefik
spec:
interval: 5m
chart:
spec:
chart: traefik
version: '22.0.0'
sourceRef:
kind: HelmRepository
name: traefik-charts
namespace: flux-system
interval: 1m
# valuesFiles:
# - ./traefik-values.yaml
values:
additionalArguments:
# - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
# - --certificatesresolvers.cloudflare.acme.email=seanomik@gmail.com
# - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1
# - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json
- --api.insecure
# - --providers.kubernetesingress
# - --providers.kubernetescrd
logs:
general:
level: DEBUG
providers:
kubernetesCRD:
enabled: true
allowCrossNamespace: false
allowExternalNameServices: false
allowEmptyServices: false
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
allowExternalNameServices: false
allowEmptyServices: false
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: false
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
ports:
traefik:
port: 9000
expose: true
exposedPort: 9000
# The port protocol (TCP/UDP)
protocol: TCP
web:
port: 8000
expose: true
exposedPort: 80
# (optional) Permanent Redirect to HTTPS
# redirectTo: websecure
protocol: TCP
websecure:
port: 8443
expose: true
exposedPort: 443
protocol: TCP
tls:
enabled: true
certResolver: cloudflare
metrics:
port: 9100
expose: true
exposedPort: 9100
protocol: TCP
# service:
# enabled: true
# single: true
# type: LoadBalancer
# externalIPs:
# - 192.168.87.10
# env:
# - name: CF_DNS_API_TOKEN
# valueFrom:
# secretKeyRef:
# key: apiToken
# name: cloudflare-credentials
# Disable Dashboard
ingressRoute:
dashboard:
enabled: false
# matchRule: Host(`k3st.***REMOVED***`) && (PathPrefix(`/dashboard/`) || PathPrefix(`/api`))
# entryPoints: ["websecure"]
# Persistent Storage
persistence:
enabled: true
name: ssl-certs
size: 1Gi
path: /ssl-certs
#deployment:
# initContainers:
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/containous/traefik/issues/6972
# - name: volume-permissions
# image: busybox:1.31.1
# command: ["sh", "-c", "chmod -Rv 600 /ssl-certs"]
# volumeMounts:
# - name: ssl-certs
# mountPath: /ssl-certs
# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
ingressClass:
enabled: true
isDefaultClass: true
metrics:
prometheus:
entryPoint: metrics
namespaceOverride: traefik