From 37c3a17628a1c450afef131458296697511949da Mon Sep 17 00:00:00 2001 From: nomadics9 Date: Sun, 12 Jan 2025 02:51:35 +0300 Subject: [PATCH] Traefik values --- charts/traefik/values.yaml | 500 ++++++++++++++++++++++++++++++++----- 1 file changed, 435 insertions(+), 65 deletions(-) diff --git a/charts/traefik/values.yaml b/charts/traefik/values.yaml index 9f58398..a6c2c45 100644 --- a/charts/traefik/values.yaml +++ b/charts/traefik/values.yaml @@ -1,75 +1,445 @@ -ports: - web: - port: 80 - targetPort: 80 - nodePort: 30808 - websecure: - port: 443 - targetPort: 443 - nodePort: 30443 - ssh: - port: 2222 - targetport: 2222 - nodePort: 30222 - -rbac: - enabled: true -serviceAccount: - name: traefik -providers: - kubernetesIngress: - namespaces: [] - kubernetesCRD: - namespaces: [] - kubernetesGateway: - namespaces: [] - -service: - type: LoadBalancer - spec: - externalTrafficPolicy: Local - -nodeSelector: - kubernetes.io/hostname: alaskarserver - additionalArguments: - - "--entrypoints.web.forwardedHeaders.trustedIPs=0.0.0.0/0" - - "--entrypoints.websecure.forwardedHeaders.trustedIPs=0.0.0.0/0" - - "--entrypoints.ssh.address=:2222" - - "--providers.kubernetescrd.allowCrossNamespace=true" - - "--log.level=INFO" - -ingressClass: - enabled: true - isDefaultClass: true - name: traefik-ingress - - - -persistence: - enabled: true - existingClaim: nfs-ssd-traefik-pvc # Persistent storage for ACME certificates - subPath: certs - -initContainers: - - name: volume-permissions - image: busybox:latest - command: ["sh", "-c", "mkdir -p /data && touch /data/acme.json && chmod 600 /data/acme.json"] - volumeMounts: - - name: data - mountPath: /data - +- --entrypoints.web.forwardedHeaders.trustedIPs=0.0.0.0/0 +- --entrypoints.websecure.forwardedHeaders.trustedIPs=0.0.0.0/0 +- --entrypoints.ssh.address=:2222 +- --providers.kubernetescrd.allowCrossNamespace=true +- --log.level=INFO +additionalVolumeMounts: [] +affinity: {} +autoscaling: + enabled: false certificatesResolvers: le: acme: email: sager@alaskar.dev - storage: /data/acme.json httpChallenge: entryPoint: web - - + storage: /data/acme.json +commonLabels: {} +core: + defaultRuleSyntax: '' +deployment: + additionalContainers: [] + additionalVolumes: [] + annotations: {} + dnsConfig: {} + dnsPolicy: '' + enabled: true + healthchecksHost: '' + healthchecksPort: null + healthchecksScheme: null + hostAliases: [] + imagePullSecrets: [] + initContainers: [] + kind: Deployment + labels: {} + lifecycle: {} + livenessPath: '' + minReadySeconds: 0 + podAnnotations: {} + podLabels: {} + readinessPath: '' + replicas: 1 + revisionHistoryLimit: null + runtimeClassName: '' + shareProcessNamespace: false + terminationGracePeriodSeconds: 60 +env: [] +envFrom: [] experimental: + abortOnPluginFailure: false + kubernetesGateway: + enabled: false plugins: traefik-umami-feeder: - moduleName: "github.com/astappiev/traefik-umami-feeder" - version: "v1.2.0" + moduleName: github.com/astappiev/traefik-umami-feeder + version: v1.2.0 +extraObjects: [] +gateway: + annotations: {} + enabled: true + infrastructure: {} + listeners: + web: + hostname: '' + namespacePolicy: null + port: 8000 + protocol: HTTP + name: '' + namespace: '' +gatewayClass: + enabled: true + labels: {} + name: '' +globalArguments: +- --global.checknewversion +- --global.sendanonymoususage +hostNetwork: false +hub: + apimanagement: + admission: + listenAddr: '' + secretName: '' + enabled: false + redis: + cluster: null + database: null + endpoints: '' + password: '' + sentinel: + masterset: '' + password: '' + username: '' + timeout: '' + tls: + ca: '' + cert: '' + insecureSkipVerify: false + key: '' + username: '' + sendlogs: null + token: '' +image: + pullPolicy: IfNotPresent + registry: docker.io + repository: traefik + tag: null +ingressClass: + enabled: true + isDefaultClass: true + name: traefik-ingress +ingressRoute: + dashboard: + annotations: {} + enabled: false + entryPoints: + - traefik + labels: {} + matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + middlewares: [] + services: + - kind: TraefikService + name: api@internal + tls: {} + healthcheck: + annotations: {} + enabled: false + entryPoints: + - traefik + labels: {} + matchRule: PathPrefix(`/ping`) + middlewares: [] + services: + - kind: TraefikService + name: ping@internal + tls: {} +initContainers: +- command: + - sh + - -c + - mkdir -p /data && touch /data/acme.json && chmod 600 /data/acme.json + image: busybox:latest + name: volume-permissions + volumeMounts: + - mountPath: /data + name: data +instanceLabelOverride: '' +livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 2 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 +logs: + access: + addInternals: false + bufferingSize: null + enabled: false + fields: + general: + defaultmode: keep + names: {} + headers: + defaultmode: drop + names: {} + filters: + minduration: '' + retryattempts: false + statuscodes: '' + format: null + general: + filePath: '' + format: null + level: INFO + noColor: false +metrics: + addInternals: false + otlp: + addEntryPointsLabels: null + addRoutersLabels: null + addServicesLabels: null + enabled: false + explicitBoundaries: [] + grpc: + enabled: false + endpoint: '' + insecure: false + tls: + ca: '' + cert: '' + insecureSkipVerify: false + key: '' + http: + enabled: false + endpoint: '' + headers: {} + tls: + ca: '' + cert: '' + insecureSkipVerify: null + key: '' + pushInterval: '' + prometheus: + addEntryPointsLabels: null + addRoutersLabels: null + addServicesLabels: null + buckets: '' + disableAPICheck: null + entryPoint: metrics + manualRouting: false + prometheusRule: + additionalLabels: {} + enabled: false + namespace: '' + service: + annotations: {} + enabled: false + labels: {} + serviceMonitor: + additionalLabels: {} + enableHttp2: false + enabled: false + followRedirects: false + honorLabels: false + honorTimestamps: false + interval: '' + jobLabel: '' + metricRelabelings: [] + namespace: '' + namespaceSelector: {} + relabelings: [] + scrapeTimeout: '' +namespaceOverride: '' +nodeSelector: + kubernetes.io/hostname: alaskarserver +persistence: + accessMode: ReadWriteOnce + annotations: {} + enabled: true + existingClaim: nfs-ssd-traefik-pvc + name: data + path: /data + size: 128Mi + storageClass: '' + subPath: certs + volumeName: '' +podDisruptionBudget: + enabled: false + maxUnavailable: null + minAvailable: null +podSecurityContext: + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 +podSecurityPolicy: + enabled: false +ports: + metrics: + expose: + default: false + exposedPort: 9100 + port: 9100 + protocol: TCP + ssh: + nodePort: 30222 + port: 2222 + targetport: 2222 + traefik: + expose: + default: false + exposedPort: 8080 + hostIP: null + hostPort: null + port: 8080 + protocol: TCP + web: + expose: + default: true + exposedPort: 80 + forwardedHeaders: + insecure: false + trustedIPs: [] + nodePort: 30808 + port: 80 + protocol: TCP + proxyProtocol: + insecure: false + trustedIPs: [] + redirectTo: {} + targetPort: 80 + transport: + keepAliveMaxRequests: null + keepAliveMaxTime: null + lifeCycle: + graceTimeOut: null + requestAcceptGraceTimeout: null + respondingTimeouts: + idleTimeout: null + readTimeout: null + writeTimeout: null + websecure: + allowACMEByPass: false + appProtocol: null + containerPort: null + expose: + default: true + exposedPort: 443 + forwardedHeaders: + insecure: false + trustedIPs: [] + hostPort: null + http3: + advertisedPort: null + enabled: false + middlewares: [] + nodePort: 30443 + port: 443 + protocol: TCP + proxyProtocol: + insecure: false + trustedIPs: [] + targetPort: 443 + tls: + certResolver: '' + domains: [] + enabled: true + options: '' + transport: + keepAliveMaxRequests: null + keepAliveMaxTime: null + lifeCycle: + graceTimeOut: null + requestAcceptGraceTimeout: null + respondingTimeouts: + idleTimeout: null + readTimeout: null + writeTimeout: null +priorityClassName: '' +providers: + file: + content: '' + enabled: false + watch: true + kubernetesCRD: + allowCrossNamespace: false + allowEmptyServices: true + allowExternalNameServices: false + enabled: true + ingressClass: '' + namespaces: [] + nativeLBByDefault: false + kubernetesGateway: + enabled: false + experimentalChannel: false + labelselector: '' + namespaces: [] + nativeLBByDefault: false + statusAddress: + hostname: '' + ip: '' + service: + name: '{{ (include "traefik.fullname" .) }}' + namespace: '{{ .Release.Namespace }}' + kubernetesIngress: + allowEmptyServices: true + allowExternalNameServices: false + enabled: true + ingressClass: null + namespaces: [] + nativeLBByDefault: false + publishedService: + enabled: true + pathOverride: '' +rbac: + aggregateTo: [] + enabled: true + namespaced: false + secretResourceNames: [] +readinessProbe: + failureThreshold: 1 + initialDelaySeconds: 2 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 +resources: {} +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true +service: + additionalServices: {} + annotations: {} + annotationsTCP: {} + annotationsUDP: {} + enabled: true + externalIPs: [] + labels: {} + loadBalancerSourceRanges: [] + single: true + spec: + externalTrafficPolicy: Local + type: LoadBalancer +serviceAccount: + name: traefik +serviceAccountAnnotations: {} +startupProbe: {} +tlsOptions: {} +tlsStore: {} +tolerations: [] +topologySpreadConstraints: [] +tracing: + addInternals: false + capturedRequestHeaders: [] + capturedResponseHeaders: [] + globalAttributes: {} + otlp: + enabled: false + grpc: + enabled: false + endpoint: '' + insecure: false + tls: + ca: '' + cert: '' + insecureSkipVerify: false + key: '' + http: + enabled: false + endpoint: '' + headers: {} + tls: + ca: '' + cert: '' + insecureSkipVerify: false + key: '' + safeQueryParams: [] + sampleRate: null + serviceName: null +updateStrategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate +volumes: []