tighter security for deployments, no erronous submodules
This commit is contained in:
@@ -23,45 +23,17 @@ deployment:
|
||||
podLabels: {}
|
||||
# Additional containers (e.g. for metric offloading sidecars)
|
||||
additionalContainers: []
|
||||
# https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
|
||||
# - name: socat-proxy
|
||||
# image: alpine/socat:1.0.5
|
||||
# args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
|
||||
# volumeMounts:
|
||||
# - name: dsdsocket
|
||||
# mountPath: /socket
|
||||
# Additional volumes available for use with initContainers and additionalContainers
|
||||
additionalVolumes:
|
||||
# - name: traefik-logs
|
||||
# persistentVolumeClaim:
|
||||
# claimName: traefik-logs
|
||||
- name: traefik-certificate
|
||||
- name: certs
|
||||
persistentVolumeClaim:
|
||||
claimName: traefik-certificate
|
||||
claimName: certs
|
||||
- name: traefik-config
|
||||
configMap:
|
||||
name: traefik-config
|
||||
# - name: dsdsocket
|
||||
# hostPath:
|
||||
# path: /var/run/statsd-exporter
|
||||
# Additional initContainers (e.g. for setting file permission as shown below)
|
||||
initContainers: []
|
||||
# The "volume-permissions" init container is required if you run into permission issues.
|
||||
# Related issue: https://github.com/traefik/traefik/issues/6972
|
||||
# - name: volume-permissions
|
||||
# image: busybox:1.31.1
|
||||
# command: ["sh", "-c", "chmod -Rv 600 /data/*"]
|
||||
# volumeMounts:
|
||||
# - name: data
|
||||
# mountPath: /data
|
||||
# Use process namespace sharing
|
||||
shareProcessNamespace: false
|
||||
# Custom pod DNS policy. Apply if `hostNetwork: true`
|
||||
# dnsPolicy: ClusterFirstWithHostNet
|
||||
# Additional imagePullSecrets
|
||||
imagePullSecrets: []
|
||||
# - name: myRegistryKeySecretName
|
||||
|
||||
|
||||
# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
||||
ingressClass:
|
||||
@@ -78,7 +50,7 @@ pilot:
|
||||
# Toggle Pilot Dashboard
|
||||
# dashboard: false
|
||||
|
||||
# Enable experimental features
|
||||
# Enable experimental featureskdes+
|
||||
experimental:
|
||||
http3:
|
||||
enabled: false
|
||||
@@ -99,10 +71,7 @@ experimental:
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: false
|
||||
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
||||
annotations: {}
|
||||
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
||||
labels: {}
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -162,7 +131,7 @@ additionalVolumeMounts:
|
||||
# - name: traefik-logs
|
||||
# # claimName: traefik-logs
|
||||
# mountPath: /var/log/traefik
|
||||
- name: traefik-certificate
|
||||
- name: certs
|
||||
# claimName: traefik-certificate
|
||||
mountPath: /certs
|
||||
- name: traefik-config
|
||||
@@ -185,7 +154,7 @@ env:
|
||||
ports:
|
||||
# add a new one, the other ones are kept the same.
|
||||
dnsovertls:
|
||||
port: 853
|
||||
port: 8853
|
||||
expose: true
|
||||
exposedPort: 853
|
||||
protocol: TCP
|
||||
@@ -218,3 +187,4 @@ service:
|
||||
spec:
|
||||
# externalTrafficPolicy: Local
|
||||
loadBalancerIP: 192.168.3.1
|
||||
|
||||
|
||||
Reference in New Issue
Block a user