# # Configure the deployment # deployment: enabled: true # Can be either Deployment or DaemonSet kind: Deployment # Number of pods of the deployment (only applies when kind == Deployment) replicas: 1 # Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) # revisionHistoryLimit: 1 # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down terminationGracePeriodSeconds: 60 # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available minReadySeconds: 0 # Additional deployment annotations (e.g. for jaeger-operator sidecar injection) annotations: {} # Additional deployment labels (e.g. for filtering deployment by custom labels) labels: {} # Additional pod annotations (e.g. for mesh injection or prometheus scraping) podAnnotations: {} # Additional Pod labels (e.g. for filtering Pod by custom labels) podLabels: {} # Additional containers (e.g. for metric offloading sidecars) additionalContainers: [] # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host # - name: socat-proxy # image: alpine/socat:1.0.5 # args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"] # volumeMounts: # - name: dsdsocket # mountPath: /socket # Additional volumes available for use with initContainers and additionalContainers additionalVolumes: # - name: traefik-logs # persistentVolumeClaim: # claimName: traefik-logs - name: traefik-certificate persistentVolumeClaim: claimName: traefik-certificate - name: traefik-config configMap: name: traefik-config # - name: dsdsocket # hostPath: # path: /var/run/statsd-exporter # Additional initContainers (e.g. for setting file permission as shown below) initContainers: [] # The "volume-permissions" init container is required if you run into permission issues. # Related issue: https://github.com/traefik/traefik/issues/6972 # - name: volume-permissions # image: busybox:1.31.1 # command: ["sh", "-c", "chmod -Rv 600 /data/*"] # volumeMounts: # - name: data # mountPath: /data # Use process namespace sharing shareProcessNamespace: false # Custom pod DNS policy. Apply if `hostNetwork: true` # dnsPolicy: ClusterFirstWithHostNet # Additional imagePullSecrets imagePullSecrets: [] # - name: myRegistryKeySecretName # Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x ingressClass: # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 enabled: true isDefaultClass: true # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" fallbackApiVersion: "" # Activate Pilot integration pilot: enabled: false token: "" # Toggle Pilot Dashboard # dashboard: false # Enable experimental features experimental: http3: enabled: false # plugins: # enabled: false kubernetesGateway: enabled: false # certificate: # group: "core" # kind: "Secret" # name: "mysecret" # By default, Gateway would be created to the Namespace you are deploying Traefik to. # You may create that Gateway in another namespace, setting its name below: # namespace: default # Create an IngressRoute for the dashboard ingressRoute: dashboard: enabled: false # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) annotations: {} # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) labels: {} # # Configure providers # providers: kubernetesCRD: enabled: true allowCrossNamespace: false allowExternalNameServices: true allowEmptyServices: false # ingressClass: traefik-internal # labelSelector: environment=production,method=traefik namespaces: [] # - "default" kubernetesIngress: enabled: true allowExternalNameServices: true allowEmptyServices: false ingressClass: traefik # labelSelector: environment=production,method=traefik namespaces: [] # - "default" # IP used for Kubernetes Ingress endpoints publishedService: enabled: false # Published Kubernetes Service to copy status from. Format: namespace/servicename # By default this Traefik service # pathOverride: "" # Add volumes to the traefik pod. The volume name will be passed to tpl. # This can be used to mount a cert pair or a configmap that holds a config.toml file. # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: # additionalArguments: # - "--providers.file.filename=/config/dynamic.toml" # - "--ping" # - "--ping.entrypoint=web" volumes: [] # - name: traefik-config # mountPath: /config # configMap: # name: traefik-config # Additional volumeMounts to add to the Traefik container additionalVolumeMounts: # - name: traefik-logs # mountPath: /var/log/traefik # nfs: # server: 192.168.1.157 # path: /kluster/traefik # # For instance when using a logshipper for access logs # - name: traefik-logs # # claimName: traefik-logs # mountPath: /var/log/traefik - name: traefik-certificate # claimName: traefik-certificate mountPath: /certs - name: traefik-config mountPath: /config globalArguments: - "--configfile=/config/traefik.toml" additionalArguments: [] # Environment variables to be passed to Traefik's binary env: - name: TZ value: "Europe/Berlin" # Configure ports ports: # add a new one, the other ones are kept the same. dnsovertls: port: 853 expose: true exposedPort: 853 protocol: TCP envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name tlsOptions: {} # Options for the main traefik service, where the entrypoints traffic comes # from. service: enabled: true type: LoadBalancer # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config) annotations: {} # Additional annotations for TCP service only annotationsTCP: {} # Additional annotations for UDP service only annotationsUDP: {} # Additional service labels (e.g. for filtering Service by custom labels) labels: {} # Additional entries here will be added to the service spec. # Cannot contain type, selector or ports entries. spec: # externalTrafficPolicy: Local loadBalancerIP: 192.168.3.1