apiVersion: v1 kind: ConfigMap metadata: name: traefik-config data: traefik.toml: | [ping] [global] checkNewVersion = false # renovate does that sendAnonymousUsage = false [log] level = "INFO" [accessLog] [accessLog.fields] defaultMode = "keep" [accessLog.fields.names] "RequestProtocol" = "drop" "level" = "drop" "RequestContentSize" = "drop" "RequestScheme" = "drop" "StartLocal" = "drop" "StartUTC" = "drop" # ClientUsername: drop # DownstreamStatusLine: drop # RequestAddr: drop # RequestCount: drop # RequestHost: drop # RequestLine: drop # UpstreamAddr: drop # UpstreamStatusLine: drop # duration: drop # msg: drop # time: drop # upstream: drop # user_agent: drop [api] dashboard = true insecure = true debug = false [providers] [providers.kubernetesCRD] allowCrossNamespace = true [providers.kubernetesIngress] allowExternalNameServices = true ingressClass = "traefik" [serversTransport] insecureSkipVerify = true [entryPoints] [entryPoints.web] address = ":8000" [entryPoints.web.http] [entryPoints.web.http.redirections] [entryPoints.web.http.redirections.entryPoint] to = ":443" # should be the same as websecure but the loadbalancer maps 443 -> 8443 scheme = "https" [entryPoints.websecure] address = ":8443" [entryPoints.websecure.forwardedHeaders] insecure = true # forward ip headers no matter where they come from [entryPoints.metrics] address = ":9100" [entryPoints.traefik] address = ":9000" [entryPoints.dnsovertls] address = ":8853" # route dns over https to other pods but provide own certificate [metrics] [metrics.prometheus] # metrics are enabled and scraping is ensured through a servicemonitor entryPoint = "metrics" addEntryPointsLabels = true addServicesLabels = true [certificatesResolvers.default-tls.acme] email = "me@moll.re" storage = "/certs/acme.json" [certificatesResolvers.default-tls.acme.tlsChallenge]