221 lines
6.5 KiB
YAML
221 lines
6.5 KiB
YAML
#
|
|
# Configure the deployment
|
|
#
|
|
deployment:
|
|
enabled: true
|
|
# Can be either Deployment or DaemonSet
|
|
kind: Deployment
|
|
# Number of pods of the deployment (only applies when kind == Deployment)
|
|
replicas: 1
|
|
# Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
|
|
# revisionHistoryLimit: 1
|
|
# Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
|
|
terminationGracePeriodSeconds: 60
|
|
# The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
|
|
minReadySeconds: 0
|
|
# Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
|
|
annotations: {}
|
|
# Additional deployment labels (e.g. for filtering deployment by custom labels)
|
|
labels: {}
|
|
# Additional pod annotations (e.g. for mesh injection or prometheus scraping)
|
|
podAnnotations: {}
|
|
# Additional Pod labels (e.g. for filtering Pod by custom labels)
|
|
podLabels: {}
|
|
# Additional containers (e.g. for metric offloading sidecars)
|
|
additionalContainers: []
|
|
# https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
|
|
# - name: socat-proxy
|
|
# image: alpine/socat:1.0.5
|
|
# args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
|
|
# volumeMounts:
|
|
# - name: dsdsocket
|
|
# mountPath: /socket
|
|
# Additional volumes available for use with initContainers and additionalContainers
|
|
additionalVolumes:
|
|
# - name: traefik-logs
|
|
# persistentVolumeClaim:
|
|
# claimName: traefik-logs
|
|
- name: traefik-certificate
|
|
persistentVolumeClaim:
|
|
claimName: traefik-certificate
|
|
- name: traefik-config
|
|
configMap:
|
|
name: traefik-config
|
|
# - name: dsdsocket
|
|
# hostPath:
|
|
# path: /var/run/statsd-exporter
|
|
# Additional initContainers (e.g. for setting file permission as shown below)
|
|
initContainers: []
|
|
# The "volume-permissions" init container is required if you run into permission issues.
|
|
# Related issue: https://github.com/traefik/traefik/issues/6972
|
|
# - name: volume-permissions
|
|
# image: busybox:1.31.1
|
|
# command: ["sh", "-c", "chmod -Rv 600 /data/*"]
|
|
# volumeMounts:
|
|
# - name: data
|
|
# mountPath: /data
|
|
# Use process namespace sharing
|
|
shareProcessNamespace: false
|
|
# Custom pod DNS policy. Apply if `hostNetwork: true`
|
|
# dnsPolicy: ClusterFirstWithHostNet
|
|
# Additional imagePullSecrets
|
|
imagePullSecrets: []
|
|
# - name: myRegistryKeySecretName
|
|
|
|
|
|
# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
|
ingressClass:
|
|
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
|
enabled: true
|
|
isDefaultClass: true
|
|
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
|
fallbackApiVersion: ""
|
|
|
|
# Activate Pilot integration
|
|
pilot:
|
|
enabled: false
|
|
token: ""
|
|
# Toggle Pilot Dashboard
|
|
# dashboard: false
|
|
|
|
# Enable experimental features
|
|
experimental:
|
|
http3:
|
|
enabled: false
|
|
# plugins:
|
|
# enabled: false
|
|
|
|
kubernetesGateway:
|
|
enabled: false
|
|
# certificate:
|
|
# group: "core"
|
|
# kind: "Secret"
|
|
# name: "mysecret"
|
|
# By default, Gateway would be created to the Namespace you are deploying Traefik to.
|
|
# You may create that Gateway in another namespace, setting its name below:
|
|
# namespace: default
|
|
|
|
# Create an IngressRoute for the dashboard
|
|
ingressRoute:
|
|
dashboard:
|
|
enabled: false
|
|
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
|
annotations: {}
|
|
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
|
labels: {}
|
|
|
|
|
|
|
|
#
|
|
# Configure providers
|
|
#
|
|
providers:
|
|
kubernetesCRD:
|
|
enabled: true
|
|
allowCrossNamespace: false
|
|
allowExternalNameServices: true
|
|
allowEmptyServices: false
|
|
# ingressClass: traefik-internal
|
|
# labelSelector: environment=production,method=traefik
|
|
namespaces: []
|
|
# - "default"
|
|
|
|
kubernetesIngress:
|
|
enabled: true
|
|
allowExternalNameServices: true
|
|
allowEmptyServices: false
|
|
ingressClass: traefik
|
|
# labelSelector: environment=production,method=traefik
|
|
namespaces: []
|
|
# - "default"
|
|
# IP used for Kubernetes Ingress endpoints
|
|
publishedService:
|
|
enabled: false
|
|
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
|
# By default this Traefik service
|
|
# pathOverride: ""
|
|
|
|
|
|
# Add volumes to the traefik pod. The volume name will be passed to tpl.
|
|
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
|
|
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
|
|
# additionalArguments:
|
|
# - "--providers.file.filename=/config/dynamic.toml"
|
|
# - "--ping"
|
|
# - "--ping.entrypoint=web"
|
|
volumes: []
|
|
# - name: traefik-config
|
|
# mountPath: /config
|
|
# configMap:
|
|
# name: traefik-config
|
|
|
|
|
|
|
|
# Additional volumeMounts to add to the Traefik container
|
|
additionalVolumeMounts:
|
|
# - name: traefik-logs
|
|
# mountPath: /var/log/traefik
|
|
# nfs:
|
|
# server: 192.168.1.157
|
|
# path: /kluster/traefik
|
|
# # For instance when using a logshipper for access logs
|
|
# - name: traefik-logs
|
|
# # claimName: traefik-logs
|
|
# mountPath: /var/log/traefik
|
|
- name: traefik-certificate
|
|
# claimName: traefik-certificate
|
|
mountPath: /certs
|
|
- name: traefik-config
|
|
mountPath: /config
|
|
|
|
|
|
globalArguments:
|
|
- "--configfile=/config/traefik.toml"
|
|
|
|
additionalArguments: []
|
|
|
|
# Environment variables to be passed to Traefik's binary
|
|
env:
|
|
- name: TZ
|
|
value: "Europe/Berlin"
|
|
|
|
|
|
|
|
# Configure ports
|
|
ports:
|
|
# add a new one, the other ones are kept the same.
|
|
dnsovertls:
|
|
port: 853
|
|
expose: true
|
|
exposedPort: 853
|
|
protocol: TCP
|
|
|
|
|
|
envFrom: []
|
|
# - configMapRef:
|
|
# name: config-map-name
|
|
# - secretRef:
|
|
# name: secret-name
|
|
|
|
|
|
tlsOptions: {}
|
|
|
|
# Options for the main traefik service, where the entrypoints traffic comes
|
|
# from.
|
|
service:
|
|
enabled: true
|
|
type: LoadBalancer
|
|
# Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
|
|
annotations: {}
|
|
# Additional annotations for TCP service only
|
|
annotationsTCP: {}
|
|
# Additional annotations for UDP service only
|
|
annotationsUDP: {}
|
|
# Additional service labels (e.g. for filtering Service by custom labels)
|
|
labels: {}
|
|
# Additional entries here will be added to the service spec.
|
|
# Cannot contain type, selector or ports entries.
|
|
spec:
|
|
# externalTrafficPolicy: Local
|
|
loadBalancerIP: 192.168.3.1
|