k3s-infra/infrastructure/traefik-system/configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-config
data:
  traefik.toml: |
    [ping]
    
    [global]
      checkNewVersion = true
      sendAnonymousUsage = false
    
    [log]
      level = "INFO"
    
    [accessLog]
      # format = "json"
      # filePath = "/var/log/traefik/access.log"
      [accessLog.fields]
        defaultMode = "keep"
        [accessLog.fields.names]
          "RequestProtocol" = "drop"
          "level" = "drop"
          "RequestContentSize" = "drop"
          "RequestScheme" = "drop"
          "StartLocal" = "drop"
          "StartUTC" = "drop"
        #   ClientUsername: drop
        #   DownstreamStatusLine: drop
        #   RequestAddr: drop
        #   RequestCount: drop
        #   RequestHost: drop
        #   RequestLine: drop
        #   UpstreamAddr: drop
        #   UpstreamStatusLine: drop
        #   duration: drop
        #   msg: drop
        #   time: drop
        #   upstream: drop
        #   user_agent: drop
    [api]
      dashboard = true
      insecure = true
      debug = false
 
    [providers]
      [providers.kubernetesCRD]
        allowCrossNamespace = true
      [providers.kubernetesIngress]
        allowExternalNameServices = true
        ingressClass = "traefik"
    
    [serversTransport]
      insecureSkipVerify = true
 
    [entryPoints]
      [entryPoints.web]
        address = ":8000"
        [entryPoints.web.http]
          [entryPoints.web.http.redirections]
            [entryPoints.web.http.redirections.entryPoint]
              to = ":443" # should be the same as websecure but the loadbalancer maps 443 -> 8443
              scheme = "https"

      [entryPoints.websecure]
        address = ":8443"
      [entryPoints.metrics]
        address = ":9100"
      [entryPoints.traefik]
        address = ":9000"
      [entryPoints.dnsovertls] # route dns over https to other pods but provide own certificate
        address = ":853"

    [metrics]
      [metrics.influxDB2]
      address = "http://influxdb-influxdb2.monitoring:80"
      token = "N_jNm1hZTfyhJneTJj2G357mQ7EJdNzdvebjSJX6JkbyaXNup_IAqeYowblMgV8EjLypNvauTl27ewJvI_rbqQ=="
      org = "influxdata"
      bucket = "kluster"

    [certificatesResolvers.default-tls.acme]
      email = "me@moll.re"
      storage = "/certs/acme.json"
      [certificatesResolvers.default-tls.acme.tlsChallenge]

    [experimental.plugins.traefik-plugin-geoblock]
      moduleName = "github.com/nscuro/traefik-plugin-geoblock"
      version = "v0.10.0"