From 92ee6eb9204c9b32bf9fb4bb5f4785fb1e1f2ee7 Mon Sep 17 00:00:00 2001 From: Adolfo Delorenzo Date: Mon, 29 Mar 2021 18:15:47 -0600 Subject: [PATCH] traefik --- Traefik+SSL/values.yaml | 418 ---------------------------------------- 1 file changed, 418 deletions(-) delete mode 100644 Traefik+SSL/values.yaml diff --git a/Traefik+SSL/values.yaml b/Traefik+SSL/values.yaml deleted file mode 100644 index 5d9dff3..0000000 --- a/Traefik+SSL/values.yaml +++ /dev/null @@ -1,418 +0,0 @@ -# Default values for Traefik -image: - name: traefik - # defaults to appVersion - tag: "" - pullPolicy: IfNotPresent - -# -# Configure the deployment -# -deployment: - enabled: true - # Can be either Deployment or DaemonSet - kind: Deployment - # Number of pods of the deployment (only applies when kind == Deployment) - replicas: 1 - # Additional deployment annotations (e.g. for jaeger-operator sidecar injection) - annotations: {} - # Additional deployment labels (e.g. for filtering deployment by custom labels) - labels: {} - # Additional pod annotations (e.g. for mesh injection or prometheus scraping) - podAnnotations: {} - # Additional Pod labels (e.g. for filtering Pod by custom labels) - podLabels: {} - # Additional containers (e.g. for metric offloading sidecars) - additionalContainers: [] - # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host - # - name: socat-proxy - # image: alpine/socat:1.0.5 - # args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"] - # volumeMounts: - # - name: dsdsocket - # mountPath: /socket - # Additional volumes available for use with initContainers and additionalContainers - additionalVolumes: [] - # - name: dsdsocket - # hostPath: - # path: /var/run/statsd-exporter - # Additional initContainers (e.g. for setting file permission as shown below) - initContainers: [] - # The "volume-permissions" init container is required if you run into permission issues. - # Related issue: https://github.com/traefik/traefik/issues/6972 - # - name: volume-permissions - # image: busybox:1.31.1 - # command: ["sh", "-c", "chmod -Rv 600 /data/*"] - # volumeMounts: - # - name: data - # mountPath: /data - # Custom pod DNS policy. Apply if `hostNetwork: true` - # dnsPolicy: ClusterFirstWithHostNet - # Additional imagePullSecrets - imagePullSecrets: [] - # - name: myRegistryKeySecretName - -# Pod disruption budget -podDisruptionBudget: - enabled: false - # maxUnavailable: 1 - # minAvailable: 0 - -# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x -ingressClass: - # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 - enabled: true - isDefaultClass: true - -# Activate Pilot integration -pilot: - enabled: false - token: "" - dashboard: true - -# Enable experimental features -experimental: - plugins: - enabled: false - kubernetesGateway: - enabled: false - appLabelSelector: "traefik" - certificates: [] - # - group: "core" - # kind: "Secret" - # name: "mysecret" - -# Create an IngressRoute for the dashboard -ingressRoute: - dashboard: - enabled: true - # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) - annotations: {} - # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) - labels: {} - -rollingUpdate: - maxUnavailable: 1 - maxSurge: 1 - - -# -# Configure providers -# -providers: - kubernetesCRD: - enabled: true - namespaces: [] - # - "default" - kubernetesIngress: - enabled: true - # labelSelector: environment=production,method=traefik - namespaces: [] - # - "default" - # IP used for Kubernetes Ingress endpoints - publishedService: - enabled: false - # Published Kubernetes Service to copy status from. Format: namespace/servicename - # By default this Traefik service - # pathOverride: "" - -# -# Add volumes to the traefik pod. The volume name will be passed to tpl. -# This can be used to mount a cert pair or a configmap that holds a config.toml file. -# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: -# additionalArguments: -# - "--providers.file.filename=/config/dynamic.toml" -# - "--ping" -# - "--ping.entrypoint=web" -volumes: [] -# - name: public-cert -# mountPath: "/certs" -# type: secret -# - name: '{{ printf "%s-configs" .Release.Name }}' -# mountPath: "/config" -# type: configMap - -# Additional volumeMounts to add to the Traefik container -additionalVolumeMounts: [] - # For instance when using a logshipper for access logs - # - name: traefik-logs - # mountPath: /var/log/traefik - -# Logs -# https://docs.traefik.io/observability/logs/ -logs: - # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). - general: - # By default, the logs use a text format (common), but you can - # also ask for the json format in the format option - # format: json - # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - level: ERROR - access: - # To enable access logs - enabled: false - # By default, logs are written using the Common Log Format (CLF). - # To write logs in JSON, use json in the format option. - # If the given format is unsupported, the default (CLF) is used instead. - # format: json - # To write the logs in an asynchronous fashion, specify a bufferingSize option. - # This option represents the number of log lines Traefik will keep in memory before writing - # them to the selected output. In some cases, this option can greatly help performances. - # bufferingSize: 100 - # Filtering https://docs.traefik.io/observability/access-logs/#filtering - filters: {} - # statuscodes: "200,300-302" - # retryattempts: true - # minduration: 10ms - # Fields - # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers - fields: - general: - defaultmode: keep - names: {} - # Examples: - # ClientUsername: drop - headers: - defaultmode: drop - names: {} - # Examples: - # User-Agent: redact - # Authorization: drop - # Content-Type: keep - -globalArguments: - - "--global.checknewversion" - - "--global.sendanonymoususage" - -# Configure Traefik static configuration -# Additional arguments to be passed at Traefik's binary -# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ -## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` -additionalArguments: - - "--providers.kubernetesingress.ingressclass=traefik" - - "--log.level=DEBUG" - - "--log.format=json" - - "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory" - - "--certificatesresolvers.le.acme.tlschallenge=true" - - "--certificatesresolvers.le.acme.email=adelorenzo@oe74.net" - - "--certificatesresolvers.le.acme.storage=/data/acme.json" - -# Environment variables to be passed to Traefik's binary -env: [] -# - name: SOME_VAR -# value: some-var-value -# - name: SOME_VAR_FROM_CONFIG_MAP -# valueFrom: -# configMapRef: -# name: configmap-name -# key: config-key -# - name: SOME_SECRET -# valueFrom: -# secretKeyRef: -# name: secret-name -# key: secret-key - -envFrom: [] -# - configMapRef: -# name: config-map-name -# - secretRef: -# name: secret-name - -# Configure ports -ports: - # The name of this one can't be changed as it is used for the readiness and - # liveness probes, but you can adjust its config to your liking - traefik: - port: 9000 - # Use hostPort if set. - # hostPort: 9000 - # - # Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which - # means it's listening on all your interfaces and all your IPs. You may want - # to set this value if you need traefik to listen on specific interface - # only. - # hostIP: 192.168.100.10 - - # Override the liveness/readiness port. This is useful to integrate traefik - # with an external Load Balancer that performs healthchecks. - # healthchecksPort: 9000 - - # Defines whether the port is exposed if service.type is LoadBalancer or - # NodePort. - # - # You SHOULD NOT expose the traefik port on production deployments. - # If you want to access it from outside of your cluster, - # use `kubectl port-forward` or create a secure ingress - expose: false - # The exposed port for this service - exposedPort: 9000 - # The port protocol (TCP/UDP) - protocol: TCP - web: - port: 8000 - hostPort: 80 - expose: true - exposedPort: 80 - # The port protocol (TCP/UDP) - protocol: TCP - # Use nodeport if set. This is useful if you have configured Traefik in a - # LoadBalancer - # nodePort: 32080 - # Port Redirections - # Added in 2.2, you can make permanent redirects via entrypoints. - # https://docs.traefik.io/routing/entrypoints/#redirection - redirectTo: websecure - websecure: - port: 8443 - hostPort: 443 - expose: true - exposedPort: 443 - # The port protocol (TCP/UDP) - protocol: TCP - # nodePort: 32443 - # Set TLS at the entrypoint - # https://doc.traefik.io/traefik/routing/entrypoints/#tls - tls: - enabled: true - # this is the name of a TLSOption definition - options: "" - certResolver: "le" - domains: - - main: zz11.net - # sans: - # - foo.example.com - # - bar.example.com - -# TLS Options are created as TLSOption CRDs -# https://doc.traefik.io/traefik/https/tls/#tls-options -# Example: -# tlsOptions: -# default: -# sniStrict: true -# preferServerCipherSuites: true -# foobar: -# curvePreferences: -# - CurveP521 -# - CurveP384 -tlsOptions: {} - -# Options for the main traefik service, where the entrypoints traffic comes -# from. -service: - enabled: true - type: LoadBalancer - # Additional annotations (e.g. for cloud provider specific config) - annotations: {} - # Additional service labels (e.g. for filtering Service by custom labels) - labels: {} - # Additional entries here will be added to the service spec. Cannot contains - # type, selector or ports entries. - spec: {} - # externalTrafficPolicy: Cluster - # loadBalancerIP: "1.2.3.4" - # clusterIP: "2.3.4.5" - loadBalancerSourceRanges: [] - # - 192.168.0.1/32 - # - 172.16.0.0/16 - externalIPs: [] - # - 1.2.3.4 - -## Create HorizontalPodAutoscaler object. -## -autoscaling: - enabled: false -# minReplicas: 1 -# maxReplicas: 10 -# metrics: -# - type: Resource -# resource: -# name: cpu -# targetAverageUtilization: 60 -# - type: Resource -# resource: -# name: memory -# targetAverageUtilization: 60 - -# Enable persistence using Persistent Volume Claims -# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: -# additionalArguments: -# - "--certificatesresolvers.le.acme.storage=/data/acme.json" -# It will persist TLS certificates. -persistence: - enabled: true - name: data -# existingClaim: "" - accessMode: ReadWriteOnce - size: 128Mi - # storageClass: "" - path: /data - annotations: {} - # subPath: "" # only mount a subpath of the Volume into the pod - -# If hostNetwork is true, runs traefik in the host network namespace -# To prevent unschedulabel pods due to port collisions, if hostNetwork=true -# and replicas>1, a pod anti-affinity is recommended and will be set if the -# affinity is left as default. -hostNetwork: false - -# Whether Role Based Access Control objects like roles and rolebindings should be created -rbac: - enabled: true - - # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces. - # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace - namespaced: false - -# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBindin or ClusterRoleBinding -podSecurityPolicy: - enabled: false - -# The service account the pods will use to interact with the Kubernetes API -serviceAccount: - # If set, an existing service account is used - # If not set, a service account is created automatically using the fullname template - name: "" - -# Additional serviceAccount annotations (e.g. for oidc authentication) -serviceAccountAnnotations: {} - -resources: {} - # requests: - # cpu: "100m" - # memory: "50Mi" - # limits: - # cpu: "300m" - # memory: "150Mi" -affinity: {} -# # This example pod anti-affinity forces the scheduler to put traefik pods -# # on nodes where no other traefik pods are scheduled. -# # It should be used when hostNetwork: true to prevent port conflicts -# podAntiAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# - labelSelector: -# matchExpressions: -# - key: app -# operator: In -# values: -# - {{ template "traefik.name" . }} -# topologyKey: failure-domain.beta.kubernetes.io/zone -nodeSelector: {} -tolerations: [] - -# Pods can have priority. -# Priority indicates the importance of a Pod relative to other Pods. -priorityClassName: "" - -# Set the container security context -# To run the container with ports below 1024 this will need to be adjust to run as root -securityContext: - capabilities: - drop: [ALL] - readOnlyRootFilesystem: true - runAsGroup: 65532 - runAsNonRoot: true - runAsUser: 65532 - -podSecurityContext: - fsGroup: 65532