core-deployments/traefik/values.yaml

deployment:
  kind: DaemonSet
hostNetwork: true
ports:
  web:
    port: 80
    redirectTo:
      port: "websecure"
  websecure:
    port: 443
    tls:
      certResolver: "letsencrypt"

securityContext:
  capabilities:
    drop: [ALL]
    add: [NET_BIND_SERVICE]
  readOnlyRootFilesystem: true
  runAsGroup: 0
  runAsNonRoot: false
  runAsUser: 0

service:
  type: NodePort
  ipFamilyPolicy: PreferDualStack

persistence:
  enabled: true

certResolvers:
  letsencrypt:
    email: letsencrypt@ar21.de
    tlsChallenge: true
    httpChallenge:
      entryPoint: "web"
    storage: /data/acme.json

updateStrategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1
    maxSurge: 0

ingressRoute:
  dashboard:
    matchRule: Host(`traefik.lab.ar21.de`)
    entryPoints: ["traefik", "websecure"]
    middlewares:
      - name: basic-auth
switch to traefik 2024-02-17 18:36:09 +01:00			`deployment:`
			`kind: DaemonSet`
			`hostNetwork: true`
			`ports:`
			`web:`
			`port: 80`
			`redirectTo:`
			`port: "websecure"`
			`websecure:`
			`port: 443`
			`tls:`
			`certResolver: "letsencrypt"`

			`securityContext:`
			`capabilities:`
			`drop: [ALL]`
			`add: [NET_BIND_SERVICE]`
			`readOnlyRootFilesystem: true`
			`runAsGroup: 0`
			`runAsNonRoot: false`
			`runAsUser: 0`

			`service:`
			`type: NodePort`
			`ipFamilyPolicy: PreferDualStack`

			`persistence:`
			`enabled: true`

			`certResolvers:`
			`letsencrypt:`
			`email: letsencrypt@ar21.de`
			`tlsChallenge: true`
			`httpChallenge:`
			`entryPoint: "web"`
			`storage: /data/acme.json`

			`updateStrategy:`
			`type: RollingUpdate`
			`rollingUpdate:`
			`maxUnavailable: 1`
			`maxSurge: 0`

			`ingressRoute:`
			`dashboard:`
			matchRule: Host(`traefik.lab.ar21.de`)
			`entryPoints: ["traefik", "websecure"]`
			`middlewares:`
			`- name: basic-auth`