deployment: kind: DaemonSet hostNetwork: true ports: web: port: 80 redirectTo: port: "websecure" websecure: port: 443 tls: certResolver: "letsencrypt" metrics: port: 9101 securityContext: capabilities: drop: [ALL] add: [NET_BIND_SERVICE] readOnlyRootFilesystem: true runAsGroup: 0 runAsNonRoot: false runAsUser: 0 service: type: NodePort ipFamilyPolicy: PreferDualStack persistence: enabled: true accessMode: ReadWriteMany certResolvers: letsencrypt: email: letsencrypt@ar21.de tlsChallenge: true httpChallenge: entryPoint: "web" storage: /data/acme.json updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 0 ingressRoute: dashboard: matchRule: Host(`traefik.lab.ar21.de`) entryPoints: ["traefik", "websecure"] middlewares: - name: basic-auth