jrivera
/
flux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Official traefik values

main
Jaromir Rivera 2022-08-31 12:06:41 -04:00
parent 2463836b79
commit 7445b7d0e4
1 changed files with 96 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
traefik/configmap-traefik-helm-chart-value-overrides.yaml
View File

@ -22,7 +22,9 @@ data:
kind: Deployment kind: Deployment
# Number of pods of the deployment (only applies when kind == Deployment) # Number of pods of the deployment (only applies when kind == Deployment)
replicas: 3 replicas: 3
# Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down # Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
# revisionHistoryLimit: 1
# Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
terminationGracePeriodSeconds: 60 terminationGracePeriodSeconds: 60
# The minimum number of seconds Traefik needs to be up and running before the DaemonSet/ Deployment controller considers it available # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/ Deployment controller considers it available
minReadySeconds: 0 minReadySeconds: 0
@ -50,7 +52,7 @@ data:
# path: /var/run/statsd-exporter # path: /var/run/statsd-exporter
# Additional initContainers (e.g. for setting file permission as shown below) # Additional initContainers (e.g. for setting file permission as shown below)
initContainers: [] initContainers: []
# The "volume-permissions" init container is required if you run into permission issues. # The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/traefik/traefik/issues/6972 # Related issue: https://github.com/traefik/traefik/issues/6972
# - name: volume-permissions # - name: volume-permissions
# image: busybox:1.31.1 # image: busybox:1.31.1
@ -58,6 +60,8 @@ data:
# volumeMounts: # volumeMounts:
# - name: data # - name: data
# mountPath: /data # mountPath: /data
# Use process namespace sharing
shareProcessNamespace: false
# Custom pod DNS policy. Apply if `hostNetwork: true` # Custom pod DNS policy. Apply if `hostNetwork: true`
# dnsPolicy: ClusterFirstWithHostNet # dnsPolicy: ClusterFirstWithHostNet
# Additional imagePullSecrets # Additional imagePullSecrets
@ -77,7 +81,7 @@ data:
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled: false enabled: false
isDefaultClass: false isDefaultClass: false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
fallbackApiVersion: "" fallbackApiVersion: ""
# Activate Pilot integration # Activate Pilot integration
@ -89,13 +93,14 @@ data:
# Enable experimental features # Enable experimental features
experimental: experimental:
http3:
enabled: false
plugins: plugins:
enabled: false enabled: false
kubernetesGateway: kubernetesGateway:
enabled: false enabled: false
appLabelSelector: "traefik" # certificate:
certificates: [] # group: "core"
# - group: "core"
# kind: "Secret" # kind: "Secret"
# name: "mysecret" # name: "mysecret"
# By default, Gateway would be created to the Namespace you are deploying Traefik to. # By default, Gateway would be created to the Namespace you are deploying Traefik to.
@ -105,7 +110,7 @@ data:
# Create an IngressRoute for the dashboard # Create an IngressRoute for the dashboard
ingressRoute: ingressRoute:
dashboard: dashboard:
enabled: false enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {} annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
@ -115,6 +120,20 @@ data:
maxUnavailable: 1 maxUnavailable: 1
maxSurge: 1 maxSurge: 1
# Customize liveness and readiness probe values.
readinessProbe:
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
# #
# Configure providers # Configure providers
@ -122,16 +141,19 @@ data:
providers: providers:
kubernetesCRD: kubernetesCRD:
enabled: true enabled: true
# allowCrossNamespace: false allowCrossNamespace: false
# allowExternalNameServices: false allowExternalNameServices: false
allowEmptyServices: false
ingressClass: traefik-internal ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik # labelSelector: environment=production,method=traefik
namespaces: namespaces: []
- "default" # - "default"
kubernetesIngress: kubernetesIngress:
enabled: true enabled: true
allowExternalNameServices: false allowExternalNameServices: false
allowEmptyServices: false
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik # labelSelector: environment=production,method=traefik
namespaces: [] namespaces: []
# - "default" # - "default"
@ -150,10 +172,7 @@ data:
# - "--providers.file.filename=/config/dynamic.toml" # - "--providers.file.filename=/config/dynamic.toml"
# - "--ping" # - "--ping"
# - "--ping.entrypoint=web" # - "--ping.entrypoint=web"
volumes: volumes: []
# - name: ssl
# secret:
# secretName: wildcard-k3s.securait.local
# - name: public-cert # - name: public-cert
# mountPath: "/certs" # mountPath: "/certs"
# type: secret # type: secret
@ -162,9 +181,7 @@ data:
# type: configMap # type: configMap
# Additional volumeMounts to add to the Traefik container # Additional volumeMounts to add to the Traefik container
additionalVolumeMounts: additionalVolumeMounts: []
# - name: ssl
# mountPath: /ssl
# For instance when using a logshipper for access logs # For instance when using a logshipper for access logs
# - name: traefik-logs # - name: traefik-logs
# mountPath: /var/log/traefik # mountPath: /var/log/traefik
@ -172,12 +189,12 @@ data:
# Logs # Logs
# https://docs.traefik.io/observability/logs/ # https://docs.traefik.io/observability/logs/
logs: logs:
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general: general:
# By default, the logs use a text format (common), but you can # By default, the logs use a text format (common), but you can
# also ask for the json format in the format option # also ask for the json format in the format option
# format: json # format: json
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR level: ERROR
access: access:
# To enable access logs # To enable access logs
@ -187,8 +204,8 @@ data:
# If the given format is unsupported, the default (CLF) is used instead. # If the given format is unsupported, the default (CLF) is used instead.
# format: json # format: json
# To write the logs in an asynchronous fashion, specify a bufferingSize option. # To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing # This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances. # them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100 # bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering # Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters: {} filters: {}
@ -196,7 +213,7 @@ data:
# retryattempts: true # retryattempts: true
# minduration: 10ms # minduration: 10ms
# Fields # Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers # https://docs.traefik.io/observability/access-logs/ #limiting-the-fieldsincluding-headers
fields: fields:
general: general:
defaultmode: keep defaultmode: keep
@ -219,9 +236,19 @@ data:
# protocol: udp # protocol: udp
prometheus: prometheus:
entryPoint: metrics entryPoint: metrics
# addRoutersLabels: true
# statsd: # statsd:
# address: localhost:8125 # address: localhost:8125
tracing: {}
# instana:
# enabled: true
# datadog:
# localAgentHostPort: 127.0.0.1:8126
# debug: false
# globalTag: ""
# prioritySampling: false
globalArguments: globalArguments:
- "--global.checknewversion=false" - "--global.checknewversion=false"
- "--global.sendanonymoususage=false" - "--global.sendanonymoususage=false"
@ -229,7 +256,7 @@ data:
# #
# Configure Traefik static configuration # Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary # Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ # All available options available on https://docs.traefik.io/reference/ static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers. kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` ## Use curly braces to pass values: `helm install --set="additionalArguments={--providers. kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments: additionalArguments:
- "--serversTransport.insecureSkipVerify=true" - "--serversTransport.insecureSkipVerify=true"
@ -301,7 +328,7 @@ data:
# Port Redirections # Port Redirections
# Added in 2.2, you can make permanent redirects via entrypoints. # Added in 2.2, you can make permanent redirects via entrypoints.
# https://docs.traefik.io/routing/entrypoints/#redirection # https://docs.traefik.io/routing/entrypoints/#redirection
# redirectTo: websecure redirectTo: websecure
websecure: websecure:
port: 8443 port: 8443
# hostPort: 8443 # hostPort: 8443
@ -310,6 +337,10 @@ data:
# The port protocol (TCP/UDP) # The port protocol (TCP/UDP)
protocol: TCP protocol: TCP
# nodePort: 32443 # nodePort: 32443
# Enable HTTP/3.
# Requires enabling experimental http3 feature and tls.
# Note that you cannot have a UDP entrypoint with the same port.
# http3: true
# Set TLS at the entrypoint # Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls # https://doc.traefik.io/traefik/routing/entrypoints/#tls
tls: tls:
@ -355,7 +386,7 @@ data:
service: service:
enabled: true enabled: true
type: LoadBalancer type: LoadBalancer
# Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config) # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
annotations: {} annotations: {}
# Additional annotations for TCP service only # Additional annotations for TCP service only
annotationsTCP: {} annotationsTCP: {}
@ -376,6 +407,11 @@ data:
# - 1.2.3.4 # - 1.2.3.4
# One of SingleStack, PreferDualStack, or RequireDualStack. # One of SingleStack, PreferDualStack, or RequireDualStack.
# ipFamilyPolicy: SingleStack # ipFamilyPolicy: SingleStack
# List of IP families (e.g. IPv4 and/or IPv6).
# ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
# ipFamilies:
# - IPv4
# - IPv6
## Create HorizontalPodAutoscaler object. ## Create HorizontalPodAutoscaler object.
## ##
@ -395,7 +431,7 @@ data:
# Enable persistence using Persistent Volume Claims # Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: # After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments: # additionalArguments:
# - "--certificatesresolvers.le.acme.storage=/data/acme.json" # - "--certificatesresolvers.le.acme.storage=/data/acme.json"
# It will persist TLS certificates. # It will persist TLS certificates.
@ -410,21 +446,42 @@ data:
annotations: {} annotations: {}
# subPath: "" # only mount a subpath of the Volume into the pod # subPath: "" # only mount a subpath of the Volume into the pod
certResolvers: {}
# letsencrypt:
# # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
# email: email@example.com
# dnsChallenge:
# # also add the provider's required configuration under env
# # or expand then from secrets/configmaps with envfrom
# # cf. https://doc.traefik.io/traefik/https/acme/#providers
# provider: digitalocean
# # add futher options for the dns challenge as needed
# # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
# delayBeforeCheck: 30
# resolvers:
# - 1.1.1.1
# - 8.8.8.8
# tlsChallenge: true
# httpChallenge:
# entryPoint: "web"
# # match the path to persistence
# storage: /data/acme.json
# If hostNetwork is true, runs traefik in the host network namespace # If hostNetwork is true, runs traefik in the host network namespace
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true # To prevent unschedulabel pods due to port collisions, if hostNetwork=true
# and replicas>1, a pod anti-affinity is recommended and will be set if the # and replicas>1, a pod anti-affinity is recommended and will be set if the
# affinity is left as default. # affinity is left as default.
hostNetwork: true hostNetwork: false
# Whether Role Based Access Control objects like roles and rolebindings should be created # Whether Role Based Access Control objects like roles and rolebindings should be created
rbac: rbac:
enabled: true enabled: true
# If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces. # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
# If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
namespaced: false namespaced: false
# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding # Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
podSecurityPolicy: podSecurityPolicy:
enabled: false enabled: false
@ -450,24 +507,15 @@ data:
# # It should be used when hostNetwork: true to prevent port conflicts # # It should be used when hostNetwork: true to prevent port conflicts
# podAntiAffinity: # podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution: # requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector: # - labelSelector:
# matchExpressions: # matchExpressions:
# - key: app # - key: app.kubernetes.io/name
# operator: In # operator: In
# values: # values:
# - {{ template "traefik.name" . }} # - {{ template "traefik.name" . }}
# topologyKey: failure-domain.beta.kubernetes.io/zone # topologyKey: kubernetes.io/hostname
nodeSelector: {} nodeSelector: {}
tolerations: tolerations: []
- key: "CriticalAddonsOnly"
operator: "Exists"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
# Pods can have priority. # Pods can have priority.
# Priority indicates the importance of a Pod relative to other Pods. # Priority indicates the importance of a Pod relative to other Pods.
@ -484,4 +532,4 @@ data:
runAsUser: 65532 runAsUser: 65532
podSecurityContext: podSecurityContext:
fsGroup: 65532 fsGroup: 65532