Official traefik values

2022-08-31 12:06:41 -04:00 · 2022-08-31 12:06:41 -04:00 · 7445b7d0e4
parent 2463836b79
commit 7445b7d0e4
1 changed files with 96 additions and 48 deletions
--- a/traefik/configmap-traefik-helm-chart-value-overrides.yaml
+++ b/traefik/configmap-traefik-helm-chart-value-overrides.yaml
@ -22,6 +22,8 @@ data:
      kind: Deployment
      # Number of pods of the deployment (only applies when kind == Deployment)
      replicas: 3
+      # Number of old history to retain to allow rollback (If not set, default Kubernetes     value is set to 10)
+      # revisionHistoryLimit: 1
      # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik     does not shut down
      terminationGracePeriodSeconds: 60
      # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/    Deployment controller considers it available
@ -58,6 +60,8 @@ data:
        #   volumeMounts:
        #     - name: data
        #       mountPath: /data
+      # Use process namespace sharing
+      shareProcessNamespace: false
      # Custom pod DNS policy. Apply if `hostNetwork: true`
      # dnsPolicy: ClusterFirstWithHostNet
      # Additional imagePullSecrets
@ -89,13 +93,14 @@ data:

    # Enable experimental features
    experimental:
+      http3:
+        enabled: false
      plugins:
        enabled: false
      kubernetesGateway:
        enabled: false
-        appLabelSelector: "traefik"
-        certificates: []
-        # - group: "core"
+        # certificate:
+        #   group: "core"
        #   kind: "Secret"
        #   name: "mysecret"
        # By default, Gateway would be created to the Namespace you are deploying Traefik to.
@ -105,7 +110,7 @@ data:
    # Create an IngressRoute for the dashboard
    ingressRoute:
      dashboard:
-        enabled: false
+        enabled: true
        # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
        annotations: {}
        # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
@ -115,6 +120,20 @@ data:
      maxUnavailable: 1
      maxSurge: 1

+    # Customize liveness and readiness probe values.
+    readinessProbe:
+      failureThreshold: 1
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      successThreshold: 1
+      timeoutSeconds: 2
+
+    livenessProbe:
+      failureThreshold: 3
+      initialDelaySeconds: 10
+      periodSeconds: 10
+      successThreshold: 1
+      timeoutSeconds: 2

    #
    # Configure providers
@ -122,16 +141,19 @@ data:
    providers:
      kubernetesCRD:
        enabled: true
-        # allowCrossNamespace: false
-        # allowExternalNameServices: false
+        allowCrossNamespace: false
+        allowExternalNameServices: false
+        allowEmptyServices: false
        ingressClass: traefik-internal
        # labelSelector: environment=production,method=traefik
-        namespaces:
-          - "default"
+        namespaces: []
+          # - "default"

      kubernetesIngress:
        enabled: true
        allowExternalNameServices: false
+        allowEmptyServices: false
+        # ingressClass: traefik-internal
        # labelSelector: environment=production,method=traefik
        namespaces: []
          # - "default"
@ -150,10 +172,7 @@ data:
    # - "--providers.file.filename=/config/dynamic.toml"
    # - "--ping"
    # - "--ping.entrypoint=web"
-    volumes:
-      # - name: ssl
-      #   secret:
-      #     secretName: wildcard-k3s.securait.local
+    volumes: []
    # - name: public-cert
    #   mountPath: "/certs"
    #   type: secret
@ -162,9 +181,7 @@ data:
    #   type: configMap

    # Additional volumeMounts to add to the Traefik container
-    additionalVolumeMounts:
-      # - name: ssl
-      #   mountPath: /ssl
+    additionalVolumeMounts: []
      # For instance when using a logshipper for access logs
      # - name: traefik-logs
      #   mountPath: /var/log/traefik
@ -219,9 +236,19 @@ data:
      #   protocol: udp
      prometheus:
        entryPoint: metrics
+      #  addRoutersLabels: true
      # statsd:
      #   address: localhost:8125

+    tracing: {}
+      # instana:
+      #   enabled: true
+      # datadog:
+      #   localAgentHostPort: 127.0.0.1:8126
+      #   debug: false
+      #   globalTag: ""
+      #   prioritySampling: false
+
    globalArguments:
      - "--global.checknewversion=false"
      - "--global.sendanonymoususage=false"
@ -301,7 +328,7 @@ data:
        # Port Redirections
        # Added in 2.2, you can make permanent redirects via entrypoints.
        # https://docs.traefik.io/routing/entrypoints/#redirection
-        # redirectTo: websecure
+        redirectTo: websecure
      websecure:
        port: 8443
        # hostPort: 8443
@ -310,6 +337,10 @@ data:
        # The port protocol (TCP/UDP)
        protocol: TCP
        # nodePort: 32443
+        # Enable HTTP/3.
+        # Requires enabling experimental http3 feature and tls.
+        # Note that you cannot have a UDP entrypoint with the same port.
+        # http3: true
        # Set TLS at the entrypoint
        # https://doc.traefik.io/traefik/routing/entrypoints/#tls
        tls:
@ -376,6 +407,11 @@ data:
        # - 1.2.3.4
      # One of SingleStack, PreferDualStack, or RequireDualStack.
      # ipFamilyPolicy: SingleStack
+      # List of IP families (e.g. IPv4 and/or IPv6).
+      # ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
+      # ipFamilies:
+      #   - IPv4
+      #   - IPv6

    ## Create HorizontalPodAutoscaler object.
    ##
@ -410,11 +446,32 @@ data:
      annotations: {}
      # subPath: "" # only mount a subpath of the Volume into the pod

+    certResolvers: {}
+    #   letsencrypt:
+    #     # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
+    #     email: email@example.com
+    #     dnsChallenge:
+    #       # also add the provider's required configuration under env
+    #       # or expand then from secrets/configmaps with envfrom
+    #       # cf. https://doc.traefik.io/traefik/https/acme/#providers
+    #       provider: digitalocean
+    #       # add futher options for the dns challenge as needed
+    #       # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
+    #       delayBeforeCheck: 30
+    #       resolvers:
+    #         - 1.1.1.1
+    #         - 8.8.8.8
+    #     tlsChallenge: true
+    #     httpChallenge:
+    #       entryPoint: "web"
+    #     # match the path to persistence
+    #     storage: /data/acme.json
+
    # If hostNetwork is true, runs traefik in the host network namespace
    # To prevent unschedulabel pods due to port collisions, if hostNetwork=true
    # and replicas>1, a pod anti-affinity is recommended and will be set if the
    # affinity is left as default.
-    hostNetwork: true
+    hostNetwork: false

    # Whether Role Based Access Control objects like roles and rolebindings should be created
    rbac:
@ -452,22 +509,13 @@ data:
    #     requiredDuringSchedulingIgnoredDuringExecution:
    #       - labelSelector:
    #           matchExpressions:
-    #         - key: app
+    #             - key: app.kubernetes.io/name
    #               operator: In
    #               values:
    #                 - {{ template "traefik.name" . }}
-    #       topologyKey: failure-domain.beta.kubernetes.io/zone
+    #         topologyKey: kubernetes.io/hostname
    nodeSelector: {}
-    tolerations:
-    - key: "CriticalAddonsOnly"
-      operator: "Exists"
-    - key: "node-role.kubernetes.io/control-plane"
-      operator: "Exists"
-      effect: "NoSchedule"
-    - key: "node-role.kubernetes.io/master"
-      operator: "Exists"
-      effect: "NoSchedule"
-
+    tolerations: []

    # Pods can have priority.
    # Priority indicates the importance of a Pod relative to other Pods.