# Default values for Traefik image: repository: traefik # defaults to appVersion tag: v2.5.3@sha256:f40028d9771cb29a35392b4cbdd655625596a319b915061e306c503059d0b6f4 pullPolicy: IfNotPresent # Create an IngressRoute for the dashboard ingressRoute: dashboard: enabled: true # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) annotations: {} # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) labels: {} # # Configure providers # providers: kubernetesCRD: enabled: true namespaces: [] # - "default" kubernetesIngress: enabled: true # labelSelector: environment=production,method=traefik namespaces: [] # - "default" # IP used for Kubernetes Ingress endpoints publishedService: enabled: true # Published Kubernetes Service to copy status from. Format: namespace/servicename # By default this Traefik service # pathOverride: "" metrics: # datadog: # address: 127.0.0.1:8125 # influxdb: # address: localhost:8089 # protocol: udp prometheus: entryPoint: metrics # statsd: # address: localhost:8125 globalArguments: - "--global.checknewversion" # # Configure Traefik static configuration # Additional arguments to be passed at Traefik's binary # All available options available on https://docs.traefik.io/reference/static-configuration/cli/ ## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` additionalArguments: - "--metrics.prometheus" - "--ping" - "--serverstransport.insecureskipverify=true" - "--providers.kubernetesingress.allowexternalnameservices=true" # TLS Options are created as TLSOption CRDs # https://doc.traefik.io/traefik/https/tls/#tls-options # Example: tlsOptions: default: sniStrict: false minVersion: VersionTLS12 curvePreferences: - CurveP521 - CurveP384 cipherSuites: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 probes: # -- Liveness probe configuration # @default -- See below liveness: # -- sets the probe type when not using a custom probe # @default -- "TCP" type: HTTP # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used # @default -- "/" path: "/ping" # -- Redainess probe configuration # @default -- See below readiness: # -- sets the probe type when not using a custom probe # @default -- "TCP" type: HTTP # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used # @default -- "/" path: "/ping" # -- Startup probe configuration # @default -- See below startup: # -- sets the probe type when not using a custom probe # @default -- "TCP" type: HTTP # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used # @default -- "/" path: "/ping" # Whether Role Based Access Control objects like roles and rolebindings should be created rbac: enabled: true rules: - apiGroups: - "" resources: - services - endpoints - secrets verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses - ingressclasses verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - traefik.containo.us resources: - ingressroutes - ingressroutetcps - ingressrouteudps - middlewares - middlewaretcps - tlsoptions - tlsstores - traefikservices - serverstransports verbs: - get - list - watch # The service account the pods will use to interact with the Kubernetes API serviceAccount: enabled: true # If set, an existing service account is used # If not set, a service account is created automatically using the fullname template name: "" # Set the container security context # To run the container with ports below 1024 this will need to be adjust to run as root securityContext: capabilities: drop: [ALL] portalhook: enabled: true