2021-04-13 14:47:37 +00:00
image :
2021-12-03 12:02:44 +00:00
repository : tccr.io/truecharts/traefik
2021-04-13 14:47:37 +00:00
# defaults to appVersion
2022-10-09 12:14:19 +00:00
tag : 2.9 .1 @sha256:e8e6da4e8c59b7bbec5a163cd608e8e62775789580e47921cc6e7fc6d33b037d
2021-04-13 14:47:37 +00:00
pullPolicy : IfNotPresent
2022-10-13 09:55:44 +00:00
updateCRD : true
2021-09-03 22:53:15 +00:00
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
2021-06-10 12:49:42 +00:00
ingressClass :
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled : false
isDefaultClass : false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
2021-09-03 22:53:15 +00:00
fallbackApiVersion : ""
2021-06-10 12:49:42 +00:00
2021-09-03 22:53:15 +00:00
# -- Create an IngressRoute for the dashboard
2021-06-10 12:49:42 +00:00
ingressRoute :
2021-04-13 14:47:37 +00:00
dashboard :
enabled : true
2021-06-10 12:49:42 +00:00
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
2021-04-13 14:47:37 +00:00
annotations : {}
2021-06-10 12:49:42 +00:00
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
2021-04-13 14:47:37 +00:00
labels : {}
2021-06-10 12:49:42 +00:00
2022-01-27 23:27:08 +00:00
podAnnotations :
prometheus.io/scrape : "true"
prometheus.io/path : "/metrics"
2022-01-28 18:16:25 +00:00
prometheus.io/port : "9180"
2022-01-27 23:27:08 +00:00
2021-06-10 12:49:42 +00:00
#
2021-09-03 22:53:15 +00:00
# -- Configure providers
2021-06-10 12:49:42 +00:00
providers :
kubernetesCRD :
enabled : true
2022-07-22 18:23:01 +00:00
namespaces :
[ ]
2021-06-10 12:49:42 +00:00
# - "default"
kubernetesIngress :
enabled : true
# labelSelector: environment=production,method=traefik
2022-07-22 18:23:01 +00:00
namespaces :
[ ]
2021-06-10 12:49:42 +00:00
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService :
2021-09-02 16:25:21 +00:00
enabled : true
2021-06-10 12:49:42 +00:00
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
2021-09-03 22:53:15 +00:00
# -- Logs
2021-06-10 12:49:42 +00:00
# https://docs.traefik.io/observability/logs/
logs :
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general :
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
2021-09-03 22:53:15 +00:00
level : ERROR
2022-05-05 18:40:43 +00:00
# -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
format : common
2021-06-10 12:49:42 +00:00
access :
# To enable access logs
enabled : false
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
2022-07-22 18:23:01 +00:00
filters :
{}
2021-06-10 12:49:42 +00:00
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields :
general :
defaultmode : keep
2022-07-22 18:23:01 +00:00
names :
{}
2021-06-10 12:49:42 +00:00
# Examples:
# ClientUsername: drop
headers :
defaultmode : drop
2022-07-22 18:23:01 +00:00
names :
{}
2021-06-10 12:49:42 +00:00
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
2022-05-05 18:40:43 +00:00
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
format : common
2021-06-10 12:49:42 +00:00
2021-09-03 22:53:15 +00:00
metrics :
# datadog:
# address: 127.0.0.1:8125
# influxdb:
# address: localhost:8089
# protocol: udp
prometheus :
entryPoint : metrics
# statsd:
# address: localhost:8125
2021-06-10 12:49:42 +00:00
globalArguments :
- "--global.checknewversion"
2021-09-03 22:53:15 +00:00
##
# -- Additional arguments to be passed at Traefik's binary
2021-06-10 12:49:42 +00:00
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments :
- "--metrics.prometheus"
- "--ping"
- "--serverstransport.insecureskipverify=true"
2021-09-03 22:53:15 +00:00
- "--providers.kubernetesingress.allowexternalnameservices=true"
2021-06-10 12:49:42 +00:00
2021-09-03 22:53:15 +00:00
# -- TLS Options to be created as TLSOption CRDs
2021-12-03 12:02:44 +00:00
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
2021-06-10 12:49:42 +00:00
# Example:
tlsOptions :
default :
sniStrict : false
minVersion : VersionTLS12
curvePreferences :
- CurveP521
- CurveP384
cipherSuites :
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
2021-09-03 22:53:15 +00:00
# -- Options for the main traefik service, where the entrypoints traffic comes from
2021-06-10 12:49:42 +00:00
# from.
service :
2021-09-03 22:53:15 +00:00
main :
type : LoadBalancer
ports :
main :
2021-11-28 09:44:06 +00:00
port : 9000
2021-11-06 21:55:18 +00:00
targetPort : 9000
2021-09-03 22:53:15 +00:00
protocol : HTTP
2022-05-04 15:53:21 +00:00
# -- Forwarded Headers should never be enabled on Main entrypoint
forwardedHeaders :
enabled : false
2022-08-27 20:58:46 +00:00
# -- Proxy Protocol should never be enabled on Main entrypoint
proxyProtocol :
enabled : false
2021-09-03 22:53:15 +00:00
tcp :
enabled : true
type : LoadBalancer
ports :
web :
enabled : true
port : 9080
protocol : HTTP
redirectTo : websecure
2022-08-27 20:58:46 +00:00
# Options: Empty, 0 (ingore), or positive int
# redirectPort:
2022-05-04 15:53:21 +00:00
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders :
enabled : false
# -- List of trusted IP and CIDR references
trustedIPs : [ ]
# -- Trust all forwarded headers
insecureMode : false
2022-08-27 20:58:46 +00:00
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol :
enabled : false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs : [ ]
# -- Trust every incoming connection
insecureMode : false
2021-09-03 22:53:15 +00:00
websecure :
enabled : true
port : 9443
protocol : HTTPS
2022-05-04 15:53:21 +00:00
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders :
enabled : false
# -- List of trusted IP and CIDR references
trustedIPs : [ ]
# -- Trust all forwarded headers
insecureMode : false
2022-08-27 20:58:46 +00:00
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol :
enabled : false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs : [ ]
# -- Trust every incoming connection
insecureMode : false
2022-07-22 18:23:01 +00:00
# tcpexample:
# enabled: true
# targetPort: 9443
# protocol: TCP
# tls:
# enabled: false
# # this is the name of a TLSOption definition
# options: ""
# certResolver: ""
# domains: []
# # - main: example.com
# # sans:
# # - foo.example.com
# # - bar.example.com
2021-09-03 22:53:15 +00:00
metrics :
enabled : true
2022-01-27 23:22:51 +00:00
type : ClusterIP
2021-09-03 22:53:15 +00:00
ports :
metrics :
enabled : true
2022-01-28 18:16:25 +00:00
port : 9180
targetPort : 9180
2021-09-03 22:53:15 +00:00
protocol : HTTP
2022-05-04 15:53:21 +00:00
# -- Forwarded Headers should never be enabled on Metrics entrypoint
forwardedHeaders :
enabled : false
2022-08-27 20:58:46 +00:00
# -- Proxy Protocol should never be enabled on Metrics entrypoint
proxyProtocol :
enabled : false
2021-09-03 22:53:15 +00:00
udp :
enabled : false
2021-06-10 12:49:42 +00:00
2022-07-14 09:30:52 +00:00
# probes:
# # -- Liveness probe configuration
# # @default -- See below
# liveness:
# # -- sets the probe type when not using a custom probe
# # @default -- "TCP"
# type: HTTP
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# # @default -- "/"
# path: "/ping"
# # -- Redainess probe configuration
# # @default -- See below
# readiness:
# # -- sets the probe type when not using a custom probe
# # @default -- "TCP"
# type: HTTP
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# # @default -- "/"
# path: "/ping"
# # -- Startup probe configuration
# # @default -- See below
# startup:
# # -- sets the probe type when not using a custom probe
# # @default -- "TCP"
# type: HTTP
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# # @default -- "/"
# path: "/ping"
2021-09-03 22:53:15 +00:00
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
2021-06-10 12:49:42 +00:00
rbac :
2022-06-07 17:41:19 +00:00
main :
enabled : true
rules :
- apiGroups :
- ""
resources :
- services
- endpoints
- secrets
verbs :
- get
- list
- watch
- apiGroups :
- extensions
- networking.k8s.io
resources :
- ingresses
- ingressclasses
verbs :
- get
- list
- watch
- apiGroups :
- extensions
- networking.k8s.io
resources :
- ingresses/status
verbs :
- update
- apiGroups :
- traefik.containo.us
resources :
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs :
- get
- list
- watch
2021-09-03 22:53:15 +00:00
# -- The service account the pods will use to interact with the Kubernetes API
2021-06-10 12:49:42 +00:00
serviceAccount :
2022-06-07 17:41:19 +00:00
main :
2022-09-03 17:22:28 +00:00
enabled : true
2021-06-10 12:49:42 +00:00
2021-09-03 22:53:15 +00:00
# -- SCALE Middleware Handlers
2021-06-30 10:56:17 +00:00
middlewares :
basicAuth : [ ]
# - name: basicauthexample
# users:
# - username: testuser
# password: testpassword
forwardAuth : [ ]
# - name: forwardAuthexample
# address: https://auth.example.com/
# authResponseHeaders:
# - X-Secret
# - X-Auth-User
# authRequestHeaders:
# - "Accept"
# - "X-CustomHeader"
# authResponseHeadersRegex: "^X-"
# trustForwardHeader: true
2021-07-05 08:36:05 +00:00
chain : [ ]
2021-09-08 13:38:31 +00:00
# - name: chainname
# middlewares:
# - name: compress
2021-07-05 08:36:05 +00:00
redirectScheme : [ ]
2021-09-08 13:38:31 +00:00
# - name: redirectSchemeName
# scheme: https
# permanent: true
2021-07-05 08:36:05 +00:00
rateLimit : [ ]
2021-09-08 13:38:31 +00:00
# - name: rateLimitName
# average: 300
# burst: 200
redirectRegex : [ ]
# - name: redirectRegexName
# regex: putregexhere
2022-08-27 20:58:46 +00:00
# replacement: replacementurlhere
2021-09-08 13:38:31 +00:00
# permanent: false
2022-04-04 19:48:33 +00:00
stripPrefixRegex : [ ]
# - name: stripPrefixRegexName
2022-04-04 20:40:27 +00:00
# regex: []
2021-09-08 13:38:31 +00:00
ipWhiteList : [ ]
# - name: ipWhiteListName
# sourceRange: []
# ipStrategy:
# depth: 2
# excludedIPs: []
2022-09-25 09:14:39 +00:00
themeParkVersion : v1.2.2
2022-07-21 13:32:49 +00:00
themePark : [ ]
# - name: themeParkName
# -- Supported apps, lower case name
# -- https://docs.theme-park.dev/themes
# app: appnamehere
# -- Supported themes, lower case name
# -- https://docs.theme-park.dev/themes/APPNAMEHERE
# -- https://docs.theme-park.dev/community-themes
# theme: themenamehere
# -- https://theme-park.dev or a self hosted url
# baseUrl: https://theme-park.dev
2022-09-25 09:14:39 +00:00
realIPVersion : v1.0.3
# Sets X-Real-Ip with an IP from the X-Forwarded-For or
# Cf-Connecting-Ip (If from Cloudflare)
# Evaluation of those headers will go from last to first
realIP : [ ]
# - name: realIPName
# -- The real IP will be the first one that is
# -- not included in any of the CIDRs passed here
# excludedNetworks:
# - 1.1.1.1/24
addPrefix : [ ]
# - name: addPrefixName
# prefix: "/foo"
2021-07-05 16:13:44 +00:00
portalhook :
enabled : true
2022-07-22 15:31:30 +00:00
persistence :
plugins :
enabled : true
mountPath : "/plugins-storage"
type : emptyDir
2022-08-08 21:25:02 +00:00
portal :
enabled : true