280 lines
7.8 KiB
YAML
280 lines
7.8 KiB
YAML
|
# Default values for Traefik
|
||
|
image:
|
||
|
name: traefik
|
||
|
# defaults to appVersion
|
||
|
tag: v2.4
|
||
|
pullPolicy: IfNotPresent
|
||
|
|
||
|
|
||
|
traefik:
|
||
|
globalArguments:
|
||
|
- "--global.checknewversion"
|
||
|
|
||
|
##
|
||
|
# Configure Traefik static configuration
|
||
|
# Additional arguments to be passed at Traefik's binary
|
||
|
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
||
|
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
||
|
additionalArguments:
|
||
|
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
|
||
|
# - "--log.level=DEBUG"
|
||
|
# - "--metrics.prometheus"
|
||
|
- "--entrypoints.websecure.http.tls"
|
||
|
- "--ping"
|
||
|
- "--serverstransport.insecureskipverify=true"
|
||
|
|
||
|
# Configure ports
|
||
|
ports:
|
||
|
# The name of this one can't be changed as it is used for the readiness and
|
||
|
# liveness probes, but you can adjust its config to your liking
|
||
|
traefik:
|
||
|
port: 9000
|
||
|
# Use hostPort if set.
|
||
|
# hostPort: 9000
|
||
|
#
|
||
|
# Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
|
||
|
# means it's listening on all your interfaces and all your IPs. You may want
|
||
|
# to set this value if you need traefik to listen on specific interface
|
||
|
# only.
|
||
|
# hostIP: 192.168.100.10
|
||
|
|
||
|
# Defines whether the port is exposed if service.type is LoadBalancer or
|
||
|
# NodePort.
|
||
|
#
|
||
|
# You SHOULD NOT expose the traefik port on production deployments.
|
||
|
# If you want to access it from outside of your cluster,
|
||
|
# use `kubectl port-forward` or create a secure ingress
|
||
|
expose: false
|
||
|
# The exposed port for this service
|
||
|
exposedPort: 9000
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
web:
|
||
|
port: 8000
|
||
|
# hostPort: 8000
|
||
|
expose: true
|
||
|
exposedPort: 80
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
# Use nodeport if set. This is useful if you have configured Traefik in a
|
||
|
# LoadBalancer
|
||
|
# nodePort: 32080
|
||
|
# Port Redirections
|
||
|
# Added in 2.2, you can make permanent redirects via entrypoints.
|
||
|
# https://docs.traefik.io/routing/entrypoints/#redirection
|
||
|
redirectTo: websecure
|
||
|
websecure:
|
||
|
port: 8443
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 443
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
plex:
|
||
|
port: 32400
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 32400
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
kms:
|
||
|
port: 51688
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 1688
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
dns-tcp:
|
||
|
port: 5353
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 5353
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
dns-udp:
|
||
|
port: 5353
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 5353
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: UDP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
stun-tcp:
|
||
|
port: 3478
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 3478
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
stun-udp:
|
||
|
port: 3478
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 3478
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: UDP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
torrent-tcp:
|
||
|
port: 51413
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 51413
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
torrent-udp:
|
||
|
port: 51413
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 51413
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: UDP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
radius:
|
||
|
port: 51812
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 1812
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: UDP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
radius-acc:
|
||
|
port: 51813
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 1813
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: UDP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
ldaps:
|
||
|
port: 50636
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 636
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
unificom:
|
||
|
port: 8080
|
||
|
# hostPort: 8443
|
||
|
expose: true
|
||
|
exposedPort: 8080
|
||
|
# The port protocol (TCP/UDP)
|
||
|
protocol: TCP
|
||
|
# nodePort: 32443
|
||
|
# Set TLS at the entrypoint
|
||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
||
|
|
||
|
# TLS Options are created as TLSOption CRDs
|
||
|
# https://doc.traefik.io/traefik/https/tls/#tls-options
|
||
|
# Example:
|
||
|
# tlsOptions:
|
||
|
# default:
|
||
|
# sniStrict: true
|
||
|
# preferServerCipherSuites: true
|
||
|
# foobar:
|
||
|
# curvePreferences:
|
||
|
# - CurveP521
|
||
|
# - CurveP384
|
||
|
tlsOptions: {}
|
||
|
|
||
|
# Options for the main traefik service, where the entrypoints traffic comes
|
||
|
# from.
|
||
|
service:
|
||
|
externalIPs:
|
||
|
- 192.168.66.6
|
||
|
|
||
|
# Enable persistence using Persistent Volume Claims
|
||
|
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
|
||
|
# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
|
||
|
# additionalArguments:
|
||
|
# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
|
||
|
# It will persist TLS certificates.
|
||
|
persistence:
|
||
|
enabled: false
|
||
|
# existingClaim: ""
|
||
|
accessMode: ReadWriteOnce
|
||
|
size: 1Gi
|
||
|
## storageClass: ""
|
||
|
path: /data
|
||
|
# annotations: {}
|
||
|
## subPath: "" # only mount a subpath of the Volume into the pod
|
||
|
|
||
|
# Set the container security context
|
||
|
# To run the container with ports below 1024 this will need to be adjust to run as root
|
||
|
securityContext:
|
||
|
capabilities:
|
||
|
drop: [ALL]
|
||
|
readOnlyRootFilesystem: true
|
||
|
runAsGroup: 65532
|
||
|
runAsNonRoot: true
|
||
|
runAsUser: 65532
|
||
|
|
||
|
podSecurityContext:
|
||
|
fsGroup: 65532
|
||
|
|
||
|
ingress:
|
||
|
dashboard:
|
||
|
enabled: true
|
||
|
type: "HTTP-IR"
|
||
|
entrypoint: "websecure"
|
||
|
certType: "selfsigned"
|
||
|
serviceName: api@internal
|
||
|
servicePort:
|
||
|
serviceKind: "TraefikService"
|
||
|
annotations: {}
|
||
|
labels: {}
|
||
|
hosts:
|
||
|
- host: chart-example.local
|
||
|
paths:
|
||
|
- path: /
|
||
|
# Ignored if not kubeVersion >= 1.14-0
|
||
|
pathType: Prefix
|
||
|
|
||
|
externalServices:
|
||
|
- enabled: true
|
||
|
name: "test"
|
||
|
type: "HTTP"
|
||
|
entrypoint: "websecure"
|
||
|
certType: "selfsigned"
|
||
|
serviceTarget: "192.168.10.20"
|
||
|
servicePort: 9443
|
||
|
serviceKind: ""
|
||
|
annotations: {}
|
||
|
labels: {}
|
||
|
hosts:
|
||
|
- host: radarr.staging.schouten-lebbing.nl
|
||
|
paths:
|
||
|
- path: /
|
||
|
# Ignored if not kubeVersion >= 1.14-0
|
||
|
pathType: Prefix
|