2021-06-10 12:49:42 +00:00
# Default values for Traefik
2021-04-13 14:47:37 +00:00
image :
2021-09-10 20:07:55 +00:00
repository : ghcr.io/truecharts/traefik
2021-04-13 14:47:37 +00:00
# defaults to appVersion
2021-09-08 14:29:25 +00:00
tag : v2.5.2
2021-04-13 14:47:37 +00:00
pullPolicy : IfNotPresent
2021-06-10 12:49:42 +00:00
# Create an IngressRoute for the dashboard
ingressRoute :
dashboard :
enabled : true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations : {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels : {}
#
# Configure providers
#
providers :
kubernetesCRD :
enabled : true
namespaces : [ ]
# - "default"
kubernetesIngress :
enabled : true
# labelSelector: environment=production,method=traefik
namespaces : [ ]
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService :
2021-09-02 17:17:40 +00:00
enabled : true
2021-06-10 12:49:42 +00:00
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
2021-09-03 22:53:15 +00:00
metrics :
# datadog:
# address: 127.0.0.1:8125
# influxdb:
# address: localhost:8089
# protocol: udp
prometheus :
entryPoint : metrics
# statsd:
# address: localhost:8125
2021-06-10 12:49:42 +00:00
globalArguments :
- "--global.checknewversion"
#
# Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments :
- "--metrics.prometheus"
- "--ping"
- "--serverstransport.insecureskipverify=true"
2021-09-03 22:53:15 +00:00
- "--providers.kubernetesingress.allowexternalnameservices=true"
2021-06-10 12:49:42 +00:00
# TLS Options are created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# Example:
tlsOptions :
default :
sniStrict : false
minVersion : VersionTLS12
curvePreferences :
- CurveP521
- CurveP384
cipherSuites :
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
2021-09-03 22:53:15 +00:00
probes :
# -- Liveness probe configuration
# @default -- See below
liveness :
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type : HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path : "/ping"
# -- Redainess probe configuration
# @default -- See below
readiness :
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type : HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path : "/ping"
# -- Startup probe configuration
# @default -- See below
startup :
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type : HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path : "/ping"
2021-06-28 17:36:49 +00:00
2021-06-10 12:49:42 +00:00
# Whether Role Based Access Control objects like roles and rolebindings should be created
rbac :
enabled : true
2021-09-03 22:53:15 +00:00
rules :
- apiGroups :
- ""
resources :
- services
- endpoints
- secrets
verbs :
- get
- list
- watch
- apiGroups :
- extensions
- networking.k8s.io
resources :
- ingresses
- ingressclasses
verbs :
- get
- list
- watch
- apiGroups :
- extensions
- networking.k8s.io
resources :
- ingresses/status
verbs :
- update
- apiGroups :
- traefik.containo.us
resources :
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs :
- get
- list
- watch
2021-06-10 12:49:42 +00:00
# The service account the pods will use to interact with the Kubernetes API
serviceAccount :
2021-09-03 22:53:15 +00:00
enabled : true
2021-06-10 12:49:42 +00:00
# If set, an existing service account is used
# If not set, a service account is created automatically using the fullname template
name : ""
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext :
capabilities :
drop : [ ALL]
2021-07-05 16:13:44 +00:00
portalhook :
enabled : true