2021-04-13 14:47:37 +00:00
image :
2021-12-03 12:02:44 +00:00
repository : tccr.io/truecharts/traefik
2023-04-30 07:33:54 +00:00
tag : 2.9 .10 @sha256:53a8cc0ea5d6fb681aa1e39864fbf0d1ecec8fab3547df4a59f68989bdf10925
2021-04-13 14:47:37 +00:00
pullPolicy : IfNotPresent
2023-03-04 12:42:14 +00:00
workload :
main :
replicas : 2
strategy : RollingUpdate
podSpec :
containers :
main :
args : [ ]
probes :
# -- Liveness probe configuration
# @default -- See below
liveness :
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type : tcp
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Redainess probe configuration
# @default -- See below
readiness :
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type : tcp
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Startup probe configuration
# @default -- See below
startup :
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type : tcp
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Options for all pods
# Can be overruled per pod
podOptions :
automountServiceAccountToken : true
2021-09-03 22:53:15 +00:00
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
2021-06-10 12:49:42 +00:00
ingressClass :
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled : false
isDefaultClass : false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
2021-09-03 22:53:15 +00:00
fallbackApiVersion : ""
2021-06-10 12:49:42 +00:00
2021-09-03 22:53:15 +00:00
# -- Create an IngressRoute for the dashboard
2021-06-10 12:49:42 +00:00
ingressRoute :
2021-04-13 14:47:37 +00:00
dashboard :
enabled : true
2021-06-10 12:49:42 +00:00
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
2021-04-13 14:47:37 +00:00
annotations : {}
2021-06-10 12:49:42 +00:00
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
2021-04-13 14:47:37 +00:00
labels : {}
2021-06-10 12:49:42 +00:00
#
2021-09-03 22:53:15 +00:00
# -- Configure providers
2021-06-10 12:49:42 +00:00
providers :
kubernetesCRD :
enabled : true
2022-07-22 18:23:01 +00:00
namespaces :
[ ]
2021-06-10 12:49:42 +00:00
# - "default"
kubernetesIngress :
enabled : true
# labelSelector: environment=production,method=traefik
2022-07-22 18:23:01 +00:00
namespaces :
[ ]
2021-06-10 12:49:42 +00:00
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService :
2021-09-02 16:25:21 +00:00
enabled : true
2021-06-10 12:49:42 +00:00
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
2021-09-03 22:53:15 +00:00
# -- Logs
2021-06-10 12:49:42 +00:00
# https://docs.traefik.io/observability/logs/
logs :
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general :
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
2021-09-03 22:53:15 +00:00
level : ERROR
2022-05-05 18:40:43 +00:00
# -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
format : common
2021-06-10 12:49:42 +00:00
access :
# To enable access logs
enabled : false
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
2022-07-22 18:23:01 +00:00
filters :
{}
2021-06-10 12:49:42 +00:00
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields :
general :
defaultmode : keep
2022-07-22 18:23:01 +00:00
names :
{}
2021-06-10 12:49:42 +00:00
# Examples:
# ClientUsername: drop
headers :
defaultmode : drop
2022-07-22 18:23:01 +00:00
names :
{}
2021-06-10 12:49:42 +00:00
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
2022-05-05 18:40:43 +00:00
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
format : common
2021-06-10 12:49:42 +00:00
2021-09-03 22:53:15 +00:00
metrics :
2023-03-11 19:15:36 +00:00
main :
2023-03-11 14:50:50 +00:00
enabled : true
type : servicemonitor
endpoints :
- port : metrics
path : /metrics
targetSelector : metrics
2021-09-03 22:53:15 +00:00
2021-06-10 12:49:42 +00:00
globalArguments :
- "--global.checknewversion"
2021-09-03 22:53:15 +00:00
##
# -- Additional arguments to be passed at Traefik's binary
2021-06-10 12:49:42 +00:00
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments :
- "--serverstransport.insecureskipverify=true"
2021-09-03 22:53:15 +00:00
- "--providers.kubernetesingress.allowexternalnameservices=true"
2021-06-10 12:49:42 +00:00
2021-09-03 22:53:15 +00:00
# -- TLS Options to be created as TLSOption CRDs
2021-12-03 12:02:44 +00:00
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
2021-06-10 12:49:42 +00:00
# Example:
tlsOptions :
default :
sniStrict : false
minVersion : VersionTLS12
curvePreferences :
- CurveP521
- CurveP384
cipherSuites :
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
2021-09-03 22:53:15 +00:00
# -- Options for the main traefik service, where the entrypoints traffic comes from
2021-06-10 12:49:42 +00:00
# from.
service :
2021-09-03 22:53:15 +00:00
main :
type : LoadBalancer
ports :
main :
2021-11-28 09:44:06 +00:00
port : 9000
2021-11-06 21:55:18 +00:00
targetPort : 9000
2023-03-04 12:42:14 +00:00
protocol : http
2022-05-04 15:53:21 +00:00
# -- Forwarded Headers should never be enabled on Main entrypoint
forwardedHeaders :
enabled : false
2022-08-27 20:58:46 +00:00
# -- Proxy Protocol should never be enabled on Main entrypoint
proxyProtocol :
enabled : false
2021-09-03 22:53:15 +00:00
tcp :
enabled : true
type : LoadBalancer
ports :
web :
enabled : true
port : 9080
2023-03-04 12:42:14 +00:00
protocol : http
2021-09-03 22:53:15 +00:00
redirectTo : websecure
2022-08-27 20:58:46 +00:00
# Options: Empty, 0 (ingore), or positive int
# redirectPort:
2022-05-04 15:53:21 +00:00
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders :
enabled : false
# -- List of trusted IP and CIDR references
trustedIPs : [ ]
# -- Trust all forwarded headers
insecureMode : false
2022-08-27 20:58:46 +00:00
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol :
enabled : false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs : [ ]
# -- Trust every incoming connection
insecureMode : false
2021-09-03 22:53:15 +00:00
websecure :
enabled : true
port : 9443
2023-03-04 12:42:14 +00:00
protocol : https
2022-05-04 15:53:21 +00:00
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders :
enabled : false
# -- List of trusted IP and CIDR references
trustedIPs : [ ]
# -- Trust all forwarded headers
insecureMode : false
2022-08-27 20:58:46 +00:00
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol :
enabled : false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs : [ ]
# -- Trust every incoming connection
insecureMode : false
2022-07-22 18:23:01 +00:00
# tcpexample:
# enabled: true
# targetPort: 9443
2023-03-04 12:42:14 +00:00
# protocol: tcp
2022-07-22 18:23:01 +00:00
# tls:
# enabled: false
# # this is the name of a TLSOption definition
# options: ""
# certResolver: ""
# domains: []
# # - main: example.com
# # sans:
# # - foo.example.com
# # - bar.example.com
2021-09-03 22:53:15 +00:00
metrics :
enabled : true
2022-01-27 23:22:51 +00:00
type : ClusterIP
2021-09-03 22:53:15 +00:00
ports :
metrics :
enabled : true
2022-01-28 18:16:25 +00:00
port : 9180
targetPort : 9180
2023-03-04 12:42:14 +00:00
protocol : http
2022-05-04 15:53:21 +00:00
# -- Forwarded Headers should never be enabled on Metrics entrypoint
forwardedHeaders :
enabled : false
2022-08-27 20:58:46 +00:00
# -- Proxy Protocol should never be enabled on Metrics entrypoint
proxyProtocol :
enabled : false
2023-03-04 12:42:14 +00:00
# udp:
# enabled: false
2022-07-14 09:30:52 +00:00
2021-09-03 22:53:15 +00:00
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
2021-06-10 12:49:42 +00:00
rbac :
2022-06-07 17:41:19 +00:00
main :
enabled : true
2023-03-04 12:42:14 +00:00
primary : true
clusterWide : true
2022-06-07 17:41:19 +00:00
rules :
- apiGroups :
- ""
resources :
- services
- endpoints
- secrets
verbs :
- get
- list
- watch
- apiGroups :
- extensions
- networking.k8s.io
resources :
- ingresses
2023-04-26 09:19:33 +00:00
- ingressclasses
2022-06-07 17:41:19 +00:00
verbs :
- get
- list
- watch
- apiGroups :
- extensions
- networking.k8s.io
resources :
- ingresses/status
verbs :
- update
- apiGroups :
2023-04-25 07:12:09 +00:00
- traefik.io
2022-06-07 17:41:19 +00:00
- traefik.containo.us
resources :
2023-04-25 07:12:09 +00:00
- middlewares
- middlewaretcps
2022-06-07 17:41:19 +00:00
- ingressroutes
2023-04-25 07:12:09 +00:00
- traefikservices
2022-06-07 17:41:19 +00:00
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
verbs :
- get
- list
- watch
2021-09-03 22:53:15 +00:00
# -- The service account the pods will use to interact with the Kubernetes API
2021-06-10 12:49:42 +00:00
serviceAccount :
2022-06-07 17:41:19 +00:00
main :
2022-09-03 17:22:28 +00:00
enabled : true
2023-03-04 12:42:14 +00:00
primary : true
2021-06-10 12:49:42 +00:00
2021-09-03 22:53:15 +00:00
# -- SCALE Middleware Handlers
2021-06-30 10:56:17 +00:00
middlewares :
basicAuth : [ ]
# - name: basicauthexample
# users:
# - username: testuser
# password: testpassword
forwardAuth : [ ]
# - name: forwardAuthexample
# address: https://auth.example.com/
# authResponseHeaders:
# - X-Secret
# - X-Auth-User
# authRequestHeaders:
# - "Accept"
# - "X-CustomHeader"
# authResponseHeadersRegex: "^X-"
# trustForwardHeader: true
2021-07-05 08:36:05 +00:00
chain : [ ]
2021-09-08 13:38:31 +00:00
# - name: chainname
# middlewares:
# - name: compress
2021-07-05 08:36:05 +00:00
redirectScheme : [ ]
2021-09-08 13:38:31 +00:00
# - name: redirectSchemeName
# scheme: https
# permanent: true
2021-07-05 08:36:05 +00:00
rateLimit : [ ]
2021-09-08 13:38:31 +00:00
# - name: rateLimitName
# average: 300
# burst: 200
redirectRegex : [ ]
# - name: redirectRegexName
# regex: putregexhere
2022-08-27 20:58:46 +00:00
# replacement: replacementurlhere
2021-09-08 13:38:31 +00:00
# permanent: false
2022-04-04 19:48:33 +00:00
stripPrefixRegex : [ ]
# - name: stripPrefixRegexName
2022-04-04 20:40:27 +00:00
# regex: []
2021-09-08 13:38:31 +00:00
ipWhiteList : [ ]
# - name: ipWhiteListName
# sourceRange: []
# ipStrategy:
# depth: 2
# excludedIPs: []
2023-01-14 10:23:57 +00:00
themeParkVersion : v1.3.0
2022-07-21 13:32:49 +00:00
themePark : [ ]
# - name: themeParkName
# -- Supported apps, lower case name
# -- https://docs.theme-park.dev/themes
# app: appnamehere
# -- Supported themes, lower case name
# -- https://docs.theme-park.dev/themes/APPNAMEHERE
# -- https://docs.theme-park.dev/community-themes
# theme: themenamehere
# -- https://theme-park.dev or a self hosted url
# baseUrl: https://theme-park.dev
2022-09-25 09:14:39 +00:00
realIPVersion : v1.0.3
# Sets X-Real-Ip with an IP from the X-Forwarded-For or
# Cf-Connecting-Ip (If from Cloudflare)
# Evaluation of those headers will go from last to first
realIP : [ ]
# - name: realIPName
# -- The real IP will be the first one that is
# -- not included in any of the CIDRs passed here
# excludedNetworks:
# - 1.1.1.1/24
addPrefix : [ ]
# - name: addPrefixName
# prefix: "/foo"
2023-01-16 09:06:03 +00:00
geoBlockVersion : v0.2.4
2022-11-13 11:03:07 +00:00
geoBlock : [ ]
# -- https://github.com/PascalMinder/geoblock
# - name: geoBlockName
# allowLocalRequests: true
# logLocalRequests: false
# logAllowedRequests: false
# logApiRequests: false
# api: https://get.geojs.io/v1/ip/country/{ip}
# apiTimeoutMs: 500
# cacheSize: 25
# forceMonthlyUpdate: true
# allowUnknownCountries: false
# unknownCountryApiResponse: nil
2023-01-16 09:06:03 +00:00
# blackListMode: false
2022-11-13 11:03:07 +00:00
# countries:
# - RU
2021-07-05 16:13:44 +00:00
portalhook :
enabled : true
2022-07-22 15:31:30 +00:00
persistence :
plugins :
enabled : true
mountPath : "/plugins-storage"
type : emptyDir
2022-08-08 21:25:02 +00:00
portal :
2023-03-04 12:42:14 +00:00
open :
enabled : true
2023-03-19 10:58:22 +00:00
path : /dashboard/
override :
protocol : http