2021-04-13 14:47:37 +00:00
image :
2024-01-02 11:15:02 +00:00
repository : tccr.io/tccr/traefik
2024-02-21 16:13:04 +00:00
tag : v2.11.0@sha256:b117ffbec2ea61d02154a2a93e6c3ad5ffe8e3e5539bd08e8e96078d79e4454a
2021-04-13 14:47:37 +00:00
pullPolicy : IfNotPresent
2023-05-24 06:51:23 +00:00
manifestManager :
enabled : true
2023-03-04 12:42:14 +00:00
workload :
main :
replicas : 2
strategy : RollingUpdate
podSpec :
containers :
main :
args : [ ]
probes :
# -- Liveness probe configuration
# @default -- See below
liveness :
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type : tcp
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
2023-07-29 20:03:37 +00:00
# -- Readiness probe configuration
2023-03-04 12:42:14 +00:00
# @default -- See below
readiness :
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type : tcp
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Startup probe configuration
# @default -- See below
startup :
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type : tcp
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Options for all pods
# Can be overruled per pod
podOptions :
automountServiceAccountToken : true
2023-07-31 10:32:04 +00:00
operator :
register : true
2021-09-03 22:53:15 +00:00
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
2021-06-10 12:49:42 +00:00
ingressClass :
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled : false
isDefaultClass : false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
2021-09-03 22:53:15 +00:00
fallbackApiVersion : ""
# -- Create an IngressRoute for the dashboard
2021-06-10 12:49:42 +00:00
ingressRoute :
2021-04-13 14:47:37 +00:00
dashboard :
enabled : true
2021-06-10 12:49:42 +00:00
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
2021-04-13 14:47:37 +00:00
annotations : {}
2021-06-10 12:49:42 +00:00
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
2021-04-13 14:47:37 +00:00
labels : {}
2021-06-10 12:49:42 +00:00
#
2021-09-03 22:53:15 +00:00
# -- Configure providers
2021-06-10 12:49:42 +00:00
providers :
kubernetesCRD :
enabled : true
2023-11-17 10:20:22 +00:00
namespaces : [ ]
# - "default"
2021-06-10 12:49:42 +00:00
kubernetesIngress :
enabled : true
# labelSelector: environment=production,method=traefik
2023-11-17 10:20:22 +00:00
namespaces : [ ]
# - "default"
2021-06-10 12:49:42 +00:00
# IP used for Kubernetes Ingress endpoints
publishedService :
2021-09-02 16:25:21 +00:00
enabled : true
2021-06-10 12:49:42 +00:00
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
2021-09-03 22:53:15 +00:00
# -- Logs
2021-06-10 12:49:42 +00:00
# https://docs.traefik.io/observability/logs/
logs :
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general :
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
2021-09-03 22:53:15 +00:00
level : ERROR
2022-05-05 18:40:43 +00:00
# -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
format : common
2021-06-10 12:49:42 +00:00
access :
# To enable access logs
enabled : false
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
2023-11-17 10:20:22 +00:00
filters : {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
2021-06-10 12:49:42 +00:00
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields :
general :
defaultmode : keep
2023-11-17 10:20:22 +00:00
names : {}
# Examples:
# ClientUsername: drop
2021-06-10 12:49:42 +00:00
headers :
defaultmode : drop
2023-11-17 10:20:22 +00:00
names : {}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
2022-05-05 18:40:43 +00:00
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
format : common
2021-09-03 22:53:15 +00:00
metrics :
2023-03-11 19:15:36 +00:00
main :
2024-02-27 17:17:01 +00:00
enabled : true
2023-03-11 14:50:50 +00:00
type : servicemonitor
endpoints :
- port : metrics
path : /metrics
targetSelector : metrics
2024-02-27 17:17:01 +00:00
2021-06-10 12:49:42 +00:00
globalArguments :
- "--global.checknewversion"
2024-02-27 19:01:56 +00:00
2024-02-27 17:17:01 +00:00
configmap :
dashboard :
enabled : true
labels :
2024-02-27 19:01:56 +00:00
grafana_dashboard : "1"
2024-02-27 17:17:01 +00:00
data :
traefik.json : >-
{{ .Files.Get "dashboard.json" | indent 8 }}
2024-02-27 19:01:56 +00:00
2021-09-03 22:53:15 +00:00
##
# -- Additional arguments to be passed at Traefik's binary
2021-06-10 12:49:42 +00:00
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments :
- "--serverstransport.insecureskipverify=true"
2021-09-03 22:53:15 +00:00
- "--providers.kubernetesingress.allowexternalnameservices=true"
2023-11-25 23:50:19 +00:00
# -- Default clusterCertificate generated by clusterissuer
defaultCertificate : ""
# -- Add custom DNSStore objects
tlsStore : {}
2021-09-03 22:53:15 +00:00
# -- TLS Options to be created as TLSOption CRDs
2021-12-03 12:02:44 +00:00
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
2021-06-10 12:49:42 +00:00
# Example:
tlsOptions :
default :
sniStrict : false
minVersion : VersionTLS12
curvePreferences :
- CurveP521
- CurveP384
cipherSuites :
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
2021-09-03 22:53:15 +00:00
# -- Options for the main traefik service, where the entrypoints traffic comes from
2021-06-10 12:49:42 +00:00
# from.
service :
2021-09-03 22:53:15 +00:00
main :
type : LoadBalancer
ports :
main :
2021-11-28 09:44:06 +00:00
port : 9000
2021-11-06 21:55:18 +00:00
targetPort : 9000
2023-03-04 12:42:14 +00:00
protocol : http
2022-05-04 15:53:21 +00:00
# -- Forwarded Headers should never be enabled on Main entrypoint
forwardedHeaders :
enabled : false
2022-08-27 20:58:46 +00:00
# -- Proxy Protocol should never be enabled on Main entrypoint
proxyProtocol :
enabled : false
2021-09-03 22:53:15 +00:00
tcp :
enabled : true
type : LoadBalancer
ports :
web :
enabled : true
2023-12-23 18:18:47 +00:00
port : 80
2023-03-04 12:42:14 +00:00
protocol : http
2021-09-03 22:53:15 +00:00
redirectTo : websecure
2022-08-27 20:58:46 +00:00
# Options: Empty, 0 (ingore), or positive int
# redirectPort:
2022-05-04 15:53:21 +00:00
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders :
enabled : false
# -- List of trusted IP and CIDR references
trustedIPs : [ ]
# -- Trust all forwarded headers
insecureMode : false
2022-08-27 20:58:46 +00:00
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol :
enabled : false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs : [ ]
# -- Trust every incoming connection
insecureMode : false
2021-09-03 22:53:15 +00:00
websecure :
enabled : true
2023-12-23 18:18:47 +00:00
port : 443
2023-03-04 12:42:14 +00:00
protocol : https
2022-05-04 15:53:21 +00:00
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders :
enabled : false
# -- List of trusted IP and CIDR references
trustedIPs : [ ]
# -- Trust all forwarded headers
insecureMode : false
2022-08-27 20:58:46 +00:00
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol :
enabled : false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs : [ ]
# -- Trust every incoming connection
insecureMode : false
2022-07-22 18:23:01 +00:00
# tcpexample:
# enabled: true
# targetPort: 9443
2023-03-04 12:42:14 +00:00
# protocol: tcp
2022-07-22 18:23:01 +00:00
# tls:
# enabled: false
# # this is the name of a TLSOption definition
# options: ""
# certResolver: ""
# domains: []
# # - main: example.com
# # sans:
# # - foo.example.com
# # - bar.example.com
2021-09-03 22:53:15 +00:00
metrics :
enabled : true
2022-01-27 23:22:51 +00:00
type : ClusterIP
2021-09-03 22:53:15 +00:00
ports :
metrics :
enabled : true
2022-01-28 18:16:25 +00:00
port : 9180
targetPort : 9180
2023-03-04 12:42:14 +00:00
protocol : http
2022-05-04 15:53:21 +00:00
# -- Forwarded Headers should never be enabled on Metrics entrypoint
forwardedHeaders :
enabled : false
2022-08-27 20:58:46 +00:00
# -- Proxy Protocol should never be enabled on Metrics entrypoint
proxyProtocol :
enabled : false
2023-03-04 12:42:14 +00:00
# udp:
# enabled: false
2021-09-03 22:53:15 +00:00
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
2021-06-10 12:49:42 +00:00
rbac :
2022-06-07 17:41:19 +00:00
main :
enabled : true
2023-03-04 12:42:14 +00:00
primary : true
clusterWide : true
2022-06-07 17:41:19 +00:00
rules :
- apiGroups :
- ""
resources :
- services
- endpoints
- secrets
verbs :
- get
- list
- watch
- apiGroups :
- extensions
- networking.k8s.io
resources :
- ingresses
2023-04-26 09:19:33 +00:00
- ingressclasses
2022-06-07 17:41:19 +00:00
verbs :
- get
- list
- watch
- apiGroups :
- extensions
- networking.k8s.io
resources :
- ingresses/status
verbs :
- update
- apiGroups :
- traefik.containo.us
refactor(traefik): BREAKING CHANGE move traefik to new CRD's and move config to tc-system (#9116)
**Description**
Traefik couldn't be updated due to CRD namespace chagnes.
This PR changes the CRD namespace to `traefik.io` as required, so we can
actually update traefik.
Besides this, it moves the portalhook from either `default` or
`tc-*ingressclassname*`
to `tc-system` (our project config storage namespace). In case of
ingressclass use, `portalhook` will get a suffix instead
the reason behind this is, is the fact non-SCALE users currently cannot
use ingressclass at all and neither can platforms without a `default`
namespace.
This will require all apps to be updated accordingly, as the name and
location of the middleware also changes to `tc-system`, including a
suffix with the ingressClass name where needed.
This move of portalhook, also allows us to fix the "loadbalancer port
suffixed to ingress" bug on SCALE portal button.
**⚙️ Type of change**
- [ ] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [x] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [x] 🔃 Refactor of current code
**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->
**📃 Notes:**
To be clear: IngressClass is still not 100% supported.
But that doesn't mean we should make it inherently problematic.
The "Breaking" portion of this PR, is just the fact all charts/apps have
to be updated accordingly or otherwise would not function with ingress
anymore. It does not require manual intervention byond updating, hoever.
**✔️ Checklist:**
- [ ] ⚖️ My code follows the style guidelines of this project
- [ ] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning
**➕ App addition**
If this PR is an app addition please make sure you have done the
following.
- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`
---
_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._
2023-05-24 07:54:40 +00:00
- traefik.io
2022-06-07 17:41:19 +00:00
resources :
2023-04-25 07:12:09 +00:00
- middlewares
- middlewaretcps
2022-06-07 17:41:19 +00:00
- ingressroutes
2023-04-25 07:12:09 +00:00
- traefikservices
2022-06-07 17:41:19 +00:00
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
verbs :
- get
- list
- watch
2021-09-03 22:53:15 +00:00
# -- The service account the pods will use to interact with the Kubernetes API
2021-06-10 12:49:42 +00:00
serviceAccount :
2022-06-07 17:41:19 +00:00
main :
2022-09-03 17:22:28 +00:00
enabled : true
2023-03-04 12:42:14 +00:00
primary : true
2021-09-03 22:53:15 +00:00
# -- SCALE Middleware Handlers
2021-06-30 10:56:17 +00:00
middlewares :
basicAuth : [ ]
# - name: basicauthexample
# users:
# - username: testuser
# password: testpassword
forwardAuth : [ ]
# - name: forwardAuthexample
# address: https://auth.example.com/
# authResponseHeaders:
# - X-Secret
# - X-Auth-User
# authRequestHeaders:
# - "Accept"
# - "X-CustomHeader"
# authResponseHeadersRegex: "^X-"
# trustForwardHeader: true
2023-07-15 06:54:49 +00:00
customRequestHeaders : [ ]
# - name: customRequestHeaderExample
# headers:
# - name: X-Custom-Header
# value: "foobar"
# - name: X-Header-To-Remove
# value: ""
customResponseHeaders : [ ]
# - name: customResponseHeaderExample
# headers:
# - name: X-Custom-Header
# value: "foobar"
# - name: X-Header-To-Remove
# value: ""
2023-10-27 18:15:37 +00:00
rewriteResponseHeaders : [ ]
# - name: rewriteResponseHeadersName
# headers:
# - name: "Location"
# regex: "^http://(.+)$"
# replacement: "https://$1"
# - name: "Date"
# regex: "^[^,]+,\\s*(.+)$"
# replacement: "$1"
2023-07-31 09:16:47 +00:00
customFrameOptionsValue : [ ]
# - name: customFrameOptionsValueExample
# value: "SAMEORIGIN"
buffering : [ ]
# - name: bufferingExample
# maxRequestBodyBytes: 1000000
# memRequestBodyBytes: 1000000
# maxResponseBodyBytes: 1000000
# memResponseBodyBytes: 1000000
# retryExpression: "IsNetworkError() && Attempts() < 2"
2021-07-05 08:36:05 +00:00
chain : [ ]
2021-09-08 13:38:31 +00:00
# - name: chainname
# middlewares:
# - name: compress
2021-07-05 08:36:05 +00:00
redirectScheme : [ ]
2021-09-08 13:38:31 +00:00
# - name: redirectSchemeName
# scheme: https
# permanent: true
2021-07-05 08:36:05 +00:00
rateLimit : [ ]
2021-09-08 13:38:31 +00:00
# - name: rateLimitName
# average: 300
# burst: 200
redirectRegex : [ ]
# - name: redirectRegexName
# regex: putregexhere
2022-08-27 20:58:46 +00:00
# replacement: replacementurlhere
2021-09-08 13:38:31 +00:00
# permanent: false
2022-04-04 19:48:33 +00:00
stripPrefixRegex : [ ]
# - name: stripPrefixRegexName
2022-04-04 20:40:27 +00:00
# regex: []
2021-09-08 13:38:31 +00:00
ipWhiteList : [ ]
# - name: ipWhiteListName
# sourceRange: []
# ipStrategy:
# depth: 2
# excludedIPs: []
2022-07-21 13:32:49 +00:00
themePark : [ ]
# - name: themeParkName
# -- Supported apps, lower case name
# -- https://docs.theme-park.dev/themes
# app: appnamehere
# -- Supported themes, lower case name
# -- https://docs.theme-park.dev/themes/APPNAMEHERE
# -- https://docs.theme-park.dev/community-themes
# theme: themenamehere
# -- https://theme-park.dev or a self hosted url
# baseUrl: https://theme-park.dev
2022-09-25 09:14:39 +00:00
# Sets X-Real-Ip with an IP from the X-Forwarded-For or
# Cf-Connecting-Ip (If from Cloudflare)
# Evaluation of those headers will go from last to first
realIP : [ ]
# - name: realIPName
# -- The real IP will be the first one that is
# -- not included in any of the CIDRs passed here
# excludedNetworks:
# - 1.1.1.1/24
addPrefix : [ ]
# - name: addPrefixName
# prefix: "/foo"
2022-11-13 11:03:07 +00:00
geoBlock : [ ]
# -- https://github.com/PascalMinder/geoblock
# - name: geoBlockName
# allowLocalRequests: true
# logLocalRequests: false
# logAllowedRequests: false
# logApiRequests: false
# api: https://get.geojs.io/v1/ip/country/{ip}
# apiTimeoutMs: 500
# cacheSize: 25
# forceMonthlyUpdate: true
# allowUnknownCountries: false
# unknownCountryApiResponse: nil
2023-01-16 09:06:03 +00:00
# blackListMode: false
2022-11-13 11:03:07 +00:00
# countries:
# - RU
2023-07-31 10:32:04 +00:00
modsecurity : [ ]
# - name: modsecurityName
# modSecurityUrl: modSecurity container URL
# timeoutMillis: Configurated timeout
# maxBodySize: maxBodySize
## Note: body of every request will be buffered in memory while the request is in-flight
## (i.e.: during the security check and during the request processing by traefik and the backend),
## so you may want to tune maxBodySize depending on how much RAM you have.
2021-07-05 16:13:44 +00:00
portalhook :
enabled : true
2022-07-22 15:31:30 +00:00
persistence :
plugins :
enabled : true
mountPath : "/plugins-storage"
type : emptyDir
2022-08-08 21:25:02 +00:00
portal :
2023-03-04 12:42:14 +00:00
open :
enabled : true
2023-03-19 10:58:22 +00:00
path : /dashboard/