Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code

Refactor traefik to directly use the official chart (#338) 

* Refactor traefik to directly use the official chart

* Add traefik repository to chart-testing
This commit is contained in:
Kjeld Schouten-Lebbing 2021-04-13 16:47:37 +02:00 committed by GitHub
parent e2593bb4bf
commit 821032dd97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
50 changed files with 1139 additions and 3032 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/ct-install.yaml vendored
View File

@ -7,3 +7,4 @@ chart-repos:
- truecharts=https://truecharts.org
- postgres-operator-ui=https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator-ui/
- postgres-operator=https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator/
- traefik=https://helm.traefik.io/traefik

1
.github/ct-lint.yaml vendored
View File

@ -6,3 +6,4 @@ chart-repos:
- truecharts=https://truecharts.org
- postgres-operator-ui=https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator-ui/
- postgres-operator=https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator/
- traefik=https://helm.traefik.io/traefik

6
stable/traefik/2.2.2/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: common
repository: https://truecharts.org/
version: 2.2.2
digest: sha256:82ffcab0ecb2e23d6a8a775fb2408906a40bcde3379d5575cb54542ed16aa596
generated: "2021-04-12T17:35:17.428427583Z"

202
stable/traefik/2.2.2/LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2020 Containous
Copyright 2020 Traefik Labs
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

356
stable/traefik/2.2.2/ix_values.yaml
View File

@ -1,356 +0,0 @@
##
# This file contains Values.yaml content that gets added to the output of questions.yaml
# It's ONLY meant for content that the user is NOT expected to change.
# Example: Everything under "image" is not included in questions.yaml but is included here.
##
image:
name: traefik
# defaults to appVersion
tag: v2.4
pullPolicy: IfNotPresent
#
# Configure the deployment
#
deployment:
enabled: true
# Can be either Deployment or DaemonSet
kind: Deployment
# Number of pods of the deployment (only applies when kind == Deployment)
replicas: 1
# Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
annotations: {}
# Additional pod annotations (e.g. for mesh injection or prometheus scraping)
podAnnotations: {}
# Additional Pod labels (e.g. for filtering Pod by custom labels)
podLabels: {}
# Additional containers (e.g. for metric offloading sidecars)
additionalContainers: []
# https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
# - name: socat-proxy
# image: alpine/socat:1.0.5
# args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
# volumeMounts:
# - name: dsdsocket
# mountPath: /socket
# Additional volumes available for use with initContainers and additionalContainers
additionalVolumes: []
# - name: dsdsocket
# hostPath:
# path: /var/run/statsd-exporter
# Additional initContainers (e.g. for setting file permission as shown below)
initContainers: []
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/traefik/traefik/issues/6972
# - name: volume-permissions
# image: busybox:1.31.1
# command: ["sh", "-c", "chmod -Rv 600 /data/*"]
# volumeMounts:
# - name: data
# mountPath: /data
# Custom pod DNS policy. Apply if `hostNetwork: true`
# dnsPolicy: ClusterFirstWithHostNet
# Additional imagePullSecrets
imagePullSecrets: []
# - name: myRegistryKeySecretName
# Pod disruption budget
podDisruptionBudget:
enabled: false
# maxUnavailable: 1
# minAvailable: 0
# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
ingressClass:
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled: false
isDefaultClass: false
# Activate Pilot integration
pilot:
enabled: false
token: ""
# Enable experimental features
experimental:
plugins:
enabled: false
kubernetesGateway:
enabled: false
appLabelSelector: "traefik"
certificates: []
# - group: "core"
# kind: "Secret"
# name: "mysecret"
# Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: false
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
#
# Configure providers
#
providers:
kubernetesCRD:
enabled: true
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: false
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
#
# Add volumes to the traefik pod. The volume name will be passed to tpl.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments:
# - "--providers.file.filename=/config/dynamic.toml"
volumes: []
# - name: public-cert
# mountPath: "/certs"
# type: secret
# - name: '{{ printf "%s-configs" .Release.Name }}'
# mountPath: "/config"
# type: configMap
# Additional volumeMounts to add to the Traefik container
additionalVolumeMounts: []
# For instance when using a logshipper for access logs
# - name: traefik-logs
# mountPath: /var/log/traefik
# Logs
# https://docs.traefik.io/observability/logs/
logs:
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the logs use a text format (common), but you can
# also ask for the json format in the format option
# format: json
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
access:
# To enable access logs
enabled: false
# By default, logs are written using the Common Log Format (CLF).
# To write logs in JSON, use json in the format option.
# If the given format is unsupported, the default (CLF) is used instead.
# format: json
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names: {}
# Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names: {}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
globalArguments:
- "--global.checknewversion"
# - "--global.sendanonymoususage"
#
# Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
- "--entrypoints.websecure.http.tls"
- "--ping"
- "--serverstransport.insecureskipverify=true"
# Environment variables to be passed to Traefik's binary
env: []
# - name: SOME_VAR
# value: some-var-value
# - name: SOME_VAR_FROM_CONFIG_MAP
# valueFrom:
# configMapRef:
# name: configmap-name
# key: config-key
# - name: SOME_SECRET
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: secret-key
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# TLS Options are created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# Example:
# tlsOptions:
# default:
# sniStrict: true
# preferServerCipherSuites: true
# foobar:
# curvePreferences:
# - CurveP521
# - CurveP384
tlsOptions: {}
# Options for the main traefik service, where the entrypoints traffic comes
# from.
service:
enabled: true
type: LoadBalancer
# Additional annotations (e.g. for cloud provider specific config)
annotations: {}
# Additional service labels (e.g. for filtering Service by custom labels)
labels: {}
# Additional entries here will be added to the service spec. Cannot contains
# type, selector or ports entries.
spec: {}
# externalTrafficPolicy: Cluster
# loadBalancerIP: "1.2.3.4"
# clusterIP: "2.3.4.5"
loadBalancerSourceRanges: []
# - 192.168.0.1/32
# - 172.16.0.0/16
externalIPs: []
# - 1.2.3.4
## Create HorizontalPodAutoscaler object.
##
autoscaling:
enabled: false
# minReplicas: 1
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: cpu
# targetAverageUtilization: 60
# - type: Resource
# resource:
# name: memory
# targetAverageUtilization: 60
# Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments:
# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
# It will persist TLS certificates.
persistence:
enabled: false
# existingClaim: ""
accessMode: ReadWriteOnce
size: 128Mi
# storageClass: ""
path: /data
annotations: {}
# subPath: "" # only mount a subpath of the Volume into the pod
# If hostNetwork is true, runs traefik in the host network namespace
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
# and replicas>1, a pod anti-affinity is recommended and will be set if the
# affinity is left as default.
hostNetwork: false
# Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
enabled: true
# If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
# If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
namespaced: false
# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBindin or ClusterRoleBinding
podSecurityPolicy:
enabled: false
# The service account the pods will use to interact with the Kubernetes API
serviceAccount:
# If set, an existing service account is used
# If not set, a service account is created automatically using the fullname template
name: ""
# Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {}
resources: {}
# requests:
# cpu: "100m"
# memory: "50Mi"
# limits:
# cpu: "300m"
# memory: "150Mi"
affinity: {}
# # This example pod anti-affinity forces the scheduler to put traefik pods
# # on nodes where no other traefik pods are scheduled.
# # It should be used when hostNetwork: true to prevent port conflicts
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - {{ template "traefik.name" . }}
# topologyKey: failure-domain.beta.kubernetes.io/zone
nodeSelector: {}
tolerations: []
# Pods can have priority.
# Priority indicates the importance of a Pod relative to other Pods.
priorityClassName: ""
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityContext:
fsGroup: 65532
##
# Most other defaults are set in questions.yaml
# For other options please refer to the wiki, default_values.yaml or the common library chart
##

927
stable/traefik/2.2.2/questions.yaml
View File

@ -1,927 +0,0 @@
groups:
- name: "Container Image"
description: "Image to be used for container"
- name: "Workload Configuration"
description: "Configure workload deployment"
- name: "Configuration"
description: "additional container configuration"
- name: "Networking"
description: "Configure / service for container"
- name: "Storage and Devices"
description: "Persist and share data that is separate from the lifecycle of the container"
- name: "Resource Reservation"
description: "Specify resources to be allocated to workload"
- name: "Reverse Proxy Configuration"
description: "Reverse Proxy configuration"
- name: "Advanced"
description: "Advanced Configuration"
- name: "WARNING"
description: "WARNING"
portals:
web_portal:
protocols:
- "https"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "443"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Update Policy
- variable: strategyType
group: "Container Image"
label: "Update Strategy"
schema:
type: string
default: "Recreate"
enum:
- value: "RollingUpdate"
description: "Create new pods and then kill old ones"
- value: "Recreate"
description: "Kill existing pods before creating new ones"
# Configure Time Zone
- variable: timezone
group: "Container Image"
label: "Timezone"
schema:
type: string
default: "Etc/UTC"
$ref:
- "definitions/timezone"
- variable: PUID
group: "Container Image"
label: "PUID"
description: "The UserID of the user running the application and owning the files"
schema:
type: int
default: 568
- variable: PGID
group: "Container Image"
label: "PGID"
description: "The groupID of the user/group running the application and owning the files"
schema:
type: int
default: 568
- variable: UMASK
group: "Container Image"
label: "UMASK (advanced)"
description: "The UMASK used if supported by the application"
schema:
type: string
default: "002"
## TrueCharts Specific
- variable: appVolumeMounts
label: "app storage"
group: "Storage and Devices"
schema:
type: dict
attrs:
# Data ------------------------
- variable: data
label: "data dataset"
schema:
type: dict
$ref:
- "normalize/ixVolume"
attrs:
- variable: enabled
label: "Enabled"
schema:
type: boolean
default: true
required: true
hidden: true
editable: false
- variable: setPermissions
label: "Automatic Permissions"
description: "Automatically set permissions on install"
schema:
type: boolean
default: true
hidden: false
- variable: emptyDir
label: "emptyDir"
schema:
type: boolean
default: false
hidden: true
editable: false
- variable: datasetName
label: "Dataset Name"
schema:
type: string
default: "config"
required: true
editable: false
hidden: true
- variable: mountPath
label: "Mount Path"
description: "Path to mount inside the pod"
schema:
type: path
required: true
default: "/data"
editable: false
- variable: hostPathEnabled
label: "host Path Enabled"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostPath
label: "Host Path"
schema:
type: hostpath
required: true
- variable: additionalAppVolumeMounts
label: "Custom app storage"
group: "Storage and Devices"
schema:
type: list
default: []
items:
- variable: volumeMount
label: "Custom Storage"
schema:
type: dict
attrs:
- variable: enabled
label: "Enabled"
schema:
type: boolean
default: true
required: true
hidden: true
editable: false
- variable: setPermissions
label: "Automatic Permissions"
description: "Automatically set permissions on install"
schema:
type: boolean
default: true
hidden: false
- variable: name
label: "Mountpoint Name"
schema:
type: string
default: ""
required: true
editable: true
- variable: emptyDir
label: "emptyDir"
schema:
type: boolean
default: false
hidden: true
editable: false
- variable: mountPath
label: "Mount Path"
description: "Path to mount inside the pod"
schema:
type: path
required: true
default: ""
editable: true
- variable: hostPathEnabled
label: "host Path Enabled"
schema:
type: boolean
default: true
hidden: true
- variable: hostPath
label: "Host Path"
schema:
type: hostpath
required: true
- variable: ingress
label: ""
group: "Reverse Proxy Configuration"
schema:
type: dict
attrs:
- variable: main
label: "WebUI"
schema:
type: dict
attrs:
- variable: enabled
label: "Enable Web Reverse Proxy"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
label: "Reverse Proxy Type"
schema:
type: string
default: "HTTP-IR"
hidden: true
editable: false
required: true
- variable: serviceName
label: "Service name to proxy to"
schema:
hidden: true
editable: false
type: string
default: "api@internal"
- variable: serviceKind
label: "Service Kind to proxy to"
schema:
hidden: true
editable: false
type: string
default: "TraefikService"
- variable: entrypoint
label: "Select Entrypoint"
schema:
type: string
default: "websecure"
required: true
enum:
- value: "websecure"
description: "Websecure: HTTPS/TLS port 443"
- variable: hosts
label: "Hosts"
schema:
type: list
default: []
items:
- variable: host
label: "Host"
schema:
type: dict
attrs:
- variable: host
label: "Domain Name"
required: true
schema:
type: string
- variable: path
label: "path"
schema:
type: string
required: true
hidden: true
default: "/"
- variable: certType
label: "Select Certificate Type"
schema:
type: string
default: "selfsigned"
enum:
- value: ""
description: "No Encryption/TLS/Certificates"
- value: "selfsigned"
description: "Self-Signed Certificate"
- value: "ixcert"
description: "TrueNAS SCALE Certificate"
- variable: certificate
label: "Select TrueNAS SCALE Certificate"
schema:
type: int
show_if: [["certType", "=", "ixcert"]]
$ref:
- "definitions/certificate"
- variable: authForwardURL
label: "Forward Authentication URL"
schema:
type: string
default: ""
- variable: ports
label: "(Advanced) Traefik Entrypoints"
group: "Advanced"
schema:
type: dict
attrs:
- variable: traefik
label: "traefik internal"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 9000
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
default: 9000
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
default: "TCP"
- variable: web
label: "web"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 8081
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 80
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: redirectEnable
label: "Enable Redirect"
schema:
type: boolean
default: true
show_subquestions_if: true
subquestions:
- variable: redirectTo
label: "Target Entrypoint"
description: "Select the Target Entrypoint to redirect to"
schema:
type: string
required: true
default: "websecure"
- variable: websecure
label: "websecure"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 8443
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 443
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: plex
label: "plex"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 32400
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: false
default: 32400
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: kms
label: "kms"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 51688
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 1688
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: dns-tcp
label: "dns-tcp"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 5353
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 53
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: dns-udp
label: "dns-udp"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 5353
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 53
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "UDP"
hidden: true
- variable: stun-tcp
label: "stun-tcp"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 3478
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 3478
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: stun-udp
label: "stun-udp"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 3478
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 3478
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "UDP"
hidden: true
- variable: radius
label: "radius"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 51812
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 1812
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "UDP"
hidden: true
- variable: radius-acc
label: "radius-acc"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 51813
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 1813
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "UDP"
hidden: true
- variable: ldaps
label: "ldaps"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 50636
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 636
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
hidden: true
default: "TCP"
- variable: unificom
label: "unificom"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
hide: true
default: 8080
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 8080
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: externalServices
label: "(Advanced) Add External Services"
group: "Advanced"
schema:
type: list
default: []
items:
- variable: externalService
label: "External Service"
schema:
type: dict
attrs:
- variable: enabled
label: "Enable Web Reverse Proxy"
schema:
type: boolean
hidden: true
editable: false
default: true
- variable: type
label: "Reverse Proxy Type"
schema:
type: string
default: "HTTP"
hidden: true
editable: false
required: true
- variable: serviceName
label: "Service name to proxy to"
schema:
hidden: true
editable: false
type: string
default: ""
- variable: serviceTarget
label: "IP Adress of the external service"
schema:
hidden: false
editable: true
required: true
type: string
default: "192.168.0.0"
- variable: servicePort
label: "External Service Port"
description: "The port on the external service you want to proxy"
schema:
hidden: false
required: true
editable: true
type: int
default: 80
- variable: serviceType
label: "Connection Type"
description: "Connection Type between Traefik and the external service"
schema:
hidden: false
editable: true
required: true
default: "HTTP"
type: string
enum:
- value: "HTTP"
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- variable: serviceKind
label: "Service Kind to proxy to"
schema:
hidden: true
editable: false
type: string
default: ""
- variable: entrypoint
label: "Select Entrypoint"
schema:
type: string
default: "websecure"
required: true
enum:
- value: "websecure"
description: "Websecure: HTTPS/TLS port 443"
- variable: host
label: "Domain Name"
required: true
schema:
type: string
- variable: path
label: "path"
schema:
type: string
required: true
hidden: false
default: "/"
- variable: certType
label: "Select Certificate Type"
schema:
type: string
default: "selfsigned"
enum:
- value: ""
description: "No Encryption/TLS/Certificates"
- value: "selfsigned"
description: "Self-Signed Certificate"
- value: "ixcert"
description: "TrueNAS SCALE Certificate"
- variable: certificate
label: "Select TrueNAS SCALE Certificate"
schema:
type: int
show_if: [["certType", "=", "ixcert"]]
$ref:
- "definitions/certificate"
- variable: authForwardURL
label: "Forward Authentication URL"
schema:
type: string
default: ""
- variable: warning
label: "This App binds to the same ports as the defaults for TrueNAS SCALE UI (80 and 443). This means you may not be able to access the TrueNAS SCALE UI after starting the App."
description: "Please be sure to set the UI to a different port or adapter"
group: "WARNING"
schema:
type: dict
attrs:
- variable: confirm-warning
description: "Check this to confirm you have made precautions against conflicts on port 80 and 443, such as running the TrueNAS SCALE UI on a different port or adapter."
label: "I understand above warning and its consequences"
schema:
type: boolean
default: false
required: true

62
stable/traefik/2.2.2/templates/_helpers.tpl
View File

@ -1,62 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "traefik.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "traefik.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "traefik.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
The name of the service account to use
*/}}
{{- define "traefik.serviceAccountName" -}}
{{- default (include "traefik.fullname" .) .Values.serviceAccount.name -}}
{{- end -}}
{{/*
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
By convention this will simply use the <namespace>/<service-name> to match the name of the
service generated.
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
*/}}
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "traefik.fullname" .) -}}
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
{{- print $servicePath | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct a comma-separated list of whitelisted namespaces
*/}}
{{- define "providers.kubernetesIngress.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
{{- end -}}
{{- define "providers.kubernetesCRD.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
{{- end -}}

261
stable/traefik/2.2.2/templates/_podtemplate.tpl
View File

@ -1,261 +0,0 @@
{{- define "traefik.podTemplate" }}
metadata:
annotations:
{{- with .Values.deployment.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.deployment.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.deployment.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "traefik.serviceAccountName" . }}
terminationGracePeriodSeconds: 60
hostNetwork: {{ .Values.hostNetwork }}
{{- with .Values.deployment.dnsPolicy }}
dnsPolicy: {{ . }}
{{- end }}
{{- with .Values.deployment.initContainers }}
initContainers:
{{- toYaml . | nindent 6 }}
{{- end }}
containers:
- image: "{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: {{ template "traefik.fullname" . }}
resources:
{{- with .Values.resources }}
{{- toYaml . | nindent 10 }}
{{- end }}
readinessProbe:
httpGet:
path: /ping
port: {{ .Values.ports.traefik.port }}
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
httpGet:
path: /ping
port: {{ .Values.ports.traefik.port }}
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
ports:
{{- range $name, $config := .Values.ports }}
{{- if $config }}
- name: {{ $name | quote }}
containerPort: {{ $config.port }}
{{- if $config.hostPort }}
hostPort: {{ $config.hostPort }}
{{- end }}
{{- if $config.hostIP }}
hostIP: {{ $config.hostIP }}
{{- end }}
protocol: {{ default "TCP" $config.protocol | quote }}
{{- end }}
{{- end }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- end }}
volumeMounts:
{{- include "common.storage.allContainerVolumeMounts" . | indent 10 }}
{{- if .Values.persistence.enabled }}
- name: {{ .Values.persistence.name }}
mountPath: {{ .Values.persistence.path }}
{{- if .Values.persistence.subPath }}
subPath: {{ .Values.persistence.subPath }}
{{- end }}
{{- end }}
- name: tmp
mountPath: /tmp
{{- $root := . }}
{{- range .Values.volumes }}
- name: {{ tpl (.name) $root }}
mountPath: {{ .mountPath }}
readOnly: true
{{- end }}
{{- if .Values.experimental.plugins.enabled }}
- name: plugins
mountPath: "/plugins-storage"
{{- end }}
{{- if .Values.additionalVolumeMounts }}
{{- toYaml .Values.additionalVolumeMounts | nindent 10 }}
{{- end }}
args:
{{- with .Values.globalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- range $name, $config := .Values.ports }}
{{- if $config }}
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
{{- end }}
{{- end }}
- "--api.dashboard=true"
- "--ping=true"
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd"
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress"
{{- if and .Values.service.enabled .Values.providers.kubernetesIngress.publishedService.enabled }}
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
{{- end }}
{{- end }}
{{- if .Values.experimental.kubernetesGateway.enabled }}
- "--providers.kubernetesgateway"
- "--experimental.kubernetesgateway"
{{- end }}
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
{{- end }}
{{- range $entrypoint, $config := $.Values.ports }}
{{- if $config.redirectTo }}
{{- $toPort := index $.Values.ports $config.redirectTo }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.exposedPort }}"
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
{{- end }}
{{- if $config.tls }}
{{- if $config.tls.enabled }}
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
{{- if $config.tls.options }}
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
{{- end }}
{{- if $config.tls.certResolver }}
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
{{- end }}
{{- if $config.tls.domains }}
{{- range $index, $domain := $config.tls.domains }}
{{- if $domain.main }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
{{- end }}
{{- if $domain.sans }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.logs }}
{{- if .general.format }}
- "--log.format={{ .general.format }}"
{{- end }}
{{- if ne .general.level "ERROR" }}
- "--log.level={{ .general.level | upper }}"
{{- end }}
{{- if .access.enabled }}
- "--accesslog=true"
{{- if .access.format }}
- "--accesslog.format={{ .access.format }}"
{{- end }}
{{- if .access.bufferingsize }}
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
{{- end }}
{{- if .access.filters }}
{{- if .access.filters.statuscodes }}
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
{{- end }}
{{- if .access.filters.retryattempts }}
- "--accesslog.filters.retryattempts"
{{- end }}
{{- if .access.filters.minduration }}
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
{{- end }}
{{- end }}
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.pilot.enabled }}
- "--pilot.token={{ .Values.pilot.token }}"
{{- end }}
{{- with .Values.additionalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- with .Values.env }}
env:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.envFrom }}
envFrom:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.deployment.additionalContainers }}
{{- toYaml .Values.deployment.additionalContainers | nindent 6 }}
{{- end }}
volumes:
{{- if .Values.appVolumeMounts }}
{{- include "common.storage.allAppVolumes" . | indent 8 }}
{{- else if .Values.persistence.enabled }}
- name: data
persistentVolumeClaim:
claimName: {{ default (include "traefik.fullname" .) .Values.persistence.existingClaim }}
{{- else }}
- name: data
emptyDir: {}
{{- end }}
- name: tmp
emptyDir: {}
{{- $root := . }}
{{- range .Values.volumes }}
- name: {{ tpl (.name) $root }}
{{- if eq .type "secret" }}
secret:
secretName: {{ tpl (.name) $root }}
{{- else if eq .type "configMap" }}
configMap:
name: {{ tpl (.name) $root }}
{{- end }}
{{- end }}
{{- if .Values.deployment.additionalVolumes }}
{{- toYaml .Values.deployment.additionalVolumes | nindent 8 }}
{{- end }}
{{- if .Values.experimental.plugins.enabled }}
- name: plugins
emptyDir: {}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ end -}}

37
stable/traefik/2.2.2/templates/daemonset.yaml
View File

@ -1,37 +0,0 @@
{{- if and .Values.deployment.enabled (eq .Values.deployment.kind "DaemonSet") -}}
{{- with .Values.additionalArguments -}}
{{- range . -}}
{{- if contains ".acme." . -}}
{{- fail (printf "ACME functionality is not supported when running Traefik as a DaemonSet") -}}
{{- end -}}
{{- end -}}
{{- end -}}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.deployment.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
{{- with .Values.deployment.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: {{ .Values.rollingUpdate.maxUnavailable }}
template: {{ template "traefik.podTemplate" . }}
{{- end -}}

28
stable/traefik/2.2.2/templates/dashboard-hook-ingressroute.yaml
View File

@ -1,28 +0,0 @@
{{- if .Values.ingressRoute.dashboard.enabled -}}
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: {{ template "traefik.fullname" . }}-dashboard
annotations:
helm.sh/hook: "post-install,post-upgrade"
{{- with .Values.ingressRoute.dashboard.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.ingressRoute.dashboard.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
entryPoints:
- traefik
routes:
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
{{- end -}}

41
stable/traefik/2.2.2/templates/deployment.yaml
View File

@ -1,41 +0,0 @@
{{- if and .Values.deployment.enabled (eq .Values.deployment.kind "Deployment") -}}
{{- if gt (int .Values.deployment.replicas) 1 -}}
{{- with .Values.additionalArguments -}}
{{- range . -}}
{{- if contains ".acme." . -}}
{{- fail (printf "You can not enable acme if you set more than one traefik replica") -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
{{- with .Values.deployment.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ default 1 .Values.deployment.replicas }}
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
strategy:
type: RollingUpdate
rollingUpdate:
{{- with .Values.rollingUpdate }}
{{- toYaml . | nindent 6 }}
{{- end }}
template: {{ template "traefik.podTemplate" . }}
{{- end -}}

33
stable/traefik/2.2.2/templates/gateway.yaml
View File

@ -1,33 +0,0 @@
{{- if .Values.experimental.kubernetesGateway.enabled }}
---
apiVersion: networking.x-k8s.io/v1alpha1
kind: Gateway
metadata:
name: traefik-gateway
namespace: default
spec:
gatewayClassName: traefik
listeners:
- port: {{ .Values.ports.web.port }}
protocol: HTTP
routes:
kind: HTTPRoute
selector:
matchLabels:
app: {{ .Values.experimental.kubernetesGateway.appLabelSelector }}
{{- range $index, $cert:= .Values.experimental.kubernetesGateway.certificates }}
- port: {{ $.Values.ports.websecure.port }}
protocol: HTTPS
tls:
certificateRef:
name: {{ $cert.name }}
group: {{ $cert.group }}
kind: {{ $cert.kind }}
routes:
kind: HTTPRoute
selector:
matchLabels:
app: {{ $.Values.experimental.kubernetesGateway.appLabelSelector }}
{{- end }}
{{- end }}

9
stable/traefik/2.2.2/templates/gatewayclass.yaml
View File

@ -1,9 +0,0 @@
{{- if .Values.experimental.kubernetesGateway.enabled }}
---
kind: GatewayClass
apiVersion: networking.x-k8s.io/v1alpha1
metadata:
name: traefik
spec:
controller: traefik.io/gateway-controller
{{- end }}

20
stable/traefik/2.2.2/templates/hpa.yaml
View File

@ -1,20 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "traefik.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{ toYaml .Values.autoscaling.metrics | indent 4 }}
{{- end }}

21
stable/traefik/2.2.2/templates/ingressclass.yaml
View File

@ -1,21 +0,0 @@
{{- if and .Values.ingressClass.enabled (semverCompare ">=2.3.0" (default .Chart.AppVersion .Values.image.tag)) -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
{{- fail "\n\n ERROR: You must have atleast networking.k8s.io/v1beta1 to use ingressClass" }}
{{- end }}
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
name: {{ template "traefik.fullname" . }}
spec:
controller: traefik.io/ingress-controller
{{- end }}

22
stable/traefik/2.2.2/templates/poddisruptionbudget.yaml
View File

@ -1,22 +0,0 @@
{{- if .Values.podDisruptionBudget.enabled -}}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable | int }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable | int }}
{{- end }}
{{- end -}}

24
stable/traefik/2.2.2/templates/pvc.yaml
View File

@ -1,24 +0,0 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "traefik.fullname" . }}
annotations:
{{- with .Values.persistence.annotations }}
{{ toYaml . | indent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass | quote }}
{{- end }}
{{- end -}}

112
stable/traefik/2.2.2/templates/rbac/clusterrole.yaml
View File

@ -1,112 +0,0 @@
{{- if and .Values.rbac.enabled (not .Values.rbac.namespaced) -}}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- policy
resourceNames:
- {{ template "traefik.fullname" . }}
resources:
- podsecuritypolicies
verbs:
- use
{{- end -}}
{{- if .Values.experimental.kubernetesGateway.enabled }}
- apiGroups:
- networking.x-k8s.io
resources:
- gatewayclasses
- gatewayclasses/status
- gateways
verbs:
- get
- list
- watch
- apiGroups:
- networking.x-k8s.io
resources:
- gatewayclasses/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.x-k8s.io
resources:
- gateways/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.x-k8s.io
resources:
- httproutes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.x-k8s.io
resources:
- httproutes/status
verbs:
- get
- patch
- update
{{- end -}}
{{- end -}}

19
stable/traefik/2.2.2/templates/rbac/clusterrolebinding.yaml
View File

@ -1,19 +0,0 @@
{{- if and .Values.rbac.enabled (not .Values.rbac.namespaced) }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "traefik.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "traefik.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

69
stable/traefik/2.2.2/templates/rbac/podsecuritypolicy.yaml
View File

@ -1,69 +0,0 @@
{{- if .Values.podSecurityPolicy.enabled }}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
{{- if not .Values.securityContext.runAsNonRoot }}
allowedCapabilities:
- NET_BIND_SERVICE
{{- end }}
hostNetwork: {{ .Values.hostNetwork }}
hostIPC: false
hostPID: false
fsGroup:
{{- if .Values.securityContext.runAsNonRoot }}
ranges:
- max: 65535
min: 1
rule: MustRunAs
{{- else }}
rule: RunAsAny
{{- end }}
{{- if .Values.hostNetwork }}
hostPorts:
- max: 65535
min: 1
{{- end }}
readOnlyRootFilesystem: true
runAsUser:
{{- if .Values.securityContext.runAsNonRoot }}
rule: MustRunAsNonRoot
{{- else }}
rule: RunAsAny
{{- end }}
seLinux:
rule: RunAsAny
supplementalGroups:
{{- if .Values.securityContext.runAsNonRoot }}
ranges:
- max: 65535
min: 1
rule: MustRunAs
{{- else }}
rule: RunAsAny
{{- end }}
volumes:
- configMap
- downwardAPI
- secret
- emptyDir
- projected
- allowedHostPaths
{{- if .Values.persistence.enabled }}
- persistentVolumeClaim
{{- end -}}
{{- end -}}

61
stable/traefik/2.2.2/templates/rbac/role.yaml
View File

@ -1,61 +0,0 @@
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups:
- extensions
resourceNames:
- {{ template "traefik.fullname" . }}
resources:
- podsecuritypolicies
verbs:
- use
{{- end -}}
{{- end -}}

19
stable/traefik/2.2.2/templates/rbac/rolebinding.yaml
View File

@ -1,19 +0,0 @@
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "traefik.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "traefik.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

15
stable/traefik/2.2.2/templates/rbac/serviceaccount.yaml
View File

@ -1,15 +0,0 @@
{{- if not .Values.serviceAccount.name -}}
kind: ServiceAccount
apiVersion: v1
metadata:
name: {{ include "traefik.serviceAccountName" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
{{- with .Values.serviceAccountAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

112
stable/traefik/2.2.2/templates/service.yaml
View File

@ -1,112 +0,0 @@
{{- if .Values.service.enabled -}}
{{ $tcpPorts := dict }}
{{ $udpPorts := dict }}
{{- range $name, $config := .Values.ports }}
{{- if eq (toString $config.protocol) "UDP" }}
{{ $_ := set $udpPorts $name $config }}
{{- else }}
{{ $_ := set $tcpPorts $name $config }}
{{- end }}
{{- end }}
apiVersion: v1
kind: List
items:
{{- if $tcpPorts }}
- apiVersion: v1
kind: Service
metadata:
name: {{ template "traefik.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.service.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations:
{{- with .Values.service.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- $type := default "LoadBalancer" .Values.service.type }}
type: {{ $type }}
{{- with .Values.service.spec }}
{{- toYaml . | nindent 6 }}
{{- end }}
selector:
app.kubernetes.io/name: {{ template "traefik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
ports:
{{- range $name, $config := $tcpPorts }}
{{- if $config.expose }}
- port: {{ default $config.port $config.exposedPort }}
name: {{ $name }}
targetPort: {{ $name | quote }}
protocol: {{ default "TCP" $config.protocol | quote }}
{{- if $config.nodePort }}
nodePort: {{ $config.nodePort }}
{{- end }}
{{- end }}
{{- end }}
{{- if eq $type "LoadBalancer" }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 6 }}
{{- end -}}
{{- end -}}
{{- with .Values.service.externalIPs }}
externalIPs:
{{- toYaml . | nindent 6 }}
{{- end -}}
{{- end }}
{{- if $udpPorts }}
- apiVersion: v1
kind: Service
metadata:
name: {{ template "traefik.fullname" . }}-udp
labels:
app.kubernetes.io/name: {{ template "traefik.name" . }}
helm.sh/chart: {{ template "traefik.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
{{- with .Values.service.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- $type := default "LoadBalancer" .Values.service.type }}
type: {{ $type }}
{{- with .Values.service.spec }}
{{- toYaml . | nindent 6 }}
{{- end }}
selector:
app.kubernetes.io/name: {{ template "traefik.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
ports:
{{- range $name, $config := $udpPorts }}
{{- if $config.expose }}
- port: {{ default $config.port $config.exposedPort }}
name: {{ $name }}
targetPort: {{ $name | quote }}
protocol: {{ default "UDP" $config.protocol | quote }}
{{- if $config.nodePort }}
nodePort: {{ $config.nodePort }}
{{- end }}
{{- end }}
{{- end }}
{{- if eq $type "LoadBalancer" }}
{{- with .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- toYaml . | nindent 6 }}
{{- end -}}
{{- end -}}
{{- with .Values.service.externalIPs }}
externalIPs:
{{- toYaml . | nindent 6 }}
{{- end -}}
{{- end }}
{{- end -}}

14
stable/traefik/2.2.2/templates/tlsoption.yaml
View File

@ -1,14 +0,0 @@
{{- range $name, $config := .Values.tlsOptions }}
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: {{ $name }}
labels:
app.kubernetes.io/name: {{ template "traefik.name" $ }}
helm.sh/chart: {{ template "traefik.chart" $ }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
app.kubernetes.io/instance: {{ $.Release.Name }}
spec:
{{- toYaml $config | nindent 2 }}
---
{{- end -}}

559
stable/traefik/2.2.2/test_values.yaml
View File

@ -1,559 +0,0 @@
# Default values for Traefik
image:
name: traefik
# defaults to appVersion
tag: v2.4
pullPolicy: IfNotPresent
##
# Configure the deployment
##
deployment:
enabled: true
# Can be either Deployment or DaemonSet
kind: Deployment
# Number of pods of the deployment (only applies when kind == Deployment)
replicas: 1
# Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
annotations: {}
# Additional pod annotations (e.g. for mesh injection or prometheus scraping)
podAnnotations: {}
# Additional Pod labels (e.g. for filtering Pod by custom labels)
podLabels: {}
# Additional containers (e.g. for metric offloading sidecars)
additionalContainers: []
# https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
# - name: socat-proxy
# image: alpine/socat:1.0.5
# args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
# volumeMounts:
# - name: dsdsocket
# mountPath: /socket
# Additional volumes available for use with initContainers and additionalContainers
additionalVolumes: []
# - name: dsdsocket
# hostPath:
# path: /var/run/statsd-exporter
# Additional initContainers (e.g. for setting file permission as shown below)
initContainers: []
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/traefik/traefik/issues/6972
# - name: volume-permissions
# image: busybox:1.31.1
# command: ["sh", "-c", "chmod -Rv 600 /data/*"]
# volumeMounts:
# - name: data
# mountPath: /data
# Custom pod DNS policy. Apply if `hostNetwork: true`
# dnsPolicy: ClusterFirstWithHostNet
# Additional imagePullSecrets
imagePullSecrets: []
# - name: myRegistryKeySecretName
# Pod disruption budget
podDisruptionBudget:
enabled: false
# maxUnavailable: 1
# minAvailable: 0
# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
ingressClass:
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled: false
isDefaultClass: false
# Activate Pilot integration
pilot:
enabled: false
token: ""
# Enable experimental features
experimental:
plugins:
enabled: false
kubernetesGateway:
enabled: false
appLabelSelector: "traefik"
certificates: []
# - group: "core"
# kind: "Secret"
# name: "mysecret"
# Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: false
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
##
# Configure providers
##
providers:
kubernetesCRD:
enabled: true
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: false
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
##
# Add volumes to the traefik pod. The volume name will be passed to tpl.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments:
# - "--providers.file.filename=/config/dynamic.toml"
volumes: []
# - name: public-cert
# mountPath: "/certs"
# type: secret
# - name: '{{ printf "%s-configs" .Release.Name }}'
# mountPath: "/config"
# type: configMap
# Additional volumeMounts to add to the Traefik container
additionalVolumeMounts: []
# For instance when using a logshipper for access logs
# - name: traefik-logs
# mountPath: /var/log/traefik
# Logs
# https://docs.traefik.io/observability/logs/
logs:
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the logs use a text format (common), but you can
# also ask for the json format in the format option
# format: json
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
access:
# To enable access logs
enabled: false
# By default, logs are written using the Common Log Format (CLF).
# To write logs in JSON, use json in the format option.
# If the given format is unsupported, the default (CLF) is used instead.
# format: json
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names: {}
# Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names: {}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
globalArguments:
- "--global.checknewversion"
##
# Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
# - "--metrics.prometheus"
- "--entrypoints.websecure.http.tls"
- "--ping"
- "--serverstransport.insecureskipverify=true"
# Environment variables to be passed to Traefik's binary
env: []
# - name: SOME_VAR
# value: some-var-value
# - name: SOME_VAR_FROM_CONFIG_MAP
# valueFrom:
# configMapRef:
# name: configmap-name
# key: config-key
# - name: SOME_SECRET
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: secret-key
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# Configure ports
ports:
# The name of this one can't be changed as it is used for the readiness and
# liveness probes, but you can adjust its config to your liking
traefik:
port: 9000
# Use hostPort if set.
# hostPort: 9000
#
# Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
# means it's listening on all your interfaces and all your IPs. You may want
# to set this value if you need traefik to listen on specific interface
# only.
# hostIP: 192.168.100.10
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# You SHOULD NOT expose the traefik port on production deployments.
# If you want to access it from outside of your cluster,
# use `kubectl port-forward` or create a secure ingress
expose: false
# The exposed port for this service
exposedPort: 9000
# The port protocol (TCP/UDP)
protocol: TCP
web:
port: 8000
# hostPort: 8000
expose: true
exposedPort: 80
# The port protocol (TCP/UDP)
protocol: TCP
# Use nodeport if set. This is useful if you have configured Traefik in a
# LoadBalancer
# nodePort: 32080
# Port Redirections
# Added in 2.2, you can make permanent redirects via entrypoints.
# https://docs.traefik.io/routing/entrypoints/#redirection
redirectTo: websecure
websecure:
port: 8443
# hostPort: 8443
expose: true
exposedPort: 443
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
plex:
port: 32400
# hostPort: 8443
expose: true
exposedPort: 32400
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
kms:
port: 51688
# hostPort: 8443
expose: true
exposedPort: 1688
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
dns-tcp:
port: 5353
# hostPort: 8443
expose: true
exposedPort: 5353
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
dns-udp:
port: 5353
# hostPort: 8443
expose: true
exposedPort: 5353
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
stun-tcp:
port: 3478
# hostPort: 8443
expose: true
exposedPort: 3478
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
stun-udp:
port: 3478
# hostPort: 8443
expose: true
exposedPort: 3478
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
torrent-tcp:
port: 51413
# hostPort: 8443
expose: true
exposedPort: 51413
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
torrent-udp:
port: 51413
# hostPort: 8443
expose: true
exposedPort: 51413
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
radius:
port: 51812
# hostPort: 8443
expose: true
exposedPort: 1812
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
radius-acc:
port: 51813
# hostPort: 8443
expose: true
exposedPort: 1813
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
ldaps:
port: 50636
# hostPort: 8443
expose: true
exposedPort: 636
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
unificom:
port: 8080
# hostPort: 8443
expose: true
exposedPort: 8080
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
# TLS Options are created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# Example:
# tlsOptions:
# default:
# sniStrict: true
# preferServerCipherSuites: true
# foobar:
# curvePreferences:
# - CurveP521
# - CurveP384
tlsOptions: {}
# Options for the main traefik service, where the entrypoints traffic comes
# from.
service:
enabled: true
type: LoadBalancer
# Additional annotations (e.g. for cloud provider specific config)
annotations: {}
# Additional service labels (e.g. for filtering Service by custom labels)
labels: {}
# Additional entries here will be added to the service spec. Cannot contains
# type, selector or ports entries.
spec: {}
# externalTrafficPolicy: Cluster
# loadBalancerIP: "1.2.3.4"
# clusterIP: "2.3.4.5"
loadBalancerSourceRanges: []
# - 192.168.0.1/32
# - 172.16.0.0/16
externalIPs:
- 192.168.66.6
## Create HorizontalPodAutoscaler object.
##
autoscaling:
enabled: false
# minReplicas: 1
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: cpu
# targetAverageUtilization: 60
# - type: Resource
# resource:
# name: memory
# targetAverageUtilization: 60
# Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments:
# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
# It will persist TLS certificates.
persistence:
enabled: false
# existingClaim: ""
# accessMode: ReadWriteOnce
# size: 128Mi
## storageClass: ""
# path: /data
# annotations: {}
## subPath: "" # only mount a subpath of the Volume into the pod
# If hostNetwork is true, runs traefik in the host network namespace
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
# and replicas>1, a pod anti-affinity is recommended and will be set if the
# affinity is left as default.
hostNetwork: false
# Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
enabled: true
# If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
# If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
namespaced: false
# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBindin or ClusterRoleBinding
podSecurityPolicy:
enabled: false
# The service account the pods will use to interact with the Kubernetes API
serviceAccount:
# If set, an existing service account is used
# If not set, a service account is created automatically using the fullname template
name: ""
# Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {}
resources: {}
# requests:
# cpu: "100m"
# memory: "50Mi"
# limits:
# cpu: "300m"
# memory: "150Mi"
affinity: {}
# # This example pod anti-affinity forces the scheduler to put traefik pods
# # on nodes where no other traefik pods are scheduled.
# # It should be used when hostNetwork: true to prevent port conflicts
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app
# operator: In
# values:
# - {{ template "traefik.name" . }}
# topologyKey: failure-domain.beta.kubernetes.io/zone
nodeSelector: {}
tolerations: []
# Pods can have priority.
# Priority indicates the importance of a Pod relative to other Pods.
priorityClassName: ""
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityContext:
fsGroup: 65532
appVolumeMounts:
data:
enabled: true
emptyDir: true
mountPath: "/data"
ingress:
dashboard:
enabled: true
type: "HTTP-IR"
entrypoint: "websecure"
certType: "selfsigned"
serviceName: api@internal
servicePort:
serviceKind: "TraefikService"
annotations: {}
labels: {}
hosts:
- host: chart-example.local
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
externalServices:
- enabled: true
name: "test"
type: "HTTP"
entrypoint: "websecure"
certType: "selfsigned"
serviceTarget: "192.168.10.20"
servicePort: 9443
serviceKind: ""
annotations: {}
labels: {}
hosts:
- host: radarr.staging.schouten-lebbing.nl
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix

0
stable/traefik/2.2.2/.helmignore → stable/traefik/3.0.0/.helmignore
View File

0
stable/traefik/2.2.2/CONFIG.md → stable/traefik/3.0.0/CONFIG.md
View File

9
stable/traefik/3.0.0/Chart.lock Normal file
View File

@ -0,0 +1,9 @@
dependencies:
- name: common
repository: https://truecharts.org/
version: 2.2.2
- name: traefik
repository: https://helm.traefik.io/traefik
version: v9.18.2
digest: sha256:a6f9c5a20c8d557795c02ffa5b2fb5634570c322ab2be5e7281a1907a56a643c
generated: "2021-04-13T14:25:08.3360728+02:00"

8
stable/traefik/2.2.2/Chart.yaml → stable/traefik/3.0.0/Chart.yaml
View File

@ -1,9 +1,8 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: traefik
version: 2.2.2
upstream_version: 9.15.2
appVersion: "2.4"
version: 3.0.0
appVersion: "auto"
description: A Traefik based Reverse Proxy and Certificate Manager
type: application
deprecated: false
@ -22,6 +21,9 @@ dependencies:
repository: https://truecharts.org/
version: 2.2.2
# condition:
- name: traefik
repository: https://helm.traefik.io/traefik
version: v9.18.2
maintainers:
- name: TrueCharts
email: info@truecharts.org

0
stable/traefik/2.2.2/Guidelines.md → stable/traefik/3.0.0/Guidelines.md
View File

0
stable/traefik/2.2.2/README.md → stable/traefik/3.0.0/README.md
View File

0
stable/traefik/2.2.2/app-readme.md → stable/traefik/3.0.0/app-readme.md
View File

0
stable/traefik/2.2.2/charts/common-2.2.2.tgz → stable/traefik/3.0.0/charts/common-2.2.2.tgz
View File

BIN
stable/traefik/3.0.0/charts/traefik-9.18.2.tgz Normal file
View File

Binary file not shown.

0
stable/traefik/2.2.2/crds/ingressroute.yaml → stable/traefik/3.0.0/crds/ingressroute.yaml
View File

0
stable/traefik/2.2.2/crds/ingressroutetcp.yaml → stable/traefik/3.0.0/crds/ingressroutetcp.yaml
View File

0
stable/traefik/2.2.2/crds/ingressrouteudp.yaml → stable/traefik/3.0.0/crds/ingressrouteudp.yaml
View File

0
stable/traefik/2.2.2/crds/middlewares.yaml → stable/traefik/3.0.0/crds/middlewares.yaml
View File

0
stable/traefik/2.2.2/crds/serverstransports.yaml → stable/traefik/3.0.0/crds/serverstransports.yaml
View File

0
stable/traefik/2.2.2/crds/tlsoptions.yaml → stable/traefik/3.0.0/crds/tlsoptions.yaml
View File

0
stable/traefik/2.2.2/crds/tlsstores.yaml → stable/traefik/3.0.0/crds/tlsstores.yaml
View File

0
stable/traefik/2.2.2/crds/traefikservices.yaml → stable/traefik/3.0.0/crds/traefikservices.yaml
View File

54
stable/traefik/3.0.0/ix_values.yaml Normal file
View File

@ -0,0 +1,54 @@
##
# This file contains Values.yaml content that gets added to the output of questions.yaml
# It's ONLY meant for content that the user is NOT expected to change.
# Example: Everything under "image" is not included in questions.yaml but is included here.
##
image:
name: traefik
# defaults to appVersion
tag: v2.4
pullPolicy: IfNotPresent
traefik:
globalArguments:
- "--global.checknewversion"
##
# Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
# - "--metrics.prometheus"
- "--entrypoints.websecure.http.tls"
- "--ping"
- "--serverstransport.insecureskipverify=true"
# TLS Options are created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# Example:
# tlsOptions:
# default:
# sniStrict: true
# preferServerCipherSuites: true
# foobar:
# curvePreferences:
# - CurveP521
# - CurveP384
tlsOptions: {}
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityContext:
fsGroup: 65532

790
stable/traefik/3.0.0/questions.yaml Normal file
View File

@ -0,0 +1,790 @@
groups:
- name: "Container Image"
description: "Image to be used for container"
- name: "Workload Configuration"
description: "Configure workload deployment"
- name: "Configuration"
description: "additional container configuration"
- name: "Networking"
description: "Configure / service for container"
- name: "Storage"
description: "Persist and share data that is separate from the lifecycle of the container"
- name: "Resource Reservation"
description: "Specify resources to be allocated to workload"
- name: "Reverse Proxy Configuration"
description: "Reverse Proxy configuration"
- name: "Advanced"
description: "Advanced Configuration"
- name: "WARNING"
description: "WARNING"
portals:
web_portal:
protocols:
- "https"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "443"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Configure Time Zone
- variable: timezone
group: "Container Image"
label: "Timezone"
schema:
type: string
default: "Etc/UTC"
$ref:
- "definitions/timezone"
- variable: PUID
group: "Container Image"
label: "PUID"
description: "The UserID of the user running the application and owning the files"
schema:
type: int
default: 568
- variable: PGID
group: "Container Image"
label: "PGID"
description: "The groupID of the user/group running the application and owning the files"
schema:
type: int
default: 568
- variable: UMASK
group: "Container Image"
label: "UMASK (advanced)"
description: "The UMASK used if supported by the application"
schema:
type: string
default: "002"
- variable: ingress
label: ""
group: "Reverse Proxy Configuration"
schema:
type: dict
attrs:
- variable: main
label: "WebUI"
schema:
type: dict
attrs:
- variable: enabled
label: "Enable Web Reverse Proxy"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
label: "Reverse Proxy Type"
schema:
type: string
default: "HTTP-IR"
hidden: true
editable: false
required: true
- variable: serviceName
label: "Service name to proxy to"
schema:
hidden: true
editable: false
type: string
default: "api@internal"
- variable: serviceKind
label: "Service Kind to proxy to"
schema:
hidden: true
editable: false
type: string
default: "TraefikService"
- variable: entrypoint
label: "Select Entrypoint"
schema:
type: string
default: "websecure"
required: true
enum:
- value: "websecure"
description: "Websecure: HTTPS/TLS port 443"
- variable: hosts
label: "Hosts"
schema:
type: list
default: []
items:
- variable: host
label: "Host"
schema:
type: dict
attrs:
- variable: host
label: "Domain Name"
required: true
schema:
type: string
- variable: path
label: "path"
schema:
type: string
required: true
hidden: true
default: "/"
- variable: certType
label: "Select Certificate Type"
schema:
type: string
default: "selfsigned"
enum:
- value: ""
description: "No Encryption/TLS/Certificates"
- value: "selfsigned"
description: "Self-Signed Certificate"
- value: "ixcert"
description: "TrueNAS SCALE Certificate"
- variable: certificate
label: "Select TrueNAS SCALE Certificate"
schema:
type: int
show_if: [["certType", "=", "ixcert"]]
$ref:
- "definitions/certificate"
- variable: authForwardURL
label: "Forward Authentication URL"
schema:
type: string
default: ""
- variable: traefik
label: "(Advanced) Traefik Settings"
group: "Advanced"
schema:
type: dict
attrs:
- variable: ports
label: "(Advanced) Traefik Entrypoints"
schema:
type: dict
attrs:
- variable: traefik
label: "traefik internal"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 9000
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
default: 9000
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
default: "TCP"
- variable: web
label: "web"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 8081
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 80
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: redirectEnable
label: "Enable Redirect"
schema:
type: boolean
default: true
show_subquestions_if: true
subquestions:
- variable: redirectTo
label: "Target Entrypoint"
description: "Select the Target Entrypoint to redirect to"
schema:
type: string
required: true
default: "websecure"
- variable: websecure
label: "websecure"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 8443
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 443
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: plex
label: "plex"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 32400
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: false
default: 32400
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: kms
label: "kms"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 51688
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 1688
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: dns-tcp
label: "dns-tcp"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 5353
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 53
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: dns-udp
label: "dns-udp"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 5353
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 53
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "UDP"
hidden: true
- variable: stun-tcp
label: "stun-tcp"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 3478
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 3478
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: stun-udp
label: "stun-udp"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 3478
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 3478
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "UDP"
hidden: true
- variable: radius
label: "radius"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 51812
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 1812
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "UDP"
hidden: true
- variable: radius-acc
label: "radius-acc"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 51813
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 1813
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "UDP"
hidden: true
- variable: ldaps
label: "ldaps"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
default: 50636
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: false
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 636
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
hidden: true
default: "TCP"
- variable: unificom
label: "unificom"
schema:
type: dict
attrs:
- variable: port
label: "Internal Port"
description: "(advanced) Port inside the container network"
schema:
type: int
required: true
hidden: true
hide: true
default: 8080
- variable: expose
label: "Expose to Outside"
description: "Port to the outside of all(!) nodes"
schema:
type: boolean
default: true
- variable: exposedPort
label: "Outside Port"
description: "Port to the outside of all(!) nodes"
schema:
type: int
show_if: [["expose", "=", true]]
required: true
default: 8080
- variable: protocol
label: "Protocol"
description: "TCP or UDP reverse proxying?"
schema:
type: string
required: true
default: "TCP"
hidden: true
- variable: externalServices
label: "(Advanced) Add External Services"
group: "Advanced"
schema:
type: list
default: []
items:
- variable: externalService
label: "External Service"
schema:
type: dict
attrs:
- variable: enabled
label: "Enable Web Reverse Proxy"
schema:
type: boolean
hidden: true
editable: false
default: true
- variable: type
label: "Reverse Proxy Type"
schema:
type: string
default: "HTTP"
hidden: true
editable: false
required: true
- variable: serviceName
label: "Service name to proxy to"
schema:
hidden: true
editable: false
type: string
default: ""
- variable: serviceTarget
label: "IP Adress of the external service"
schema:
hidden: false
editable: true
required: true
type: string
default: "192.168.0.0"
- variable: servicePort
label: "External Service Port"
description: "The port on the external service you want to proxy"
schema:
hidden: false
required: true
editable: true
type: int
default: 80
- variable: serviceType
label: "Connection Type"
description: "Connection Type between Traefik and the external service"
schema:
hidden: false
editable: true
required: true
default: "HTTP"
type: string
enum:
- value: "HTTP"
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- variable: serviceKind
label: "Service Kind to proxy to"
schema:
hidden: true
editable: false
type: string
default: ""
- variable: entrypoint
label: "Select Entrypoint"
schema:
type: string
default: "websecure"
required: true
enum:
- value: "websecure"
description: "Websecure: HTTPS/TLS port 443"
- variable: host
label: "Domain Name"
required: true
schema:
type: string
- variable: path
label: "path"
schema:
type: string
required: true
hidden: false
default: "/"
- variable: certType
label: "Select Certificate Type"
schema:
type: string
default: "selfsigned"
enum:
- value: ""
description: "No Encryption/TLS/Certificates"
- value: "selfsigned"
description: "Self-Signed Certificate"
- value: "ixcert"
description: "TrueNAS SCALE Certificate"
- variable: certificate
label: "Select TrueNAS SCALE Certificate"
schema:
type: int
show_if: [["certType", "=", "ixcert"]]
$ref:
- "definitions/certificate"
- variable: authForwardURL
label: "Forward Authentication URL"
schema:
type: string
default: ""
- variable: warning
label: "This App binds to the same ports as the defaults for TrueNAS SCALE UI (80 and 443). This means you may not be able to access the TrueNAS SCALE UI after starting the App."
description: "Please be sure to set the UI to a different port or adapter"
group: "WARNING"
schema:
type: dict
attrs:
- variable: confirm-warning
description: "Check this to confirm you have made precautions against conflicts on port 80 and 443, such as running the TrueNAS SCALE UI on a different port or adapter."
label: "I understand above warning and its consequences"
schema:
type: boolean
default: false
required: true

0
stable/traefik/2.2.2/templates/custom/common.yaml → stable/traefik/3.0.0/templates/common.yaml
View File

0
stable/traefik/2.2.2/templates/custom/middlewares.yaml → stable/traefik/3.0.0/templates/middlewares.yaml
View File

0
stable/traefik/2.2.2/templates/custom/tlsoptions.yaml → stable/traefik/3.0.0/templates/tlsoptions.yaml
View File

279
stable/traefik/3.0.0/test_values.yaml Normal file
View File

@ -0,0 +1,279 @@
# Default values for Traefik
image:
name: traefik
# defaults to appVersion
tag: v2.4
pullPolicy: IfNotPresent
traefik:
globalArguments:
- "--global.checknewversion"
##
# Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
# - "--metrics.prometheus"
- "--entrypoints.websecure.http.tls"
- "--ping"
- "--serverstransport.insecureskipverify=true"
# Configure ports
ports:
# The name of this one can't be changed as it is used for the readiness and
# liveness probes, but you can adjust its config to your liking
traefik:
port: 9000
# Use hostPort if set.
# hostPort: 9000
#
# Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
# means it's listening on all your interfaces and all your IPs. You may want
# to set this value if you need traefik to listen on specific interface
# only.
# hostIP: 192.168.100.10
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# You SHOULD NOT expose the traefik port on production deployments.
# If you want to access it from outside of your cluster,
# use `kubectl port-forward` or create a secure ingress
expose: false
# The exposed port for this service
exposedPort: 9000
# The port protocol (TCP/UDP)
protocol: TCP
web:
port: 8000
# hostPort: 8000
expose: true
exposedPort: 80
# The port protocol (TCP/UDP)
protocol: TCP
# Use nodeport if set. This is useful if you have configured Traefik in a
# LoadBalancer
# nodePort: 32080
# Port Redirections
# Added in 2.2, you can make permanent redirects via entrypoints.
# https://docs.traefik.io/routing/entrypoints/#redirection
redirectTo: websecure
websecure:
port: 8443
# hostPort: 8443
expose: true
exposedPort: 443
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
plex:
port: 32400
# hostPort: 8443
expose: true
exposedPort: 32400
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
kms:
port: 51688
# hostPort: 8443
expose: true
exposedPort: 1688
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
dns-tcp:
port: 5353
# hostPort: 8443
expose: true
exposedPort: 5353
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
dns-udp:
port: 5353
# hostPort: 8443
expose: true
exposedPort: 5353
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
stun-tcp:
port: 3478
# hostPort: 8443
expose: true
exposedPort: 3478
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
stun-udp:
port: 3478
# hostPort: 8443
expose: true
exposedPort: 3478
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
torrent-tcp:
port: 51413
# hostPort: 8443
expose: true
exposedPort: 51413
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
torrent-udp:
port: 51413
# hostPort: 8443
expose: true
exposedPort: 51413
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
radius:
port: 51812
# hostPort: 8443
expose: true
exposedPort: 1812
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
radius-acc:
port: 51813
# hostPort: 8443
expose: true
exposedPort: 1813
# The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
ldaps:
port: 50636
# hostPort: 8443
expose: true
exposedPort: 636
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
unificom:
port: 8080
# hostPort: 8443
expose: true
exposedPort: 8080
# The port protocol (TCP/UDP)
protocol: TCP
# nodePort: 32443
# Set TLS at the entrypoint
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
# TLS Options are created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# Example:
# tlsOptions:
# default:
# sniStrict: true
# preferServerCipherSuites: true
# foobar:
# curvePreferences:
# - CurveP521
# - CurveP384
tlsOptions: {}
# Options for the main traefik service, where the entrypoints traffic comes
# from.
service:
externalIPs:
- 192.168.66.6
# Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# additionalArguments:
# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
# It will persist TLS certificates.
persistence:
enabled: false
# existingClaim: ""
accessMode: ReadWriteOnce
size: 1Gi
## storageClass: ""
path: /data
# annotations: {}
## subPath: "" # only mount a subpath of the Volume into the pod
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityContext:
fsGroup: 65532
ingress:
dashboard:
enabled: true
type: "HTTP-IR"
entrypoint: "websecure"
certType: "selfsigned"
serviceName: api@internal
servicePort:
serviceKind: "TraefikService"
annotations: {}
labels: {}
hosts:
- host: chart-example.local
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
externalServices:
- enabled: true
name: "test"
type: "HTTP"
entrypoint: "websecure"
certType: "selfsigned"
serviceTarget: "192.168.10.20"
servicePort: 9443
serviceKind: ""
annotations: {}
labels: {}
hosts:
- host: radarr.staging.schouten-lebbing.nl
paths:
- path: /
# Ignored if not kubeVersion >= 1.14-0
pathType: Prefix

0
stable/traefik/2.2.2/values.yaml → stable/traefik/3.0.0/values.yaml
View File