182 lines
4.4 KiB
YAML
182 lines
4.4 KiB
YAML
# Default values for Traefik
|
|
image:
|
|
repository: traefik
|
|
# defaults to appVersion
|
|
tag: v2.5.2
|
|
pullPolicy: IfNotPresent
|
|
|
|
# Create an IngressRoute for the dashboard
|
|
ingressRoute:
|
|
dashboard:
|
|
enabled: true
|
|
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
|
annotations: {}
|
|
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
|
labels: {}
|
|
|
|
#
|
|
# Configure providers
|
|
#
|
|
providers:
|
|
kubernetesCRD:
|
|
enabled: true
|
|
namespaces: []
|
|
# - "default"
|
|
kubernetesIngress:
|
|
enabled: true
|
|
# labelSelector: environment=production,method=traefik
|
|
namespaces: []
|
|
# - "default"
|
|
# IP used for Kubernetes Ingress endpoints
|
|
publishedService:
|
|
enabled: true
|
|
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
|
# By default this Traefik service
|
|
# pathOverride: ""
|
|
|
|
|
|
metrics:
|
|
# datadog:
|
|
# address: 127.0.0.1:8125
|
|
# influxdb:
|
|
# address: localhost:8089
|
|
# protocol: udp
|
|
prometheus:
|
|
entryPoint: metrics
|
|
# statsd:
|
|
# address: localhost:8125
|
|
|
|
globalArguments:
|
|
- "--global.checknewversion"
|
|
|
|
#
|
|
# Configure Traefik static configuration
|
|
# Additional arguments to be passed at Traefik's binary
|
|
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
|
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
|
additionalArguments:
|
|
- "--metrics.prometheus"
|
|
- "--ping"
|
|
- "--serverstransport.insecureskipverify=true"
|
|
- "--providers.kubernetesingress.allowexternalnameservices=true"
|
|
|
|
# TLS Options are created as TLSOption CRDs
|
|
# https://doc.traefik.io/traefik/https/tls/#tls-options
|
|
# Example:
|
|
tlsOptions:
|
|
default:
|
|
sniStrict: false
|
|
minVersion: VersionTLS12
|
|
curvePreferences:
|
|
- CurveP521
|
|
- CurveP384
|
|
cipherSuites:
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
|
- TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384
|
|
- TLS_CHACHA20_POLY1305_SHA256
|
|
|
|
|
|
|
|
|
|
probes:
|
|
# -- Liveness probe configuration
|
|
# @default -- See below
|
|
liveness:
|
|
# -- sets the probe type when not using a custom probe
|
|
# @default -- "TCP"
|
|
type: HTTP
|
|
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
|
# @default -- "/"
|
|
path: "/ping"
|
|
|
|
|
|
# -- Redainess probe configuration
|
|
# @default -- See below
|
|
readiness:
|
|
# -- sets the probe type when not using a custom probe
|
|
# @default -- "TCP"
|
|
type: HTTP
|
|
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
|
# @default -- "/"
|
|
path: "/ping"
|
|
|
|
|
|
# -- Startup probe configuration
|
|
# @default -- See below
|
|
startup:
|
|
# -- sets the probe type when not using a custom probe
|
|
# @default -- "TCP"
|
|
type: HTTP
|
|
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
|
# @default -- "/"
|
|
path: "/ping"
|
|
|
|
|
|
# Whether Role Based Access Control objects like roles and rolebindings should be created
|
|
rbac:
|
|
enabled: true
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- services
|
|
- endpoints
|
|
- secrets
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- extensions
|
|
- networking.k8s.io
|
|
resources:
|
|
- ingresses
|
|
- ingressclasses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- extensions
|
|
- networking.k8s.io
|
|
resources:
|
|
- ingresses/status
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- traefik.containo.us
|
|
resources:
|
|
- ingressroutes
|
|
- ingressroutetcps
|
|
- ingressrouteudps
|
|
- middlewares
|
|
- middlewaretcps
|
|
- tlsoptions
|
|
- tlsstores
|
|
- traefikservices
|
|
- serverstransports
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
|
|
|
|
# The service account the pods will use to interact with the Kubernetes API
|
|
serviceAccount:
|
|
enabled: true
|
|
# If set, an existing service account is used
|
|
# If not set, a service account is created automatically using the fullname template
|
|
name: ""
|
|
|
|
# Set the container security context
|
|
# To run the container with ports below 1024 this will need to be adjust to run as root
|
|
securityContext:
|
|
capabilities:
|
|
drop: [ALL]
|
|
|
|
portalhook:
|
|
enabled: true
|