TrueChartsClone/charts/stable/traefik/SCALE/ix_values.yaml

182 lines
4.4 KiB
YAML

# Default values for Traefik
image:
repository: traefik
# defaults to appVersion
tag: v2.5.2
pullPolicy: IfNotPresent
# Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
#
# Configure providers
#
providers:
kubernetesCRD:
enabled: true
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: true
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
metrics:
# datadog:
# address: 127.0.0.1:8125
# influxdb:
# address: localhost:8089
# protocol: udp
prometheus:
entryPoint: metrics
# statsd:
# address: localhost:8125
globalArguments:
- "--global.checknewversion"
#
# Configure Traefik static configuration
# Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
- "--metrics.prometheus"
- "--ping"
- "--serverstransport.insecureskipverify=true"
- "--providers.kubernetesingress.allowexternalnameservices=true"
# TLS Options are created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# Example:
tlsOptions:
default:
sniStrict: false
minVersion: VersionTLS12
curvePreferences:
- CurveP521
- CurveP384
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
probes:
# -- Liveness probe configuration
# @default -- See below
liveness:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path: "/ping"
# -- Redainess probe configuration
# @default -- See below
readiness:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path: "/ping"
# -- Startup probe configuration
# @default -- See below
startup:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: HTTP
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
path: "/ping"
# Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
enabled: true
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
# The service account the pods will use to interact with the Kubernetes API
serviceAccount:
enabled: true
# If set, an existing service account is used
# If not set, a service account is created automatically using the fullname template
name: ""
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext:
capabilities:
drop: [ALL]
portalhook:
enabled: true