Commit new Chart releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
3fec6bb7f2
commit
41ba4b27ec
|
@ -0,0 +1,99 @@
|
|||
**Important:**
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-13.5.5](https://github.com/truecharts/charts/compare/traefik-13.5.2...traefik-13.5.5) (2022-11-08)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
|
||||
- update helm general non-major ([#4349](https://github.com/truecharts/charts/issues/4349))
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-13.5.4](https://github.com/truecharts/charts/compare/traefik-13.5.2...traefik-13.5.4) (2022-11-08)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-13.5.4](https://github.com/truecharts/charts/compare/traefik-13.5.2...traefik-13.5.4) (2022-11-08)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-13.5.4](https://github.com/truecharts/charts/compare/traefik-13.5.2...traefik-13.5.4) (2022-11-08)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4342](https://github.com/truecharts/charts/issues/4342))
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-13.5.3](https://github.com/truecharts/charts/compare/traefik-13.5.2...traefik-13.5.3) (2022-11-07)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-13.5.3](https://github.com/truecharts/charts/compare/traefik-13.5.2...traefik-13.5.3) (2022-11-06)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4329](https://github.com/truecharts/charts/issues/4329))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-13.5.2](https://github.com/truecharts/charts/compare/traefik-13.5.1...traefik-13.5.2) (2022-11-06)
|
||||
|
||||
### Chore
|
||||
|
||||
- Auto-update chart README [skip ci]
|
||||
- update helm general non-major ([#4317](https://github.com/truecharts/charts/issues/4317))
|
||||
|
||||
|
||||
|
||||
|
||||
## [traefik-13.5.1](https://github.com/truecharts/charts/compare/traefik-13.5.0...traefik-13.5.1) (2022-11-05)
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 10.9.4
|
||||
digest: sha256:dd59313a76f2c5f5a06d534a4546c219da44a0ca084f8f889ef4a53f7bec54f5
|
||||
generated: "2022-11-11T21:34:40.151334782Z"
|
|
@ -0,0 +1,31 @@
|
|||
apiVersion: v2
|
||||
appVersion: "2.9.4"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 10.9.4
|
||||
deprecated: false
|
||||
description: Traefik is a flexible reverse proxy and Ingress Provider.
|
||||
home: https://truecharts.org/docs/charts/stable/traefik
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
|
||||
keywords:
|
||||
- traefik
|
||||
- ingress
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: traefik
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/traefik
|
||||
- https://github.com/traefik/traefik
|
||||
- https://github.com/traefik/traefik-helm-chart
|
||||
- https://traefik.io/
|
||||
type: application
|
||||
version: 15.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- network
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -0,0 +1,108 @@
|
|||
# traefik
|
||||
|
||||
Traefik is a flexible reverse proxy and Ingress Provider.
|
||||
|
||||
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
|
||||
|
||||
This readme is just an automatically generated general guide on installing our Helm Charts and Apps.
|
||||
For more information, please click here: [traefik](https://truecharts.org/docs/charts/stable/traefik)
|
||||
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||
|
||||
## Source Code
|
||||
|
||||
* <https://github.com/truecharts/charts/tree/master/charts/stable/traefik>
|
||||
* <https://github.com/traefik/traefik>
|
||||
* <https://github.com/traefik/traefik-helm-chart>
|
||||
* <https://traefik.io/>
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>=1.16.0-0`
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://library-charts.truecharts.org | common | 10.9.4 |
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
### TrueNAS SCALE
|
||||
|
||||
To install this Chart on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Installing-an-App).
|
||||
|
||||
### Helm
|
||||
|
||||
To install the chart with the release name `traefik`
|
||||
|
||||
```console
|
||||
helm repo add TrueCharts https://charts.truecharts.org
|
||||
helm repo update
|
||||
helm install traefik TrueCharts/traefik
|
||||
```
|
||||
|
||||
## Uninstall
|
||||
|
||||
### TrueNAS SCALE
|
||||
|
||||
**Upgrading, Rolling Back and Uninstalling the Chart**
|
||||
|
||||
To upgrade, rollback or delete this Chart from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Upgrade-rollback-delete-an-App).
|
||||
|
||||
### Helm
|
||||
|
||||
To uninstall the `traefik` deployment
|
||||
|
||||
```console
|
||||
helm uninstall traefik
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
### Helm
|
||||
|
||||
#### Available Settings
|
||||
|
||||
Read through the values.yaml file. It has several commented out suggested values.
|
||||
Other values may be used from the [values.yaml](https://github.com/truecharts/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/truecharts/library-charts/tree/main/charts/common).
|
||||
|
||||
#### Configure using the command line
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
|
||||
|
||||
```console
|
||||
helm install traefik \
|
||||
--set env.TZ="America/New York" \
|
||||
TrueCharts/traefik
|
||||
```
|
||||
|
||||
#### Configure using a yaml file
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
|
||||
|
||||
```console
|
||||
helm install traefik TrueCharts/traefik -f values.yaml
|
||||
```
|
||||
|
||||
#### Connecting to other charts
|
||||
|
||||
If you need to connect this Chart to other Charts on TrueNAS SCALE, please refer to our [Linking Charts Internally](https://truecharts.org/docs/manual/SCALE%20Apps/linking-apps) quick-start guide.
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/docs/manual/SCALE%20Apps/Important-MUST-READ).
|
||||
- See the [Website](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/apps/issues/new/choose)
|
||||
|
||||
---
|
||||
|
||||
## Sponsor TrueCharts
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
|
||||
---
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -0,0 +1,9 @@
|
|||
|
||||
|
||||
## [traefik-15.0.0](https://github.com/truecharts/charts/compare/traefik-14.1.2...traefik-15.0.0) (2022-11-11)
|
||||
|
||||
### Feat
|
||||
|
||||
- move traefik CRDs to manifest manager ([#4381](https://github.com/truecharts/charts/issues/4381))
|
||||
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
Traefik is a flexible reverse proxy and Ingress Provider.
|
||||
|
||||
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/docs/charts/stable/traefik](https://truecharts.org/docs/charts/stable/traefik)
|
||||
|
||||
---
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,390 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/traefik
|
||||
# defaults to appVersion
|
||||
tag: 2.9.4@sha256:7c5f07ef67ec092b66dd8bdb56279ed876965553ee5ec59b5aa7456def5ed1f3
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
||||
ingressClass:
|
||||
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
||||
enabled: false
|
||||
isDefaultClass: false
|
||||
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
||||
fallbackApiVersion: ""
|
||||
|
||||
# -- Create an IngressRoute for the dashboard
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: true
|
||||
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
|
||||
annotations: {}
|
||||
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
|
||||
labels: {}
|
||||
|
||||
podAnnotations:
|
||||
prometheus.io/scrape: "true"
|
||||
prometheus.io/path: "/metrics"
|
||||
prometheus.io/port: "9180"
|
||||
|
||||
#
|
||||
# -- Configure providers
|
||||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: true
|
||||
namespaces:
|
||||
[]
|
||||
# - "default"
|
||||
kubernetesIngress:
|
||||
enabled: true
|
||||
# labelSelector: environment=production,method=traefik
|
||||
namespaces:
|
||||
[]
|
||||
# - "default"
|
||||
# IP used for Kubernetes Ingress endpoints
|
||||
publishedService:
|
||||
enabled: true
|
||||
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
||||
# By default this Traefik service
|
||||
# pathOverride: ""
|
||||
|
||||
# -- Logs
|
||||
# https://docs.traefik.io/observability/logs/
|
||||
logs:
|
||||
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
|
||||
general:
|
||||
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
|
||||
level: ERROR
|
||||
# -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
|
||||
format: common
|
||||
access:
|
||||
# To enable access logs
|
||||
enabled: false
|
||||
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
|
||||
# This option represents the number of log lines Traefik will keep in memory before writing
|
||||
# them to the selected output. In some cases, this option can greatly help performances.
|
||||
# bufferingSize: 100
|
||||
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
|
||||
filters:
|
||||
{}
|
||||
# statuscodes: "200,300-302"
|
||||
# retryattempts: true
|
||||
# minduration: 10ms
|
||||
# Fields
|
||||
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
|
||||
fields:
|
||||
general:
|
||||
defaultmode: keep
|
||||
names:
|
||||
{}
|
||||
# Examples:
|
||||
# ClientUsername: drop
|
||||
headers:
|
||||
defaultmode: drop
|
||||
names:
|
||||
{}
|
||||
# Examples:
|
||||
# User-Agent: redact
|
||||
# Authorization: drop
|
||||
# Content-Type: keep
|
||||
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
|
||||
format: common
|
||||
|
||||
metrics:
|
||||
# datadog:
|
||||
# address: 127.0.0.1:8125
|
||||
# influxdb:
|
||||
# address: localhost:8089
|
||||
# protocol: udp
|
||||
prometheus:
|
||||
entryPoint: metrics
|
||||
# statsd:
|
||||
# address: localhost:8125
|
||||
|
||||
globalArguments:
|
||||
- "--global.checknewversion"
|
||||
|
||||
##
|
||||
# -- Additional arguments to be passed at Traefik's binary
|
||||
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
||||
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
|
||||
additionalArguments:
|
||||
- "--metrics.prometheus"
|
||||
- "--ping"
|
||||
- "--serverstransport.insecureskipverify=true"
|
||||
- "--providers.kubernetesingress.allowexternalnameservices=true"
|
||||
|
||||
# -- TLS Options to be created as TLSOption CRDs
|
||||
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
|
||||
# Example:
|
||||
tlsOptions:
|
||||
default:
|
||||
sniStrict: false
|
||||
minVersion: VersionTLS12
|
||||
curvePreferences:
|
||||
- CurveP521
|
||||
- CurveP384
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
- TLS_CHACHA20_POLY1305_SHA256
|
||||
|
||||
# -- Options for the main traefik service, where the entrypoints traffic comes from
|
||||
# from.
|
||||
service:
|
||||
main:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
main:
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
protocol: HTTP
|
||||
# -- Forwarded Headers should never be enabled on Main entrypoint
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- Proxy Protocol should never be enabled on Main entrypoint
|
||||
proxyProtocol:
|
||||
enabled: false
|
||||
tcp:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
web:
|
||||
enabled: true
|
||||
port: 9080
|
||||
protocol: HTTP
|
||||
redirectTo: websecure
|
||||
# Options: Empty, 0 (ingore), or positive int
|
||||
# redirectPort:
|
||||
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- List of trusted IP and CIDR references
|
||||
trustedIPs: []
|
||||
# -- Trust all forwarded headers
|
||||
insecureMode: false
|
||||
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
|
||||
proxyProtocol:
|
||||
enabled: false
|
||||
# -- Only IPs in trustedIPs will lead to remote client address replacement
|
||||
trustedIPs: []
|
||||
# -- Trust every incoming connection
|
||||
insecureMode: false
|
||||
websecure:
|
||||
enabled: true
|
||||
port: 9443
|
||||
protocol: HTTPS
|
||||
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- List of trusted IP and CIDR references
|
||||
trustedIPs: []
|
||||
# -- Trust all forwarded headers
|
||||
insecureMode: false
|
||||
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
|
||||
proxyProtocol:
|
||||
enabled: false
|
||||
# -- Only IPs in trustedIPs will lead to remote client address replacement
|
||||
trustedIPs: []
|
||||
# -- Trust every incoming connection
|
||||
insecureMode: false
|
||||
# tcpexample:
|
||||
# enabled: true
|
||||
# targetPort: 9443
|
||||
# protocol: TCP
|
||||
# tls:
|
||||
# enabled: false
|
||||
# # this is the name of a TLSOption definition
|
||||
# options: ""
|
||||
# certResolver: ""
|
||||
# domains: []
|
||||
# # - main: example.com
|
||||
# # sans:
|
||||
# # - foo.example.com
|
||||
# # - bar.example.com
|
||||
metrics:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
ports:
|
||||
metrics:
|
||||
enabled: true
|
||||
port: 9180
|
||||
targetPort: 9180
|
||||
protocol: HTTP
|
||||
# -- Forwarded Headers should never be enabled on Metrics entrypoint
|
||||
forwardedHeaders:
|
||||
enabled: false
|
||||
# -- Proxy Protocol should never be enabled on Metrics entrypoint
|
||||
proxyProtocol:
|
||||
enabled: false
|
||||
udp:
|
||||
enabled: false
|
||||
|
||||
# probes:
|
||||
# # -- Liveness probe configuration
|
||||
# # @default -- See below
|
||||
# liveness:
|
||||
# # -- sets the probe type when not using a custom probe
|
||||
# # @default -- "TCP"
|
||||
# type: HTTP
|
||||
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# # @default -- "/"
|
||||
# path: "/ping"
|
||||
|
||||
# # -- Redainess probe configuration
|
||||
# # @default -- See below
|
||||
# readiness:
|
||||
# # -- sets the probe type when not using a custom probe
|
||||
# # @default -- "TCP"
|
||||
# type: HTTP
|
||||
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# # @default -- "/"
|
||||
# path: "/ping"
|
||||
|
||||
# # -- Startup probe configuration
|
||||
# # @default -- See below
|
||||
# startup:
|
||||
# # -- sets the probe type when not using a custom probe
|
||||
# # @default -- "TCP"
|
||||
# type: HTTP
|
||||
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# # @default -- "/"
|
||||
# path: "/ping"
|
||||
|
||||
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- endpoints
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
- ingressclasses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- traefik.containo.us
|
||||
resources:
|
||||
- ingressroutes
|
||||
- ingressroutetcps
|
||||
- ingressrouteudps
|
||||
- middlewares
|
||||
- middlewaretcps
|
||||
- tlsoptions
|
||||
- tlsstores
|
||||
- traefikservices
|
||||
- serverstransports
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
# -- The service account the pods will use to interact with the Kubernetes API
|
||||
serviceAccount:
|
||||
main:
|
||||
enabled: true
|
||||
|
||||
# -- SCALE Middleware Handlers
|
||||
middlewares:
|
||||
basicAuth: []
|
||||
# - name: basicauthexample
|
||||
# users:
|
||||
# - username: testuser
|
||||
# password: testpassword
|
||||
forwardAuth: []
|
||||
# - name: forwardAuthexample
|
||||
# address: https://auth.example.com/
|
||||
# authResponseHeaders:
|
||||
# - X-Secret
|
||||
# - X-Auth-User
|
||||
# authRequestHeaders:
|
||||
# - "Accept"
|
||||
# - "X-CustomHeader"
|
||||
# authResponseHeadersRegex: "^X-"
|
||||
# trustForwardHeader: true
|
||||
chain: []
|
||||
# - name: chainname
|
||||
# middlewares:
|
||||
# - name: compress
|
||||
redirectScheme: []
|
||||
# - name: redirectSchemeName
|
||||
# scheme: https
|
||||
# permanent: true
|
||||
rateLimit: []
|
||||
# - name: rateLimitName
|
||||
# average: 300
|
||||
# burst: 200
|
||||
redirectRegex: []
|
||||
# - name: redirectRegexName
|
||||
# regex: putregexhere
|
||||
# replacement: replacementurlhere
|
||||
# permanent: false
|
||||
stripPrefixRegex: []
|
||||
# - name: stripPrefixRegexName
|
||||
# regex: []
|
||||
ipWhiteList: []
|
||||
# - name: ipWhiteListName
|
||||
# sourceRange: []
|
||||
# ipStrategy:
|
||||
# depth: 2
|
||||
# excludedIPs: []
|
||||
themeParkVersion: v1.2.2
|
||||
themePark: []
|
||||
# - name: themeParkName
|
||||
# -- Supported apps, lower case name
|
||||
# -- https://docs.theme-park.dev/themes
|
||||
# app: appnamehere
|
||||
# -- Supported themes, lower case name
|
||||
# -- https://docs.theme-park.dev/themes/APPNAMEHERE
|
||||
# -- https://docs.theme-park.dev/community-themes
|
||||
# theme: themenamehere
|
||||
# -- https://theme-park.dev or a self hosted url
|
||||
# baseUrl: https://theme-park.dev
|
||||
realIPVersion: v1.0.3
|
||||
# Sets X-Real-Ip with an IP from the X-Forwarded-For or
|
||||
# Cf-Connecting-Ip (If from Cloudflare)
|
||||
# Evaluation of those headers will go from last to first
|
||||
realIP: []
|
||||
# - name: realIPName
|
||||
# -- The real IP will be the first one that is
|
||||
# -- not included in any of the CIDRs passed here
|
||||
# excludedNetworks:
|
||||
# - 1.1.1.1/24
|
||||
addPrefix: []
|
||||
# - name: addPrefixName
|
||||
# prefix: "/foo"
|
||||
|
||||
portalhook:
|
||||
enabled: true
|
||||
|
||||
persistence:
|
||||
plugins:
|
||||
enabled: true
|
||||
mountPath: "/plugins-storage"
|
||||
type: emptyDir
|
||||
|
||||
portal:
|
||||
enabled: true
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,172 @@
|
|||
{{/* Define the args */}}
|
||||
{{- define "traefik.args" -}}
|
||||
args:
|
||||
{{/* merge all ports */}}
|
||||
{{- $ports := dict }}
|
||||
{{- range $.Values.service }}
|
||||
{{- range $name, $value := .ports }}
|
||||
{{- $_ := set $ports $name $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* start of actual arguments */}}
|
||||
{{- with .Values.globalArguments }}
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $name, $config := $ports }}
|
||||
{{- if $config }}
|
||||
{{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }}
|
||||
{{- $_ := set $config "protocol" "TCP" }}
|
||||
{{- end }}
|
||||
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- "--api.dashboard=true"
|
||||
- "--ping=true"
|
||||
{{- if .Values.metrics }}
|
||||
{{- if .Values.metrics.datadog }}
|
||||
- "--metrics.datadog=true"
|
||||
- "--metrics.datadog.address={{ .Values.metrics.datadog.address }}"
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.influxdb }}
|
||||
- "--metrics.influxdb=true"
|
||||
- "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}"
|
||||
- "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}"
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.prometheus }}
|
||||
- "--metrics.prometheus=true"
|
||||
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.statsd }}
|
||||
- "--metrics.statsd=true"
|
||||
- "--metrics.statsd.address={{ .Values.metrics.statsd.address }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||
- "--providers.kubernetescrd"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||
- "--providers.kubernetesingress"
|
||||
{{- if .Values.providers.kubernetesIngress.publishedService.enabled }}
|
||||
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.labelSelector }}
|
||||
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
|
||||
{{- if .Values.providers.kubernetesCRD.enabled }}
|
||||
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
|
||||
{{- end }}
|
||||
{{- if .Values.providers.kubernetesIngress.enabled }}
|
||||
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingressClass.enabled }}
|
||||
- "--providers.kubernetesingress.ingressclass={{ .Release.Name }}"
|
||||
{{- end }}
|
||||
{{- range $entrypoint, $config := $ports }}
|
||||
{{/* add args for proxyProtocol support */}}
|
||||
{{- if $config.proxyProtocol }}
|
||||
{{- if $config.proxyProtocol.enabled }}
|
||||
{{- if $config.proxyProtocol.insecureMode }}
|
||||
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
|
||||
{{- end }}
|
||||
{{- if not ( empty $config.proxyProtocol.trustedIPs ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* add args for forwardedHeaders support */}}
|
||||
{{- if $config.forwardedHeaders.enabled }}
|
||||
{{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
|
||||
{{- end }}
|
||||
{{- if $config.forwardedHeaders.insecureMode }}
|
||||
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* end forwardedHeaders configuration */}}
|
||||
{{- if $config.redirectTo }}
|
||||
{{- $toPort := index $ports $config.redirectTo }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||||
{{- else if $config.redirectPort }}
|
||||
{{ if gt $config.redirectPort 0.0 }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}"
|
||||
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }}
|
||||
{{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
|
||||
{{- if $config.tls.options }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
|
||||
{{- end }}
|
||||
{{- if $config.tls.certResolver }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
|
||||
{{- end }}
|
||||
{{- if $config.tls.domains }}
|
||||
{{- range $index, $domain := $config.tls.domains }}
|
||||
{{- if $domain.main }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
|
||||
{{- end }}
|
||||
{{- if $domain.sans }}
|
||||
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.logs }}
|
||||
- "--log.format={{ .general.format }}"
|
||||
{{- if ne .general.level "ERROR" }}
|
||||
- "--log.level={{ .general.level | upper }}"
|
||||
{{- end }}
|
||||
{{- if .access.enabled }}
|
||||
- "--accesslog=true"
|
||||
- "--accesslog.format={{ .access.format }}"
|
||||
{{- if .access.bufferingsize }}
|
||||
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
|
||||
{{- end }}
|
||||
{{- if .access.filters }}
|
||||
{{- if .access.filters.statuscodes }}
|
||||
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
|
||||
{{- end }}
|
||||
{{- if .access.filters.retryattempts }}
|
||||
- "--accesslog.filters.retryattempts"
|
||||
{{- end }}
|
||||
{{- if .access.filters.minduration }}
|
||||
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
|
||||
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
|
||||
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||
{{- end }}
|
||||
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
|
||||
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
|
||||
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{/* theme.park */}}
|
||||
{{- if .Values.middlewares.themePark }}
|
||||
- "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark"
|
||||
- "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}"
|
||||
{{- end }}
|
||||
{{/* End of theme.park */}}
|
||||
{{/* RealIP */}}
|
||||
{{- if .Values.middlewares.realIP }}
|
||||
- "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip"
|
||||
- "--experimental.plugins.traefik-real-ip.version={{ .Values.middlewares.realIPVersion }}"
|
||||
{{- end }}
|
||||
{{/* End of RealIP */}}
|
||||
{{- with .Values.additionalArguments }}
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,22 @@
|
|||
{{/*
|
||||
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
|
||||
By convention this will simply use the <namespace>/<service-name> to match the name of the
|
||||
service generated.
|
||||
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
|
||||
*/}}
|
||||
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
|
||||
{{- $fullName := include "tc.common.names.fullname" . -}}
|
||||
{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
|
||||
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
|
||||
{{- print $servicePath | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Construct a comma-separated list of whitelisted namespaces
|
||||
*/}}
|
||||
{{- define "providers.kubernetesIngress.namespaces" -}}
|
||||
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
|
||||
{{- end -}}
|
||||
{{- define "providers.kubernetesCRD.namespaces" -}}
|
||||
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
|||
{{/* Define the ingressClass */}}
|
||||
{{- define "traefik.ingressClass" -}}
|
||||
---
|
||||
{{ if .Values.ingressClass.enabled }}
|
||||
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
|
||||
apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
|
||||
{{- else }}
|
||||
{{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
|
||||
{{- end }}
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
annotations:
|
||||
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
name: {{ .Release.Name }}
|
||||
spec:
|
||||
controller: traefik.io/ingress-controller
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,25 @@
|
|||
{{/* Define the ingressRoute */}}
|
||||
{{- define "traefik.ingressRoute" -}}
|
||||
{{ if .Values.ingressRoute.dashboard.enabled }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: {{ include "tc.common.names.fullname" . }}-dashboard
|
||||
annotations:
|
||||
{{- with .Values.ingressRoute.dashboard.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
spec:
|
||||
entryPoints:
|
||||
- main
|
||||
routes:
|
||||
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: api@internal
|
||||
kind: TraefikService
|
||||
{{ end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,26 @@
|
|||
{{/* Define the portalHook */}}
|
||||
{{- define "traefik.portalhook" -}}
|
||||
{{- if .Values.portalhook.enabled }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: portalhook
|
||||
namespace: {{ $namespace }}
|
||||
data:
|
||||
{{- $ports := dict }}
|
||||
{{- range $.Values.service }}
|
||||
{{- range $name, $value := .ports }}
|
||||
{{- $_ := set $ports $name $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $name, $value := $ports }}
|
||||
{{ $name }}: {{ $value.port | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,12 @@
|
|||
{{/* Define the tlsOptions */}}
|
||||
{{- define "traefik.tlsOptions" -}}
|
||||
{{- range $name, $config := .Values.tlsOptions }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: TLSOption
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
spec:
|
||||
{{- toYaml $config | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
|
||||
{{- if .Values.metrics }}
|
||||
{{- if .Values.metrics.prometheus }}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/port" "9180" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- $newArgs := (include "traefik.args" . | fromYaml) }}
|
||||
{{- $_ := set .Values "newArgs" $newArgs -}}
|
||||
{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
|
||||
{{- $_ := set .Values "args" $mergedargs -}}
|
||||
|
||||
{{- include "traefik.portalhook" . }}
|
||||
{{- include "traefik.tlsOptions" . }}
|
||||
{{- include "traefik.ingressRoute" . }}
|
||||
{{- include "traefik.ingressClass" . }}
|
||||
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
|
@ -0,0 +1,17 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{- range $index, $middlewareData := .Values.middlewares.addPrefix }}
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
addPrefix:
|
||||
prefix: {{ $middlewareData.prefix }}
|
||||
{{- end }}
|
|
@ -0,0 +1,62 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: compress
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
compress: {}
|
||||
---
|
||||
# Here, an average of 300 requests per second is allowed.
|
||||
# In addition, a burst of 200 requests is allowed.
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: basic-ratelimit
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
rateLimit:
|
||||
average: 600
|
||||
burst: 400
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: basic-secure-headers
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
accessControlMaxAge: 100
|
||||
stsSeconds: 63072000
|
||||
# stsIncludeSubdomains: false
|
||||
# stsPreload: false
|
||||
forceSTSHeader: true
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
referrerPolicy: same-origin
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: "https"
|
||||
customResponseHeaders:
|
||||
server: ''
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: chain-basic
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: basic-ratelimit
|
||||
- name: basic-secure-headers
|
||||
- name: compress
|
|
@ -0,0 +1,34 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.basicAuth }}
|
||||
---
|
||||
{{- $users := list }}
|
||||
{{ range $index, $userdata := $middlewareData.users }}
|
||||
{{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }}
|
||||
{{ end }}
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{printf "%v-%v" $middlewareData.name "secret" }}
|
||||
namespace: {{ $namespace }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
users: |
|
||||
{{- range $index, $user := $users }}
|
||||
{{ printf "%s" $user }}
|
||||
{{- end }}
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
basicAuth:
|
||||
secret: {{printf "%v-%v" $middlewareData.name "secret" }}
|
||||
{{ end }}
|
|
@ -0,0 +1,21 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.chain }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
{{ range $index, $middleware := .middlewares }}
|
||||
- name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }}
|
||||
{{ end }}
|
||||
{{ end }}
|
|
@ -0,0 +1,34 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
forwardAuth:
|
||||
address: {{ $middlewareData.address }}
|
||||
{{- with $middlewareData.authResponseHeaders }}
|
||||
authResponseHeaders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $middlewareData.authRequestHeaders }}
|
||||
authRequestHeaders:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.authResponseHeadersRegex }}
|
||||
authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.trustForwardHeader }}
|
||||
trustForwardHeader: true
|
||||
{{- end }}
|
||||
{{- with $middlewareData.tls }}
|
||||
tls:
|
||||
insecureSkipVerify: {{ .insecureSkipVerify | default false }}
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -0,0 +1,33 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
{{- range $middlewareData.sourceRange }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.ipStrategy }}
|
||||
ipStrategy:
|
||||
{{- if $middlewareData.ipStrategy.depth }}
|
||||
depth: {{ $middlewareData.ipStrategy.depth }}
|
||||
{{- end }}
|
||||
{{- if $middlewareData.ipStrategy.excludedIPs }}
|
||||
excludedIPs:
|
||||
{{- range $middlewareData.ipStrategy.excludedIPs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -0,0 +1,19 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.rateLimit }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
rateLimit:
|
||||
average: {{ $middlewareData.average }}
|
||||
burst: {{ $middlewareData.burst }}
|
||||
{{ end }}
|
|
@ -0,0 +1,21 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{- range $index, $middlewareData := .Values.middlewares.realIP }}
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
plugin:
|
||||
traefik-real-ip:
|
||||
excludednets:
|
||||
{{- range $middlewareData.excludedNetworks }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,19 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
redirectScheme:
|
||||
scheme: {{ $middlewareData.scheme }}
|
||||
permanent: {{ $middlewareData.permanent }}
|
||||
{{ end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }}
|
||||
|
||||
---
|
||||
# Declaring the user list
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
redirectRegex:
|
||||
regex: {{ $middlewareData.regex | quote }}
|
||||
replacement: {{ $middlewareData.replacement | quote }}
|
||||
permanent: {{ $middlewareData.permanent }}
|
||||
{{ end }}
|
|
@ -0,0 +1,20 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
|
||||
{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
stripPrefixRegex:
|
||||
regex:
|
||||
{{- range $middlewareData.regex }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -0,0 +1,29 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-opencors-chain
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: basic-ratelimit
|
||||
- name: tc-opencors-headers
|
||||
- name: compress
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-closedcors-chain
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: basic-ratelimit
|
||||
- name: tc-closedcors-headers
|
||||
- name: compress
|
|
@ -0,0 +1,62 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-opencors-headers
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowHeaders:
|
||||
- '*'
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
- POST
|
||||
accessControlAllowOriginList:
|
||||
- '*'
|
||||
accessControlMaxAge: 100
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
customResponseHeaders:
|
||||
server: ""
|
||||
forceSTSHeader: true
|
||||
referrerPolicy: same-origin
|
||||
sslForceHost: true
|
||||
sslRedirect: true
|
||||
stsSeconds: 63072000
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-closedcors-headers
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
headers:
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- HEAD
|
||||
- PUT
|
||||
accessControlMaxAge: 100
|
||||
sslRedirect: true
|
||||
stsSeconds: 63072000
|
||||
# stsIncludeSubdomains: false
|
||||
# stsPreload: false
|
||||
forceSTSHeader: true
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
sslForceHost: true
|
||||
referrerPolicy: same-origin
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: "https"
|
||||
customResponseHeaders:
|
||||
server: ''
|
|
@ -0,0 +1,25 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-nextcloud-redirectregex-dav
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
redirectRegex:
|
||||
regex: "https://(.*)/.well-known/(card|cal)dav"
|
||||
replacement: "https://${1}/remote.php/dav/"
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: tc-nextcloud-chain
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
chain:
|
||||
middlewares:
|
||||
- name: tc-nextcloud-redirectregex-dav
|
|
@ -0,0 +1,26 @@
|
|||
{{- $values := .Values }}
|
||||
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
|
||||
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
|
||||
{{- $namespace = "default" }}
|
||||
{{- end }}
|
||||
{{- range $index, $middlewareData := .Values.middlewares.themePark }}
|
||||
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: {{ $middlewareData.name }}
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
plugin:
|
||||
traefik-themepark:
|
||||
app: {{ $middlewareData.appName }}
|
||||
theme: {{ $middlewareData.themeName }}
|
||||
baseUrl: {{ $middlewareData.baseUrl }}
|
||||
{{- if $middlewareData.addons }}
|
||||
addons:
|
||||
{{- range $middlewareData.addons }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
Loading…
Reference in New Issue