apiVersion: apps/v1 kind: DaemonSet metadata: name: traefik namespace: traefik labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik helm.sh/chart: traefik-39.0.0 app.kubernetes.io/managed-by: Helm annotations: spec: selector: matchLabels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-traefik updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 maxSurge: 1 minReadySeconds: 0 template: metadata: annotations: null labels: app.kubernetes.io/instance: traefik-traefik app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: traefik helm.sh/chart: traefik-39.0.0 spec: automountServiceAccountToken: true containers: - args: - --entryPoints.metrics.address=:9100/tcp - --entryPoints.ssh.address=:22/tcp - --entryPoints.traefik.address=:8080/tcp - --entryPoints.web.address=:8000/tcp - --entryPoints.websecure.address=:8443/tcp - --api.dashboard=true - --ping=true - --metrics.prometheus=true - --metrics.prometheus.entrypoint=metrics - --providers.kubernetescrd - --providers.kubernetescrd.allowCrossNamespace=true - --providers.kubernetescrd.allowEmptyServices=true - --providers.kubernetesgateway - --providers.kubernetesgateway.statusaddress.ip=10.232.1.21 - --providers.kubernetesgateway.statusaddress.service.name=traefik - --providers.kubernetesgateway.statusaddress.service.namespace=traefik - --providers.kubernetesgateway.experimentalchannel=true - --entryPoints.ssh.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 - --entryPoints.ssh.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 - --entryPoints.web.http.redirections.entryPoint.to=:443 - --entryPoints.web.http.redirections.entryPoint.scheme=https - --entryPoints.web.http.redirections.entryPoint.permanent=true - --entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 - --entryPoints.web.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 - --entryPoints.websecure.http.encodedCharacters.allowEncodedBackSlash=true - --entryPoints.websecure.http.encodedCharacters.allowEncodedHash=true - --entryPoints.websecure.http.encodedCharacters.allowEncodedNullCharacter=true - --entryPoints.websecure.http.encodedCharacters.allowEncodedPercent=true - --entryPoints.websecure.http.encodedCharacters.allowEncodedQuestionMark=true - --entryPoints.websecure.http.encodedCharacters.allowEncodedSemicolon=true - --entryPoints.websecure.http.encodedCharacters.allowEncodedSlash=true - --entryPoints.websecure.http.tls=true - --entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 - --entryPoints.websecure.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7 - --log.level=INFO env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: USER value: traefik image: docker.io/traefik:v3.6.7 imagePullPolicy: IfNotPresent lifecycle: null livenessProbe: failureThreshold: 3 httpGet: path: /ping port: 8080 scheme: HTTP initialDelaySeconds: 2 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 name: traefik ports: - containerPort: 9100 name: metrics protocol: TCP - containerPort: 22 name: ssh protocol: TCP - containerPort: 8080 name: traefik protocol: TCP - containerPort: 8000 name: web protocol: TCP - containerPort: 8443 name: websecure protocol: TCP readinessProbe: failureThreshold: 1 httpGet: path: /ping port: 8080 scheme: HTTP initialDelaySeconds: 2 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 resources: null securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /data name: data - mountPath: /tmp name: tmp hostNetwork: false securityContext: runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 seccompProfile: type: RuntimeDefault serviceAccountName: traefik terminationGracePeriodSeconds: 60 volumes: - emptyDir: {} name: data - emptyDir: {} name: tmp