traefik: image: registry: docker.io repository: traefik tag: v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec deployment: kind: DaemonSet ingressClass: enabled: false gateway: enabled: true annotations: cert-manager.io/cluster-issuer: letsencrypt-issuer listeners: web: port: 8000 hostname: "*.alexlebens.net" protocol: HTTP namespacePolicy: from: All websecure: port: 8443 hostname: "*.alexlebens.net" protocol: HTTPS namespacePolicy: from: All certificateRefs: - group: '' kind: Secret name: websecure-gateway-cert namespace: traefik mode: Terminate ssh: port: 22 protocol: TCP namespacePolicy: from: All allowedRoutes: kinds: - kind: TCPRoute ingressRoute: dashboard: enabled: true matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) entryPoints: ["websecure"] updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 providers: kubernetesCRD: allowCrossNamespace: true allowEmptyServices: true kubernetesIngress: enabled: false kubernetesGateway: enabled: true experimentalChannel: true statusAddress: ip: 10.232.1.21 metrics: prometheus: service: enabled: true disableAPICheck: true serviceMonitor: enabled: true prometheusRule: enabled: true rules: - alert: TraefikDown expr: up{job="traefik"} == 0 for: 5m labels: context: traefik severity: warning annotations: summary: "Traefik Down" description: "{{ $labels.pod }} on {{ $labels.nodename }} is down" global: checkNewVersion: false ports: traefik: expose: default: false web: port: 8000 expose: default: true exposedPort: 80 http: redirections: entryPoint: to: websecure scheme: https permanent: true forwardedHeaders: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 proxyProtocol: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 websecure: port: 8443 expose: default: true exposedPort: 443 http: # -- See # -- [upstream documentation](https://doc.traefik.io/traefik/security/request-path/#encoded-character-filtering) # -- [relevant issue] https://github.com/traefik/traefik/issues/12399 encodedCharacters: allowEncodedSlash: true allowEncodedBackSlash: true allowEncodedNullCharacter: true allowEncodedSemicolon: true allowEncodedPercent: true allowEncodedQuestionMark: true allowEncodedHash: true forwardedHeaders: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 proxyProtocol: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 ssh: port: 22 expose: default: true exposedPort: 22 forwardedHeaders: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 proxyProtocol: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 metrics: expose: default: false service: enabled: true type: LoadBalancer externalIPs: - 10.232.1.21 resources: requests: cpu: 10m memory: 100Mi traefik-crds: enabled: true traefik: true gatewayAPI: false gatewayAPIExperimental: true hub: false deleteOnUninstall: false