infrastructure/clusters/cl01tl/services/traefik/values.yaml

traefik:
  crds:
    enabled: true
    deleteOnUninstall: false
  deployment:
    kind: DaemonSet
  ingressClass:
    enabled: false
  kubernetesGateway:
    enabled: true
  gateway:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-issuer
    listeners:
      web:
        port: 8000
        hostname: "*.alexlebens.net"
        protocol: HTTP
        namespacePolicy: All
      websecure:
        port: 8443
        hostname: "*.alexlebens.net"
        protocol: HTTPS
        namespacePolicy: All
        certificateRefs:
          - group: ''
            kind: Secret
            name: websecure-gateway-cert
            namespace: traefik
        mode: Terminate
      ssh:
        port: 22
        protocol: TCP
        namespacePolicy: All
        allowedRoutes:
          kinds:
            - kind: TCPRoute
  ingressRoute:
    dashboard:
      enabled: true
      matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`)))
      entryPoints: ["websecure"]
  providers:
    kubernetesCRD:
      allowCrossNamespace: true
      allowEmptyServices: true
    kubernetesIngress:
      enabled: false
    kubernetesGateway:
      enabled: true
      experimentalChannel: true
      statusAddress:
        ip: 10.232.1.21
  metrics:
    prometheus:
      service:
        enabled: true
      disableAPICheck:
      serviceMonitor:
        enabled: true
      prometheusRule:
        enabled: false
  globalArguments: []
  ports:
    web:
      port: 8000
      expose:
        default: true
      exposedPort: 80
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
      forwardedHeaders:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
      proxyProtocol:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
    websecure:
      port: 8443
      expose:
        default: true
      exposedPort: 443
      forwardedHeaders:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
      proxyProtocol:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
      tls:
        enabled: true
    ssh:
      port: 22
      expose:
        default: true
      exposedPort: 22
      forwardedHeaders:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
      proxyProtocol:
        trustedIPs:
          - 10.0.0.0/8
          - 172.16.0.0/16
          - 192.168.0.0/16
          - fc00::/7
        insecure: false
      tls:
        enabled: true
    metrics:
      expose:
        default: false
  service:
    enabled: true
    type: LoadBalancer
    externalIPs:
      - 10.232.1.21
# traefik-crds:
#   enabled: true
#   traefik: true
#   gatewayAPI: true
#   hub: false
#   deleteOnUninstall: false