gitea-bot
85fabce805
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #3393 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
147 lines
5.4 KiB
YAML
147 lines
5.4 KiB
YAML
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: traefik
|
|
namespace: traefik
|
|
labels:
|
|
app.kubernetes.io/name: traefik
|
|
app.kubernetes.io/instance: traefik-traefik
|
|
helm.sh/chart: traefik-39.0.0
|
|
app.kubernetes.io/managed-by: Helm
|
|
annotations:
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: traefik
|
|
app.kubernetes.io/instance: traefik-traefik
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 0
|
|
maxSurge: 1
|
|
minReadySeconds: 0
|
|
template:
|
|
metadata:
|
|
annotations: null
|
|
labels:
|
|
app.kubernetes.io/instance: traefik-traefik
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: traefik
|
|
helm.sh/chart: traefik-39.0.0
|
|
spec:
|
|
automountServiceAccountToken: true
|
|
containers:
|
|
- args:
|
|
- --entryPoints.metrics.address=:9100/tcp
|
|
- --entryPoints.ssh.address=:22/tcp
|
|
- --entryPoints.traefik.address=:8080/tcp
|
|
- --entryPoints.web.address=:8000/tcp
|
|
- --entryPoints.websecure.address=:8443/tcp
|
|
- --api.dashboard=true
|
|
- --ping=true
|
|
- --metrics.prometheus=true
|
|
- --metrics.prometheus.entrypoint=metrics
|
|
- --providers.kubernetescrd
|
|
- --providers.kubernetescrd.allowCrossNamespace=true
|
|
- --providers.kubernetescrd.allowEmptyServices=true
|
|
- --providers.kubernetesgateway
|
|
- --providers.kubernetesgateway.statusaddress.ip=10.232.1.21
|
|
- --providers.kubernetesgateway.statusaddress.service.name=traefik
|
|
- --providers.kubernetesgateway.statusaddress.service.namespace=traefik
|
|
- --providers.kubernetesgateway.experimentalchannel=true
|
|
- --entryPoints.ssh.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7
|
|
- --entryPoints.ssh.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7
|
|
- --entryPoints.web.http.redirections.entryPoint.to=:443
|
|
- --entryPoints.web.http.redirections.entryPoint.scheme=https
|
|
- --entryPoints.web.http.redirections.entryPoint.permanent=true
|
|
- --entryPoints.web.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7
|
|
- --entryPoints.web.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7
|
|
- --entryPoints.websecure.http.encodedCharacters.allowEncodedBackSlash=true
|
|
- --entryPoints.websecure.http.encodedCharacters.allowEncodedHash=true
|
|
- --entryPoints.websecure.http.encodedCharacters.allowEncodedNullCharacter=true
|
|
- --entryPoints.websecure.http.encodedCharacters.allowEncodedPercent=true
|
|
- --entryPoints.websecure.http.encodedCharacters.allowEncodedQuestionMark=true
|
|
- --entryPoints.websecure.http.encodedCharacters.allowEncodedSemicolon=true
|
|
- --entryPoints.websecure.http.encodedCharacters.allowEncodedSlash=true
|
|
- --entryPoints.websecure.http.tls=true
|
|
- --entryPoints.websecure.forwardedHeaders.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7
|
|
- --entryPoints.websecure.proxyProtocol.trustedIPs=10.0.0.0/8,172.16.0.0/16,192.168.0.0/16,fc00::/7
|
|
- --log.level=INFO
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: USER
|
|
value: traefik
|
|
image: docker.io/traefik:v3.6.7
|
|
imagePullPolicy: IfNotPresent
|
|
lifecycle: null
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /ping
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 2
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 2
|
|
name: traefik
|
|
ports:
|
|
- containerPort: 9100
|
|
name: metrics
|
|
protocol: TCP
|
|
- containerPort: 22
|
|
name: ssh
|
|
protocol: TCP
|
|
- containerPort: 8080
|
|
name: traefik
|
|
protocol: TCP
|
|
- containerPort: 8000
|
|
name: web
|
|
protocol: TCP
|
|
- containerPort: 8443
|
|
name: websecure
|
|
protocol: TCP
|
|
readinessProbe:
|
|
failureThreshold: 1
|
|
httpGet:
|
|
path: /ping
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 2
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 2
|
|
resources: null
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: data
|
|
- mountPath: /tmp
|
|
name: tmp
|
|
hostNetwork: false
|
|
securityContext:
|
|
runAsGroup: 65532
|
|
runAsNonRoot: true
|
|
runAsUser: 65532
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
serviceAccountName: traefik
|
|
terminationGracePeriodSeconds: 60
|
|
volumes:
|
|
- emptyDir: {}
|
|
name: data
|
|
- emptyDir: {}
|
|
name: tmp
|