alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity
Files
e0d450e79f73553c8045c7cb99ae0a58495f9978
infrastructure/clusters/cl01tl/helm/traefik/values.yaml
Renovate Bot 32870a7213
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 24s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 23s
Details
render-manifests / render-manifests (pull_request) Successful in 53s
Details
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m54s
Details
chore(deps): update traefik to v3.6.13
2026-04-08 02:27:41 +00:00

175 lines
4.1 KiB
YAML
Raw Blame History

traefik:
image:
registry: docker.io
repository: traefik
tag: v3.6.13@sha256:abb4f51887319c9b9d9cfe1d3cdf9379a771138003bf683f10e97697e148f95f
deployment:
kind: DaemonSet
ingressClass:
enabled: false
gateway:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
listeners:
web:
port: 8000
hostname: "*.alexlebens.net"
protocol: HTTP
namespacePolicy:
from: All
websecure:
port: 8443
hostname: "*.alexlebens.net"
protocol: HTTPS
namespacePolicy:
from: All
certificateRefs:
- group: ''
kind: Secret
name: websecure-gateway-cert
namespace: traefik
mode: Terminate
ssh:
port: 22
protocol: TCP
namespacePolicy:
from: All
allowedRoutes:
kinds:
- kind: TCPRoute
ingressRoute:
dashboard:
enabled: true
matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`)))
entryPoints: ["websecure"]
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
providers:
kubernetesCRD:
allowCrossNamespace: true
allowEmptyServices: true
kubernetesIngress:
enabled: false
kubernetesGateway:
enabled: true
experimentalChannel: true
statusAddress:
ip: 10.232.1.21
metrics:
prometheus:
service:
enabled: true
disableAPICheck: true
serviceMonitor:
enabled: true
prometheusRule:
enabled: true
rules:
- alert: TraefikDown
expr: up{job="traefik"} == 0
for: 5m
labels:
context: traefik
severity: warning
annotations:
summary: "Traefik Down"
description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
global:
checkNewVersion: false
ports:
traefik:
expose:
default: false
web:
port: 8000
expose:
default: true
exposedPort: 80
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
forwardedHeaders:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
proxyProtocol:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
websecure:
port: 8443
expose:
default: true
exposedPort: 443
http:
# -- See
# -- [upstream documentation](https://doc.traefik.io/traefik/security/request-path/#encoded-character-filtering)
# -- [relevant issue] https://github.com/traefik/traefik/issues/12399
encodedCharacters:
allowEncodedSlash: true
allowEncodedBackSlash: true
allowEncodedNullCharacter: true
allowEncodedSemicolon: true
allowEncodedPercent: true
allowEncodedQuestionMark: true
allowEncodedHash: true
forwardedHeaders:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
proxyProtocol:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
ssh:
port: 22
expose:
default: true
exposedPort: 22
forwardedHeaders:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
proxyProtocol:
trustedIPs:
- 10.0.0.0/8
- 172.16.0.0/16
- 192.168.0.0/16
- fc00::/7
metrics:
expose:
default: false
service:
enabled: true
type: LoadBalancer
externalIPs:
- 10.232.1.21
resources:
requests:
cpu: 10m
memory: 100Mi
traefik-crds:
enabled: true
traefik: true
gatewayAPI: false
gatewayAPIExperimental: true
hub: false
deleteOnUninstall: false
Reference in New Issue View Git Blame Copy Permalink