forked from k-space/kube
66 lines
1.5 KiB
YAML
66 lines
1.5 KiB
YAML
image:
|
|
registry: mirror.gcr.io/library
|
|
tag: "3.1.0"
|
|
pullPolicy: IfNotPresent
|
|
|
|
websecure:
|
|
tls:
|
|
enabled: true
|
|
|
|
providers:
|
|
kubernetesCRD:
|
|
enabled: true
|
|
allowEmptyServices: true
|
|
allowExternalNameServices: true
|
|
|
|
kubernetesIngress:
|
|
allowEmptyServices: true
|
|
allowExternalNameServices: true
|
|
|
|
deployment:
|
|
replicas: 2
|
|
|
|
annotations:
|
|
keel.sh/policy: minor
|
|
keel.sh/trigger: patch
|
|
keel.sh/pollSchedule: "@midnight"
|
|
|
|
accessLog:
|
|
format: json
|
|
|
|
# Globally redirect to https://
|
|
globalArguments:
|
|
- --entryPoints.web.http.redirections.entryPoint.to=:443
|
|
- --entryPoints.web.http.redirections.entryPoint.scheme=https
|
|
|
|
service:
|
|
annotations:
|
|
external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee
|
|
spec:
|
|
externalTrafficPolicy: Local
|
|
|
|
ingressRoute:
|
|
dashboard:
|
|
enabled: true
|
|
domain: traefik.k-space.ee
|
|
matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
|
|
entryPoints: ["websecure"]
|
|
#middlewares:
|
|
# - name: "sso"
|
|
|
|
tlsOptions:
|
|
default:
|
|
minVersion: VersionTLS12
|
|
cipherSuites:
|
|
# TLS 1.1 and 1.2 ciphers
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
|
# TLS 1.3 ciphers
|
|
- TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384
|
|
- TLS_CHACHA20_POLY1305_SHA256
|