kube/traefik/values.yml

image:
  registry: mirror.gcr.io/library
  tag: "3.1.0"
  pullPolicy: IfNotPresent

websecure:
  tls:
    enabled: true

providers:
  kubernetesCRD:
    enabled: true
    allowEmptyServices: true
    allowExternalNameServices: true

  kubernetesIngress:
    allowEmptyServices: true
    allowExternalNameServices: true
    publishedService:
      enabled: true

deployment:
  replicas: 2

  annotations:
    keel.sh/policy: minor
    keel.sh/trigger: patch
    keel.sh/pollSchedule: "@midnight"

accessLog:
  format: json

# Globally redirect to https://
globalArguments:
 - --entryPoints.web.http.redirections.entryPoint.to=:443
 - --entryPoints.web.http.redirections.entryPoint.scheme=https

service:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee
  spec:
    externalTrafficPolicy: Local

ingressRoute:
  dashboard:
    enabled: true
    domain: traefik.k-space.ee
    matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
    entryPoints: ["websecure"]
    middlewares: 
      - name: "dashboard"
      - name: "dashboard-redirect"

tlsOptions:
  default:
    minVersion: VersionTLS12
    cipherSuites:
      # TLS 1.1 and 1.2 ciphers
      - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
      - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
      # TLS 1.3 ciphers
      - TLS_AES_128_GCM_SHA256
      - TLS_AES_256_GCM_SHA384
      - TLS_CHACHA20_POLY1305_SHA256
Initial commit 2022-08-16 09:40:54 +00:00			`image:`
Bump Traefik from 2.9 to 2.10 2023-07-25 17:23:23 +00:00			`registry: mirror.gcr.io/library`
traefik: upgrade to 3.1, migrate dashboard via ingressroute 2024-07-26 21:06:07 +00:00			`tag: "3.1.0"`
Bump Traefik from 2.9 to 2.10 2023-07-25 17:23:23 +00:00			`pullPolicy: IfNotPresent`
Initial commit 2022-08-16 09:40:54 +00:00
			`websecure:`
			`tls:`
			`enabled: true`

			`providers:`
traefik: Pull resources only from trusted namespaces 2022-10-21 05:27:07 +00:00			`kubernetesCRD:`
			`enabled: true`
Move whoami 2023-08-13 15:35:25 +00:00			`allowEmptyServices: true`
			`allowExternalNameServices: true`
traefik: Pull resources only from trusted namespaces 2022-10-21 05:27:07 +00:00
Initial commit 2022-08-16 09:40:54 +00:00			`kubernetesIngress:`
traefik: Pull resources only from trusted namespaces 2022-10-21 05:27:07 +00:00			`allowEmptyServices: true`
Initial commit 2022-08-16 09:40:54 +00:00			`allowExternalNameServices: true`
traefik: publish services (for argo healthy) 2024-08-03 05:13:35 +00:00			`publishedService:`
			`enabled: true`
Initial commit 2022-08-16 09:40:54 +00:00
			`deployment:`
			`replicas: 2`

			`annotations:`
			`keel.sh/policy: minor`
			`keel.sh/trigger: patch`
			`keel.sh/pollSchedule: "@midnight"`

Migrate to Prometheus Operator 2022-09-11 13:24:35 +00:00			`accessLog:`
			`format: json`
Initial commit 2022-08-16 09:40:54 +00:00
			`# Globally redirect to https://`
			`globalArguments:`
			`- --entryPoints.web.http.redirections.entryPoint.to=:443`
			`- --entryPoints.web.http.redirections.entryPoint.scheme=https`

			`service:`
traefik: upgrade to 3.1, migrate dashboard via ingressroute 2024-07-26 21:06:07 +00:00			`annotations:`
			`external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee`
Initial commit 2022-08-16 09:40:54 +00:00			`spec:`
			`externalTrafficPolicy: Local`

			`ingressRoute:`
			`dashboard:`
			`enabled: true`
			`domain: traefik.k-space.ee`
traefik: upgrade to 3.1, migrate dashboard via ingressroute 2024-07-26 21:06:07 +00:00			matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) \|\| PathPrefix(`/dashboard`))
			`entryPoints: ["websecure"]`
migrate to new passmower 2024-07-27 00:15:41 +00:00			`middlewares:`
			`- name: "dashboard"`
			`- name: "dashboard-redirect"`
Initial commit 2022-08-16 09:40:54 +00:00
			`tlsOptions:`
			`default:`
			`minVersion: VersionTLS12`
			`cipherSuites:`
			`# TLS 1.1 and 1.2 ciphers`
			`- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
			`- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
			`- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
			`- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
			`- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`
			`- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`
			`# TLS 1.3 ciphers`
			`- TLS_AES_128_GCM_SHA256`
			`- TLS_AES_256_GCM_SHA384`
			`- TLS_CHACHA20_POLY1305_SHA256`