apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: traefik # spec: https://kubectl.docs.kubernetes.io/references/kustomize/builtins/#_helmchartinflationgenerator_ helmCharts: - includeCRDs: true name: &name traefik releaseName: *name repo: https://traefik.github.io/charts valuesInline: # https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml namespace: *name image: registry: mirror.gcr.io/library websecure: # might not be needed tls: {enabled: true} providers: kubernetesCRD: allowExternalNameServices: true kubernetesIngress: allowExternalNameServices: true deployment: replicas: 4 annotations: keel.sh/policy: minor keel.sh/trigger: patch keel.sh/pollSchedule: "@midnight" affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app.kubernetes.io/name: '{{ template "traefik.name" . }}' app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}' topologyKey: topology.kubernetes.io/zone logs: access: enabled: true format: json ports: web: redirections: entryPoint: to: websecure scheme: https permanent: true service: annotations: external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee,k6.ee spec: externalTrafficPolicy: Local ingressRoute: dashboard: enabled: true domain: traefik.k-space.ee matchRule: Host(`traefik.k-space.ee`) entryPoints: ["websecure"] middlewares: - name: "dashboard" - name: "dashboard-redirect" tlsOptions: # https://ssl-config.mozilla.org/#server=traefik&config=modern&hsts=false default: minVersion: VersionTLS13 curvePreferences: ["X25519", "CurveP256", "CurveP384"] version: v36.2.0 # helm search repo traefik/traefik --versions resources: - ./application-extras.yml - ./networkpolicy-base.yml #TODO: should be ../shared/networkpolicy-base.yml