62 lines
1.4 KiB
YAML
62 lines
1.4 KiB
YAML
image:
|
|
registry: mirror.gcr.io/library
|
|
tag: "2.10.4@sha256:bbdacc7c3bec50bd2a4430e8a967df44376419634b733185a80ed79388134bdb"
|
|
pullPolicy: IfNotPresent
|
|
|
|
websecure:
|
|
tls:
|
|
enabled: true
|
|
|
|
providers:
|
|
kubernetesCRD:
|
|
enabled: true
|
|
allowEmptyServices: true
|
|
allowExternalNameServices: true
|
|
|
|
kubernetesIngress:
|
|
allowEmptyServices: true
|
|
allowExternalNameServices: true
|
|
|
|
deployment:
|
|
replicas: 2
|
|
|
|
annotations:
|
|
keel.sh/policy: minor
|
|
keel.sh/trigger: patch
|
|
keel.sh/pollSchedule: "@midnight"
|
|
|
|
accessLog:
|
|
format: json
|
|
|
|
# Globally redirect to https://
|
|
globalArguments:
|
|
- --entryPoints.web.http.redirections.entryPoint.to=:443
|
|
- --entryPoints.web.http.redirections.entryPoint.scheme=https
|
|
|
|
service:
|
|
spec:
|
|
# Keep sync with ingress.yml
|
|
loadBalancerIP: 193.40.103.36
|
|
externalTrafficPolicy: Local
|
|
|
|
ingressRoute:
|
|
dashboard:
|
|
enabled: true
|
|
domain: traefik.k-space.ee
|
|
|
|
tlsOptions:
|
|
default:
|
|
minVersion: VersionTLS12
|
|
cipherSuites:
|
|
# TLS 1.1 and 1.2 ciphers
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
|
# TLS 1.3 ciphers
|
|
- TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384
|
|
- TLS_CHACHA20_POLY1305_SHA256
|