kube/traefik/kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: traefik

# spec: https://kubectl.docs.kubernetes.io/references/kustomize/builtins/#_helmchartinflationgenerator_
helmCharts:
- includeCRDs: true
  name: &name traefik
  releaseName: *name
  repo: https://traefik.github.io/charts
  valuesInline: # https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml
    namespace: *name
    image:
      registry: mirror.gcr.io/library
    websecure: # might not be needed
      tls: {enabled: true}
    providers:
      kubernetesCRD:
        allowExternalNameServices: true
      kubernetesIngress:
        allowExternalNameServices: true
    deployment:
      replicas: 4
      annotations:
        keel.sh/policy: minor
        keel.sh/trigger: patch
        keel.sh/pollSchedule: "@midnight"
    affinity:
     podAntiAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
         - labelSelector:
             matchLabels:
               app.kubernetes.io/name: '{{ template "traefik.name" . }}'
               app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}'
           topologyKey: topology.kubernetes.io/zone
    logs:
      access:
        enabled: true
        format: json
    ports:
      web:
        redirections:
          entryPoint:
            to: websecure
            scheme: https
            permanent: true
    service:
      annotations:
        external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee,k6.ee
      spec:
        externalTrafficPolicy: Local
    ingressRoute:
      dashboard:
        enabled: true
        domain: traefik.k-space.ee
        matchRule: Host(`traefik.k-space.ee`)
        entryPoints: ["websecure"]
        middlewares:
          - name: "dashboard"
          - name: "dashboard-redirect"
    tlsOptions: # https://ssl-config.mozilla.org/#server=traefik&config=modern&hsts=false
      default:
        minVersion: VersionTLS13
        curvePreferences: ["X25519", "CurveP256", "CurveP384"]
  version: v36.2.0 # helm search repo traefik/traefik --versions

resources:
- ./application-extras.yml
- ./networkpolicy-base.yml #TODO: should be ../shared/networkpolicy-base.yml