k-space/kube
12
1
Fork 3
Code Issues 62 Pull Requests 1 Wiki Activity
Files
f82caf175148a87811b0a906461b4364729ae069
kube/traefik/values.yml

84 lines
2.0 KiB
YAML
Raw Blame History

image:
registry: mirror.gcr.io/library
tag: "3.1.0"
pullPolicy: IfNotPresent
websecure:
tls:
enabled: true
providers:
kubernetesCRD:
enabled: true
allowEmptyServices: true
allowExternalNameServices: true
kubernetesIngress:
allowEmptyServices: true
allowExternalNameServices: true
publishedService:
enabled: true
deployment:
replicas: 4
annotations:
keel.sh/policy: minor
keel.sh/trigger: patch
keel.sh/pollSchedule: "@midnight"
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: '{{ template "traefik.name" . }}'
app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}'
topologyKey: topology.kubernetes.io/zone
updateStrategy:
type: Recreate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
accessLog:
format: json
# Globally redirect to https://
globalArguments:
- --entryPoints.web.http.redirections.entryPoint.to=:443
- --entryPoints.web.http.redirections.entryPoint.scheme=https
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee
spec:
externalTrafficPolicy: Local
ingressRoute:
dashboard:
enabled: true
domain: traefik.k-space.ee
matchRule: Host(`traefik.k-space.ee`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
entryPoints: ["websecure"]
middlewares:
- name: "dashboard"
- name: "dashboard-redirect"
tlsOptions:
default:
minVersion: VersionTLS12
cipherSuites:
# TLS 1.1 and 1.2 ciphers
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
# TLS 1.3 ciphers
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
Reference in New Issue View Git Blame Copy Permalink