forked from k-space/kube
55 lines
1.2 KiB
YAML
55 lines
1.2 KiB
YAML
|
image:
|
||
|
tag: "2.8"
|
||
|
|
||
|
websecure:
|
||
|
tls:
|
||
|
enabled: true
|
||
|
|
||
|
providers:
|
||
|
kubernetesIngress:
|
||
|
allowExternalNameServices: true
|
||
|
|
||
|
deployment:
|
||
|
replicas: 2
|
||
|
|
||
|
annotations:
|
||
|
keel.sh/policy: minor
|
||
|
keel.sh/trigger: patch
|
||
|
keel.sh/pollSchedule: "@midnight"
|
||
|
|
||
|
podAnnotations:
|
||
|
prometheus.io/scrape: 'true'
|
||
|
prometheus.io/port: '9100'
|
||
|
|
||
|
# Globally redirect to https://
|
||
|
globalArguments:
|
||
|
- --entryPoints.web.http.redirections.entryPoint.to=:443
|
||
|
- --entryPoints.web.http.redirections.entryPoint.scheme=https
|
||
|
|
||
|
service:
|
||
|
spec:
|
||
|
# Keep sync with ingress.yml
|
||
|
loadBalancerIP: 193.40.103.36
|
||
|
externalTrafficPolicy: Local
|
||
|
|
||
|
ingressRoute:
|
||
|
dashboard:
|
||
|
enabled: true
|
||
|
domain: traefik.k-space.ee
|
||
|
|
||
|
tlsOptions:
|
||
|
default:
|
||
|
minVersion: VersionTLS12
|
||
|
cipherSuites:
|
||
|
# TLS 1.1 and 1.2 ciphers
|
||
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
||
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||
|
# TLS 1.3 ciphers
|
||
|
- TLS_AES_128_GCM_SHA256
|
||
|
- TLS_AES_256_GCM_SHA384
|
||
|
- TLS_CHACHA20_POLY1305_SHA256
|