forked from k-space/kube
77 lines
1.5 KiB
YAML
77 lines
1.5 KiB
YAML
image:
|
|
tag: "2.9"
|
|
|
|
websecure:
|
|
tls:
|
|
enabled: true
|
|
|
|
providers:
|
|
kubernetesCRD:
|
|
enabled: true
|
|
namespaces:
|
|
- traefik
|
|
- authelia
|
|
|
|
kubernetesIngress:
|
|
allowEmptyServices: true
|
|
allowExternalNameServices: true
|
|
namespaces:
|
|
- argocd
|
|
- authelia
|
|
- camtiler
|
|
- drone
|
|
- elastic-system
|
|
- etherpad
|
|
- freescout
|
|
- grafana
|
|
- harbor
|
|
- kubernetes-dashboard
|
|
- logging
|
|
- longhorn-system
|
|
- phpmyadmin
|
|
- prometheus-operator
|
|
- wildduck
|
|
|
|
deployment:
|
|
replicas: 2
|
|
|
|
annotations:
|
|
keel.sh/policy: minor
|
|
keel.sh/trigger: patch
|
|
keel.sh/pollSchedule: "@midnight"
|
|
|
|
accessLog:
|
|
format: json
|
|
|
|
# Globally redirect to https://
|
|
globalArguments:
|
|
- --entryPoints.web.http.redirections.entryPoint.to=:443
|
|
- --entryPoints.web.http.redirections.entryPoint.scheme=https
|
|
|
|
service:
|
|
spec:
|
|
# Keep sync with ingress.yml
|
|
loadBalancerIP: 193.40.103.36
|
|
externalTrafficPolicy: Local
|
|
|
|
ingressRoute:
|
|
dashboard:
|
|
enabled: true
|
|
domain: traefik.k-space.ee
|
|
|
|
tlsOptions:
|
|
default:
|
|
minVersion: VersionTLS12
|
|
cipherSuites:
|
|
# TLS 1.1 and 1.2 ciphers
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
|
# TLS 1.3 ciphers
|
|
- TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384
|
|
- TLS_CHACHA20_POLY1305_SHA256
|