160 lines
4.0 KiB
YAML
160 lines
4.0 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: traefik-system
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "-1"
|
|
---
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: traefik
|
|
namespace: argocd
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "1"
|
|
labels:
|
|
app.kubernetes.io/name: traefik
|
|
app.kubernetes.io/part-of: platform
|
|
app.kubernetes.io/managed-by: argocd
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
project: default
|
|
|
|
source:
|
|
repoURL: https://traefik.github.io/charts
|
|
chart: traefik
|
|
targetRevision: "28.0.0"
|
|
|
|
helm:
|
|
values: |
|
|
metrics:
|
|
addInternals: true
|
|
tracing:
|
|
otlp:
|
|
enabled: true
|
|
logs:
|
|
general:
|
|
level: DEBUG
|
|
access:
|
|
format: json
|
|
enabled: true
|
|
|
|
additionalArguments:
|
|
- "--tracing.otlp.http.endpoint=http://tempo.monitoring.svc.cluster.local:4318/v1/traces"
|
|
|
|
providers:
|
|
kubernetesIngress:
|
|
publishedService: # Fixes ArgoCD health checks for LoadBalancer services
|
|
enabled: true
|
|
deployment:
|
|
replicas: 2
|
|
|
|
ingressRoute:
|
|
dashboard:
|
|
enabled: true
|
|
# Optional: specify entrypoint
|
|
entrypoint: traefik
|
|
|
|
api:
|
|
dashboard: true
|
|
debug: false
|
|
|
|
service:
|
|
type: LoadBalancer
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.priority: "42"
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
service.beta.kubernetes.io/upcloud-load-balancer-config: |
|
|
{
|
|
"frontends": [
|
|
{
|
|
"name": "web",
|
|
"mode": "tcp"
|
|
},
|
|
{
|
|
"name": "websecure",
|
|
"mode": "tcp"
|
|
},
|
|
{
|
|
"name": "giteassh",
|
|
"mode": "tcp"
|
|
}
|
|
],
|
|
"backends": [
|
|
{
|
|
"name": "web",
|
|
"properties": {
|
|
"outbound_proxy_protocol": "v2"
|
|
}
|
|
},
|
|
{
|
|
"name": "websecure",
|
|
"properties": {
|
|
"outbound_proxy_protocol": "v2"
|
|
}
|
|
},
|
|
{
|
|
"name": "giteassh"
|
|
}
|
|
]
|
|
}
|
|
|
|
ingressClass:
|
|
enabled: true
|
|
isDefaultClass: true
|
|
|
|
# Configure entry points
|
|
ports:
|
|
metrics:
|
|
expose:
|
|
default: true
|
|
observability:
|
|
accessLogs: true
|
|
metrics: true
|
|
tracing: true
|
|
traceVerbosity: detailed
|
|
web:
|
|
proxyProtocol:
|
|
trustedIPs: "172.16.1.0/24"
|
|
forwardedHeaders:
|
|
trustedIPs: "172.16.1.0/24"
|
|
http:
|
|
redirections:
|
|
entrypoint:
|
|
to: websecure
|
|
scheme: https
|
|
|
|
websecure:
|
|
proxyProtocol:
|
|
trustedIPs: "172.16.1.0/24"
|
|
forwardedHeaders:
|
|
trustedIPs: "172.16.1.0/24"
|
|
observability:
|
|
accessLogs: true
|
|
metrics: true
|
|
tracing: true
|
|
|
|
giteassh:
|
|
port: 2222
|
|
expose:
|
|
default: true
|
|
exposedPort: 2222
|
|
protocol: TCP
|
|
|
|
destination:
|
|
server: https://kubernetes.default.svc
|
|
namespace: traefik-system
|
|
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|
|
allowEmpty: false
|
|
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
- Validate=true
|
|
- ServerSideApply=true
|