# Configure the deployment deployment: enabled: true # Can be either Deployment or DaemonSet kind: Deployment replicas: 1 # Activate Pilot integration pilot: enabled: false token: "" # Create an IngressRoute for the dashboard ingressRoute: dashboard: enabled: true # Configure providers providers: kubernetesCRD: enabled: true namespaces: [] # - "default" kubernetesIngress: enabled: true namespaces: [] # - "default" # IP used for Kubernetes Ingress endpoints publishedService: enabled: false # Published Kubernetes Service to copy status from. Format: namespace/servicename # By default this Traefik service # pathOverride: "" # Add volumes to the traefik pod. The volume name will be passed to tpl. # This can be used to mount a cert pair or a configmap that holds a config.toml file. # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: # additionalArguments: # - "--providers.file.filename=/config/dynamic.toml" volumes: [] # - name: public-cert # mountPath: "/certs" # type: secret # - name: xxx # mountPath: "/config" # type: configMap # Additional volumeMounts to add to the Traefik container additionalVolumeMounts: [] # For instance when using a logshipper for access logs # - name: traefik-logs # mountPath: /var/log/traefik # https://docs.traefik.io/observability/logs/ logs: # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). general: # By default, the logs use a text format (common), but you can # also ask for the json format in the format option # format: json # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. level: ERROR access: # To enable access logs enabled: false # By default, logs are written using the Common Log Format (CLF). # To write logs in JSON, use json in the format option. # If the given format is unsupported, the default (CLF) is used instead. # format: json # To write the logs in an asynchronous fashion, specify a bufferingSize option. # This option represents the number of log lines Traefik will keep in memory before writing # them to the selected output. In some cases, this option can greatly help performances. # bufferingSize: 100 # Filtering https://docs.traefik.io/observability/access-logs/#filtering filters: {} # statuscodes: "200,300-302" # retryattempts: true # minduration: 10ms # Fields # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers fields: general: defaultmode: keep names: {} # Examples: # ClientUsername: drop headers: defaultmode: drop names: {} # Examples: # User-Agent: redact # Authorization: drop # Content-Type: keep globalArguments: - "--global.checknewversion" # Configure ports ports: traefik: port: 9000 expose: false web: port: 8000 expose: true exposedPort: 80 protocol: TCP nodePort: 32080 # Port Redirections # Added in 2.2, you can make permanent redirects via entrypoints. # https://docs.traefik.io/routing/entrypoints/#redirection # redirectTo: websecure websecure: port: 8443 expose: true exposedPort: 443 protocol: TCP nodePort: 32443 # Set TLS at the entrypoint # https://doc.traefik.io/traefik/routing/entrypoints/#tls tls: enabled: false # this is the name of a TLSOption definition options: "" certResolver: "" domains: [] # - main: example.com # sans: # - foo.example.com # - bar.example.com # Options for the main traefik service, where the entrypoints traffic comes from. service: enabled: true type: NodePort # If hostNetwork is true, runs traefik in the host network namespace hostNetwork: false rbac: enabled: true resources: {} # requests: # cpu: "100m" # memory: "50Mi" # limits: # cpu: "300m" # memory: "150Mi" nodeSelector: {} # Set the container security context # To run the container with ports below 1024 this will need to be adjust to run as root securityContext: capabilities: drop: [ALL] readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 podSecurityContext: fsGroup: 65532