julian/scale-catalog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5d1ab94342
scale-catalog/premium/traefik/27.0.13/ix_values.yaml

502 lines
16 KiB
YAML
Raw Normal View History

add scale catalog
2024-07-13 07:59:30 +00:00
image:
repository: tccr.io/tccr/traefik
tag: v2.11.2@sha256:e1953de4b4240e0a430a6f5bc1eaa182218255cd763a011904902de2e6d8831f
pullPolicy: IfNotPresent
workload:
main:
replicas: 2
strategy: RollingUpdate
podSpec:
containers:
main:
args: []
probes:
# -- Liveness probe configuration
# @default -- See below
liveness:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: tcp
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Readiness probe configuration
# @default -- See below
readiness:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: tcp
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Startup probe configuration
# @default -- See below
startup:
# -- sets the probe type when not using a custom probe
# @default -- "TCP"
type: tcp
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Options for all pods
# Can be overruled per pod
podOptions:
automountServiceAccountToken: true
operator:
register: true
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
ingressClass:
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled: false
isDefaultClass: false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
fallbackApiVersion: ""
# -- Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
#
# -- Configure providers
providers:
kubernetesCRD:
enabled: true
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
# labelSelector: environment=production,method=traefik
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: true
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
# -- Logs
# https://docs.traefik.io/observability/logs/
logs:
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
# -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
format: common
access:
# To enable access logs
enabled: false
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names: {}
# Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names: {}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
format: common
metrics:
main:
enabled: true
type: servicemonitor
endpoints:
- port: metrics
path: /metrics
targetSelector: metrics
globalArguments:
- "--global.checknewversion"
configmap:
dashboard:
enabled: true
labels:
grafana_dashboard: "1"
data:
traefik.json: >-
{{ .Files.Get "dashboard.json" | indent 8 }}
##
# -- Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
- "--serverstransport.insecureskipverify=true"
- "--providers.kubernetesingress.allowexternalnameservices=true"
# -- Default clusterCertificate generated by clusterissuer
defaultCertificate: ""
# -- Add custom DNSStore objects
tlsStore: {}
# -- TLS Options to be created as TLSOption CRDs
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
# Example:
tlsOptions:
default:
sniStrict: false
minVersion: VersionTLS12
curvePreferences:
- CurveP521
- CurveP384
- X25519
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
# -- Options for the main traefik service, where the entrypoints traffic comes from
# from.
service:
main:
type: LoadBalancer
ports:
main:
port: 9000
targetPort: 9000
protocol: http
# -- Forwarded Headers should never be enabled on Main entrypoint
forwardedHeaders:
enabled: false
# -- Proxy Protocol should never be enabled on Main entrypoint
proxyProtocol:
enabled: false
tcp:
enabled: true
type: LoadBalancer
## In most cases, you want this changed to `Local`
externalTrafficPolicy: Cluster
ports:
web:
enabled: true
port: 80
protocol: http
redirectTo: websecure
# Options: Empty, 0 (ingore), or positive int
# redirectPort:
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders:
enabled: false
# -- List of trusted IP and CIDR references
trustedIPs: []
# -- Trust all forwarded headers
insecureMode: false
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol:
enabled: false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs: []
# -- Trust every incoming connection
insecureMode: false
websecure:
enabled: true
port: 443
protocol: https
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders:
enabled: false
# -- List of trusted IP and CIDR references
trustedIPs: []
# -- Trust all forwarded headers
insecureMode: false
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol:
enabled: false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs: []
# -- Trust every incoming connection
insecureMode: false
# tcpexample:
# enabled: true
# targetPort: 9443
# protocol: tcp
# tls:
# enabled: false
# # this is the name of a TLSOption definition
# options: ""
# certResolver: ""
# domains: []
# # - main: example.com
# # sans:
# # - foo.example.com
# # - bar.example.com
metrics:
enabled: true
type: ClusterIP
ports:
metrics:
enabled: true
port: 9180
targetPort: 9180
protocol: http
# -- Forwarded Headers should never be enabled on Metrics entrypoint
forwardedHeaders:
enabled: false
# -- Proxy Protocol should never be enabled on Metrics entrypoint
proxyProtocol:
enabled: false
# udp:
# enabled: false
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
main:
enabled: true
primary: true
clusterWide: true
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
- traefik.io
resources:
- middlewares
- middlewaretcps
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
verbs:
- get
- list
- watch
# -- The service account the pods will use to interact with the Kubernetes API
serviceAccount:
main:
enabled: true
primary: true
# -- SCALE Middleware Handlers
middlewares:
basicAuth: []
# - name: basicauthexample
# users:
# - username: testuser
# password: testpassword
forwardAuth: []
# - name: forwardAuthexample
# address: https://auth.example.com/
# authResponseHeaders:
# - X-Secret
# - X-Auth-User
# authRequestHeaders:
# - "Accept"
# - "X-CustomHeader"
# authResponseHeadersRegex: "^X-"
# trustForwardHeader: true
customRequestHeaders: []
# - name: customRequestHeaderExample
# headers:
# - name: X-Custom-Header
# value: "foobar"
# - name: X-Header-To-Remove
# value: ""
customResponseHeaders: []
# - name: customResponseHeaderExample
# headers:
# - name: X-Custom-Header
# value: "foobar"
# - name: X-Header-To-Remove
# value: ""
rewriteResponseHeaders: []
# - name: rewriteResponseHeadersName
# headers:
# - name: "Location"
# regex: "^http://(.+)$"
# replacement: "https://$1"
# - name: "Date"
# regex: "^[^,]+,\\s*(.+)$"
# replacement: "$1"
customFrameOptionsValue: []
# - name: customFrameOptionsValueExample
# value: "SAMEORIGIN"
buffering: []
# - name: bufferingExample
# maxRequestBodyBytes: 1000000
# memRequestBodyBytes: 1000000
# maxResponseBodyBytes: 1000000
# memResponseBodyBytes: 1000000
# retryExpression: "IsNetworkError() && Attempts() < 2"
chain: []
# - name: chainname
# middlewares:
# - name: compress
redirectScheme: []
# - name: redirectSchemeName
# scheme: https
# permanent: true
rateLimit: []
# - name: rateLimitName
# average: 300
# burst: 200
redirectRegex: []
# - name: redirectRegexName
# regex: putregexhere
# replacement: replacementurlhere
# permanent: false
stripPrefixRegex: []
# - name: stripPrefixRegexName
# regex: []
ipWhiteList: []
# - name: ipWhiteListName
# sourceRange: []
# ipStrategy:
# depth: 2
# excludedIPs: []
themePark: []
# - name: themeParkName
# -- Supported apps, lower case name
# -- https://docs.theme-park.dev/themes
# app: appnamehere
# -- Supported themes, lower case name
# -- https://docs.theme-park.dev/themes/APPNAMEHERE
# -- https://docs.theme-park.dev/community-themes
# theme: themenamehere
# -- https://theme-park.dev or a self hosted url
# baseUrl: https://theme-park.dev
# Sets X-Real-Ip with an IP from the X-Forwarded-For or
# Cf-Connecting-Ip (If from Cloudflare)
# Evaluation of those headers will go from last to first
realIP: []
# - name: realIPName
# -- The real IP will be the first one that is
# -- not included in any of the CIDRs passed here
# excludedNetworks:
# - 1.1.1.1/24
addPrefix: []
# - name: addPrefixName
# prefix: "/foo"
geoBlock: []
# -- https://github.com/PascalMinder/geoblock
# - name: geoBlockName
# allowLocalRequests: true
# logLocalRequests: false
# logAllowedRequests: false
# logApiRequests: false
# api: https://get.geojs.io/v1/ip/country/{ip}
# apiTimeoutMs: 500
# cacheSize: 25
# forceMonthlyUpdate: true
# allowUnknownCountries: false
# unknownCountryApiResponse: nil
# blackListMode: false
# countries:
# - RU
modsecurity: []
# - name: modsecurityName
# modSecurityUrl: modSecurity container URL
# timeoutMillis: Configurated timeout
# maxBodySize: maxBodySize
bouncer: []
# - name: bouncer
# enabled: false
# logLevel: DEBUG
# updateIntervalSeconds: 60
# defaultDecisionSeconds: 60
# httpTimeoutSeconds: 10
# crowdsecMode: live
# crowdsecAppsecEnabled: false
# crowdsecAppsecHost: crowdsec:7422
# crowdsecAppsecFailureBlock: true
# crowdsecLapiKey: privateKey-foo
# crowdsecLapiKeyFile: /etc/traefik/cs-privateKey-foo
# crowdsecLapiHost: crowdsec:8080
# crowdsecLapiScheme: http
# crowdsecLapiTLSInsecureVerify: false
# crowdsecCapiMachineId: login
# crowdsecCapiPassword: password
# crowdsecCapiScenarios:
# - crowdsecurity/http-path-traversal-probing
# - crowdsecurity/http-xss-probing
# - crowdsecurity/http-generic-bf
# forwardedHeadersTrustedIPs:
# - 10.0.10.23/32
# - 10.0.20.0/24
# clientTrustedIPs:
# - 192.168.1.0/24
# forwardedHeadersCustomName: X-Custom-Header
# redisCacheEnabled: false
# redisCacheHost: "redis:6379"
# redisCachePassword: password
# redisCacheDatabase: "5"
# crowdsecLapiTLSCertificateAuthority: |-
# crowdsecLapiTLSCertificateAuthorityFile: /etc/traefik/crowdsec-certs/ca.pem
# crowdsecLapiTLSCertificateBouncer: |-
# crowdsecLapiTLSCertificateBouncerFile: /etc/traefik/crowdsec-certs/bouncer.pem
# crowdsecLapiTLSCertificateBouncerKey: |-
# crowdsecLapiTLSCertificateBouncerKeyFile: /etc/traefik/crowdsec-certs/bouncer-key.pem
## Note: body of every request will be buffered in memory while the request is in-flight
## (i.e.: during the security check and during the request processing by traefik and the backend),
## so you may want to tune maxBodySize depending on how much RAM you have.
portalhook:
enabled: true
persistence:
plugins:
enabled: true
mountPath: "/plugins-storage"
type: emptyDir
crowdsec-bouncer-tls:
enabled: "{{ if .Values.middlewares.bouncer }}true{{ else }}false{{ end }}"
mountPath: "/etc/traefik/crowdsec-certs"
type: secret
expandObjectName: false
objectName: crowdsec-bouncer-tls
portal:
open:
enabled: true
path: /dashboard/
Reference in New Issue Copy Permalink