traefik-helmchartconfig.yaml 1.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
  1. apiVersion: helm.cattle.io/v1
  2. kind: HelmChartConfig
  3. metadata:
  4. name: traefik
  5. namespace: kube-system
  6. spec:
  7. valuesContent: |-
  8. ports:
  9. web:
  10. exposedPort: 80
  11. websecure:
  12. exposedPort: 443
  13. additionalArguments:
  14. # Auto cert renewal via cloudflare
  15. #- "--certificatesresolvers.letsencrypt.acme.email=some-email-here"
  16. - "--certificatesresolvers.letsencrypt.acme.email=joshbicking@comcast.net"
  17. - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
  18. - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
  19. - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
  20. - "--entrypoints.websecure.http.tls.certResolver=letsencrypt"
  21. - "--entrypoints.websecure.http.tls.domains[0].main=jibby.org"
  22. - "--entrypoints.websecure.http.tls.domains[0].sans=*.jibby.org"
  23. - "--entrypoints.web.http.redirections.entryPoint.to=:443"
  24. - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
  25. - "--log.level=DEBUG"
  26. # debug, uncomment for testing
  27. #- "--certificatesresolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
  28. env:
  29. - name: CLOUDFLARE_EMAIL
  30. valueFrom:
  31. secretKeyRef:
  32. name: cloudflare-secrets
  33. key: email
  34. optional: false
  35. - name: CLOUDFLARE_API_KEY
  36. valueFrom:
  37. secretKeyRef:
  38. name: cloudflare-secrets
  39. key: api-key
  40. optional: false
  41. persistence:
  42. enabled: true
  43. storageClass: ceph-block
  44. # Fix for acme.json file being changed to 660 from 600
  45. podSecurityContext:
  46. fsGroup: null