kubernetes-state/infrastructure/traefik/helmconfig.yaml

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  failurePolicy: abort
  valuesContent: |
    logs:
      general:
        level: INFO
    providers:
      kubernetesCRD:
        enabled: true
        allowCrossNamespace: true
        allowExternalNameServices: true
        # ingressClass: traefik-internal
        # labelSelector: environment=production,method=traefik
        namespaces:
          - "default"
          - "kube-system"
      kubernetesIngress:
        enabled: true
        allowExternalNameServices: true
        allowEmptyServices: true
        # ingressClass: traefik-internal
        # labelSelector: environment=production,method=traefik
        namespaces: 
          - "default"
          - "kube-system"
        # IP used for Kubernetes Ingress endpoints
        publishedService:
          enabled: true
          # Published Kubernetes Service to copy status from. Format: namespace/servicename
          # By default this Traefik service
          # pathOverride: ""
    service:
      enabled: true
      type: LoadBalancer
      annotations:
        "load-balancer.hetzner.cloud/name": "clank"
        # make hetzners load-balancer connect to our nodes via our private k3s
        "load-balancer.hetzner.cloud/use-private-ip": "true"
        # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
        "load-balancer.hetzner.cloud/disable-private-ingress": "true"
        # disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
        "load-balancer.hetzner.cloud/ipv6-disabled": "true"
        "load-balancer.hetzner.cloud/location": "fsn1"
        "load-balancer.hetzner.cloud/type": "lb11"
        "load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
    additionalArguments:
      - "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
      - "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
      - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
      - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
      - "--providers.kubernetescrd.allowCrossNamespace=true"
Added traefik config 2022-06-04 14:55:22 +02:00			`apiVersion: helm.cattle.io/v1`
			`kind: HelmChartConfig`
			`metadata:`
			`name: traefik`
			`namespace: kube-system`
			`spec:`
			`failurePolicy: abort`
Without linebreaks 2022-06-04 14:56:52 +02:00			`valuesContent: \|`
Added traefik config 2022-06-04 14:55:22 +02:00			`logs:`
			`general:`
			`level: INFO`
			`providers:`
			`kubernetesCRD:`
			`enabled: true`
			`allowCrossNamespace: true`
			`allowExternalNameServices: true`
			`# ingressClass: traefik-internal`
			`# labelSelector: environment=production,method=traefik`
			`namespaces:`
			`- "default"`
			`- "kube-system"`
			`kubernetesIngress:`
			`enabled: true`
			`allowExternalNameServices: true`
			`allowEmptyServices: true`
			`# ingressClass: traefik-internal`
			`# labelSelector: environment=production,method=traefik`
			`namespaces:`
			`- "default"`
			`- "kube-system"`
			`# IP used for Kubernetes Ingress endpoints`
			`publishedService:`
			`enabled: true`
			`# Published Kubernetes Service to copy status from. Format: namespace/servicename`
			`# By default this Traefik service`
			`# pathOverride: ""`
			`service:`
			`enabled: true`
			`type: LoadBalancer`
			`annotations:`
			`"load-balancer.hetzner.cloud/name": "clank"`
			`# make hetzners load-balancer connect to our nodes via our private k3s`
			`"load-balancer.hetzner.cloud/use-private-ip": "true"`
			`# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet`
			`"load-balancer.hetzner.cloud/disable-private-ingress": "true"`
			`# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044`
			`"load-balancer.hetzner.cloud/ipv6-disabled": "true"`
			`"load-balancer.hetzner.cloud/location": "fsn1"`
			`"load-balancer.hetzner.cloud/type": "lb11"`
			`"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"`
			`additionalArguments:`
			`- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"`
			`- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"`
			`- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"`
			`- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"`
			`- "--providers.kubernetescrd.allowCrossNamespace=true"`