From 82eb04b89ca11e1fdaf251a773ba9b42cd2d0b00 Mon Sep 17 00:00:00 2001 From: kjuulh Date: Mon, 9 May 2022 16:42:54 +0200 Subject: [PATCH] Add helm chart config again --- clank/platform/traefik/traefik.values.yaml | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 clank/platform/traefik/traefik.values.yaml diff --git a/clank/platform/traefik/traefik.values.yaml b/clank/platform/traefik/traefik.values.yaml new file mode 100644 index 0000000..e3e2feb --- /dev/null +++ b/clank/platform/traefik/traefik.values.yaml @@ -0,0 +1,28 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: traefik + namespace: kube-system +spec: + failurePolicy: abort + valuesContent: |- + service: + enabled: true + type: LoadBalancer + annotations: + "load-balancer.hetzner.cloud/name": "clank" + # make hetzners load-balancer connect to our nodes via our private k3s + "load-balancer.hetzner.cloud/use-private-ip": "true" + # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet + "load-balancer.hetzner.cloud/disable-private-ingress": "true" + # disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044 + "load-balancer.hetzner.cloud/ipv6-disabled": "true" + "load-balancer.hetzner.cloud/location": "fsn1" + "load-balancer.hetzner.cloud/type": "lb11" + "load-balancer.hetzner.cloud/uses-proxyprotocol": "true" + additionalArguments: + - "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8" + - "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8" + - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8" + - "--entryPoints.websecure.forwardedHeaders" + - "--providers.kubernetescrd.allowCrossNamespace=true"