Compare commits
2 Commits
6cd65eef9c
...
43dfb611d4
Author | SHA1 | Date | |
---|---|---|---|
43dfb611d4 | |||
82eb04b89c |
@ -2,4 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- release.yaml
|
||||
- traefik.values.yaml
|
||||
- ingress.yaml
|
||||
|
||||
|
28
clank/platform/traefik/traefik.values.yaml
Normal file
28
clank/platform/traefik/traefik.values.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
apiVersion: helm.cattle.io/v1
|
||||
kind: HelmChartConfig
|
||||
metadata:
|
||||
name: traefik
|
||||
namespace: kube-system
|
||||
spec:
|
||||
failurePolicy: abort
|
||||
valuesContent: |-
|
||||
service:
|
||||
enabled: true
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
"load-balancer.hetzner.cloud/name": "clank"
|
||||
# make hetzners load-balancer connect to our nodes via our private k3s
|
||||
"load-balancer.hetzner.cloud/use-private-ip": "true"
|
||||
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
|
||||
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
|
||||
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
|
||||
"load-balancer.hetzner.cloud/ipv6-disabled": "true"
|
||||
"load-balancer.hetzner.cloud/location": "fsn1"
|
||||
"load-balancer.hetzner.cloud/type": "lb11"
|
||||
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
|
||||
additionalArguments:
|
||||
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
||||
- "--entryPoints.websecure.forwardedHeaders"
|
||||
- "--providers.kubernetescrd.allowCrossNamespace=true"
|
Loading…
Reference in New Issue
Block a user