apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: traefik namespace: kube-system spec: failurePolicy: abort valuesContent: |- logs: general: level: INFO providers: kubernetesCRD: enabled: true allowCrossNamespace: true allowExternalNameServices: true # ingressClass: traefik-internal # labelSelector: environment=production,method=traefik namespaces: - "default" - "kube-system" kubernetesIngress: enabled: true allowExternalNameServices: true allowEmptyServices: true # ingressClass: traefik-internal # labelSelector: environment=production,method=traefik namespaces: - "default" - "kube-system" # IP used for Kubernetes Ingress endpoints publishedService: enabled: true # Published Kubernetes Service to copy status from. Format: namespace/servicename # By default this Traefik service # pathOverride: "" service: enabled: true type: LoadBalancer annotations: "load-balancer.hetzner.cloud/name": "clank" # make hetzners load-balancer connect to our nodes via our private k3s "load-balancer.hetzner.cloud/use-private-ip": "true" # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet "load-balancer.hetzner.cloud/disable-private-ingress": "true" # disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044 "load-balancer.hetzner.cloud/ipv6-disabled": "true" "load-balancer.hetzner.cloud/location": "fsn1" "load-balancer.hetzner.cloud/type": "lb11" "load-balancer.hetzner.cloud/uses-proxyprotocol": "true" additionalArguments: - "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8" - "--providers.kubernetescrd.allowCrossNamespace=true"