terraform-hcloud-kube-hetzner/templates/traefik_config.yaml.tpl

34 lines
1.6 KiB
Smarty
Raw Normal View History

2022-01-05 15:04:22 +01:00
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
service:
enabled: true
type: LoadBalancer
annotations:
"load-balancer.hetzner.cloud/name": "traefik"
2022-02-16 10:56:22 +01:00
# make hetzners load-balancer connect to our nodes via our private k3s
2022-01-05 15:04:22 +01:00
"load-balancer.hetzner.cloud/use-private-ip": "true"
2022-02-16 10:56:22 +01:00
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
"load-balancer.hetzner.cloud/ipv6-disabled": "${load_balancer_disable_ipv6}"
2022-01-05 15:04:22 +01:00
"load-balancer.hetzner.cloud/location": "${location}"
"load-balancer.hetzner.cloud/type": "${load_balancer_type}"
2022-01-05 15:04:22 +01:00
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
additionalArguments:
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
2022-03-05 10:59:20 +01:00
%{ for option in traefik_additional_options ~}
2022-03-04 15:02:54 +01:00
- "${option}"
%{ endfor ~}
%{ if traefik_acme_tls ~}
- "--certificatesresolvers.le.acme.tlschallenge=true"
- "--certificatesresolvers.le.acme.email=${traefik_acme_email}"
- "--certificatesresolvers.le.acme.storage=/data/acme.json"
%{ endif ~}