2022-01-05 15:04:22 +01:00
|
|
|
apiVersion: helm.cattle.io/v1
|
|
|
|
kind: HelmChartConfig
|
|
|
|
metadata:
|
|
|
|
name: traefik
|
|
|
|
namespace: kube-system
|
|
|
|
spec:
|
|
|
|
valuesContent: |-
|
|
|
|
service:
|
|
|
|
enabled: true
|
|
|
|
type: LoadBalancer
|
|
|
|
annotations:
|
|
|
|
"load-balancer.hetzner.cloud/name": "traefik"
|
2022-02-16 10:56:22 +01:00
|
|
|
# make hetzners load-balancer connect to our nodes via our private k3s
|
2022-01-05 15:04:22 +01:00
|
|
|
"load-balancer.hetzner.cloud/use-private-ip": "true"
|
2022-02-16 10:56:22 +01:00
|
|
|
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
|
2022-01-25 15:05:29 +01:00
|
|
|
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
|
|
|
|
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
|
2022-02-26 12:10:50 +01:00
|
|
|
"load-balancer.hetzner.cloud/ipv6-disabled": "${load_balancer_disable_ipv6}"
|
2022-01-05 15:04:22 +01:00
|
|
|
"load-balancer.hetzner.cloud/location": "${location}"
|
2022-02-26 12:10:50 +01:00
|
|
|
"load-balancer.hetzner.cloud/type": "${load_balancer_type}"
|
2022-01-05 15:04:22 +01:00
|
|
|
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
|
|
|
|
additionalArguments:
|
|
|
|
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
|
|
|
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
|
|
|
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
2022-01-25 15:05:29 +01:00
|
|
|
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
|
2022-03-05 10:59:20 +01:00
|
|
|
%{ for option in traefik_additional_options ~}
|
2022-03-04 15:02:54 +01:00
|
|
|
- "${option}"
|
|
|
|
%{ endfor ~}
|
2022-02-01 23:32:10 +01:00
|
|
|
%{ if traefik_acme_tls ~}
|
2022-02-02 23:44:46 +01:00
|
|
|
- "--certificatesresolvers.le.acme.tlschallenge=true"
|
2022-02-01 23:32:10 +01:00
|
|
|
- "--certificatesresolvers.le.acme.email=${traefik_acme_email}"
|
|
|
|
- "--certificatesresolvers.le.acme.storage=/data/acme.json"
|
|
|
|
%{ endif ~}
|