apiVersion: apps/v1 kind: Deployment metadata: name: traefik namespace: traefik spec: minReadySeconds: 0 replicas: 1 selector: matchLabels: app: traefik strategy: type: RollingUpdate template: metadata: annotations: prometheus.io/path: /metrics prometheus.io/port: "9100" prometheus.io/scrape: "true" labels: app: traefik spec: containers: - resources: limits: cpu: "0.1" memory: "512Mi" name: traefik args: - --global.sendanonymoususage=false - --global.checknewversion=false - --entrypoints.metrics.address=:9100/tcp - --entrypoints.traefik.address=:9000/tcp - --entrypoints.dns.address=:53/udp - --entrypoints.web-local.address=:80/tcp - --entrypoints.web-local.http.redirections.entrypoint.to=websecure-local - --entrypoints.web-local.http.redirections.entrypoint.scheme=https - --entrypoints.websecure-local.address=:443/tcp - --entrypoints.websecure-local.http.middlewares=traefik-no-auth-chain - --entrypoints.websecure-local.http.tls=true - --entryPoints.websecure-local.http.tls.certResolver=default # - --entrypoints.websecure-local.transport.respondingTimeouts.readTimeout=300 # - --entrypoints.websecure-local.transport.respondingTimeouts.idleTimeout=0 - --entrypoints.websecure-front.address=:8443/tcp - --entrypoints.websecure-front.http.middlewares=traefik-no-auth-chain - --entrypoints.websecure-front.http.tls=true - --entryPoints.websecure-front.http.tls.certResolver=default # - --entrypoints.websecure-front.transport.respondingTimeouts.readTimeout=300 # - --entrypoints.websecure-front.transport.respondingTimeouts.idleTimeout=0 - --certificatesResolvers.default.acme.caServer=https://acme-v02.api.letsencrypt.org/directory - --certificatesResolvers.default.acme.email=steffen.illium@gmail.com - --certificatesResolvers.default.acme.dnsChallenge.provider=ionos - --certificatesResolvers.default.acme.storage=/certs/acme.json - --api.dashboard=true - --ping=true - --metrics.prometheus=true - --metrics.prometheus.entrypoint=metrics - --providers.kubernetescrd # - --providers.kubernetescrd.labelSelector=local=true - --providers.kubernetescrd.allowExternalNameServices=true - --accesslog=true # - --accesslog.fields.defaultmode=keep # - --accesslog.fields.headers.defaultmode=drop # - --serversTransport.insecureSkipVerify=false - --log.level=INFO env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: IONOS_API_KEY valueFrom: secretKeyRef: name: ionos-secret key: IONOS_API_KEY image: docker.io/traefik:latest imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: 9000 scheme: HTTP initialDelaySeconds: 2 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 9100 name: metrics protocol: TCP - containerPort: 9000 name: traefik protocol: TCP - containerPort: 80 name: web-local protocol: TCP - containerPort: 443 name: websecure-local protocol: TCP - containerPort: 8443 name: websecure-front protocol: TCP readinessProbe: failureThreshold: 1 httpGet: path: /ping port: 9000 scheme: HTTP initialDelaySeconds: 2 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE readOnlyRootFilesystem: true volumeMounts: - mountPath: /certs name: traefik subPath: certs - mountPath: /data name: traefik subPath: data - mountPath: /tmp name: traefik subPath: tmp serviceAccountName: traefik terminationGracePeriodSeconds: 60 volumes: - name: traefik persistentVolumeClaim: claimName: traefik