kubedeploy-k3s/infrastructure/03-traefik/overlay-external/patches/traefik-deployment-patch.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: traefik
  namespace: traefik
spec:
  template:
    spec:
      hostNetwork: false
      containers:
        - name: traefik
          env:
            - name: IONOS_API_KEY
              valueFrom:
                secretKeyRef:
                  name: dc-secret
                  key: IONOS_API_KEY
          args:
            - --serversTransport.insecureSkipVerify=false
            # Shared
            - --global.sendanonymoususage=false
            - --global.checknewversion=false
            - --entrypoints.dns.address=:53/udp
            - --entrypoints.metrics.address=:9100/tcp
            - --entrypoints.traefik.address=:9000/tcp
            - --entrypoints.web.address=:8000/tcp
            - --entrypoints.web.http.redirections.entryPoint.to=websecure
            - --entrypoints.web.http.redirections.entryPoint.scheme=https
            - --entrypoints.websecure.address=:8443/tcp
            - --entrypoints.websecure.http.middlewares=traefik-default-headers
            - --entrypoints.websecure.http.tls=true
            - --entrypoints.websecure.http.tls.certResolver=default
            - --entrypoints.websecure.http.tls.domains.main="steffenillium.de"
            - --entrypoints.websecure.http.tls.domains.sans="*.steffenillium.de"

            - --api.dashboard=false
            - --ping=true
            - --metrics.prometheus=true
            - --metrics.prometheus.entrypoint=metrics
            - --providers.kubernetescrd
            - --providers.kubernetescrd.labelSelector=expose=true
            - --providers.kubernetescrd.allowExternalNameServices=true
            - --providers.kubernetescrd.allowCrossNamespace=false

            - --log.level=WARN
            - --accesslog=true
            - --accesslog.fields.defaultmode=keep
            - --accesslog.fields.headers.defaultmode=drop

            - --certificatesResolvers.default.acme.email=steffen.illium@gmail.com
            - --certificatesResolvers.default.acme.dnsChallenge.provider=ionos
            - --certificatesResolvers.default.acme.storage=/certs/acme.json
            - --certificatesResolvers.default.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
          volumeMounts:
            - mountPath: /certs
              name: traefik-pvc
              subPath: certs
            - mountPath: /data
              name: traefik-pvc
              subPath: data
            - mountPath: /tmp
              name: traefik-pvc
              subPath: tmp
          resources: {}
      volumes:
      - name: traefik-pvc
        persistentVolumeClaim:
          claimName: traefik-pvc