--- # Source: traefik/templates/rbac/serviceaccount.yaml kind: ServiceAccount apiVersion: v1 metadata: name: traefik namespace: default labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default helm.sh/chart: traefik-26.0.0 app.kubernetes.io/managed-by: Helm annotations: --- # Source: traefik/templates/rbac/clusterrole.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: traefik-default labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default helm.sh/chart: traefik-26.0.0 app.kubernetes.io/managed-by: Helm rules: - apiGroups: - extensions - networking.k8s.io resources: - ingressclasses - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - services - endpoints - secrets verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - traefik.io - traefik.containo.us resources: - ingressroutes - ingressroutetcps - ingressrouteudps - middlewares - middlewaretcps - tlsoptions - tlsstores - traefikservices - serverstransports verbs: - get - list - watch --- # Source: traefik/templates/rbac/clusterrolebinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: traefik-default labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default helm.sh/chart: traefik-26.0.0 app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-default subjects: - kind: ServiceAccount name: traefik namespace: default --- # Source: traefik/templates/service.yaml apiVersion: v1 kind: Service metadata: name: traefik namespace: default labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default helm.sh/chart: traefik-26.0.0 app.kubernetes.io/managed-by: Helm annotations: spec: type: LoadBalancer selector: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default ports: - port: 80 name: "web" targetPort: web protocol: TCP - port: 443 name: "websecure" targetPort: websecure protocol: TCP --- # Source: traefik/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: traefik namespace: default labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default helm.sh/chart: traefik-26.0.0 app.kubernetes.io/managed-by: Helm annotations: spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate minReadySeconds: 0 template: metadata: annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "9100" labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default helm.sh/chart: traefik-26.0.0 app.kubernetes.io/managed-by: Helm spec: serviceAccountName: traefik terminationGracePeriodSeconds: 60 hostNetwork: false containers: - image: docker.io/traefik:v2.10.6 imagePullPolicy: IfNotPresent name: traefik resources: readinessProbe: httpGet: path: /ping port: 9000 scheme: HTTP failureThreshold: 1 initialDelaySeconds: 2 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 livenessProbe: httpGet: path: /ping port: 9000 scheme: HTTP failureThreshold: 3 initialDelaySeconds: 2 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 lifecycle: ports: - name: "metrics" containerPort: 9100 protocol: "TCP" - name: "traefik" containerPort: 9000 protocol: "TCP" - name: "web" containerPort: 8000 protocol: "TCP" - name: "websecure" containerPort: 8443 protocol: "TCP" securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - name: data mountPath: /data - name: tmp mountPath: /tmp args: - "--global.checknewversion" - "--global.sendanonymoususage" - "--entrypoints.metrics.address=:9100/tcp" - "--entrypoints.traefik.address=:9000/tcp" - "--entrypoints.web.address=:8000/tcp" - "--entrypoints.websecure.address=:8443/tcp" - "--api.dashboard=true" - "--ping=true" - "--metrics.prometheus=true" - "--metrics.prometheus.entrypoint=metrics" - "--providers.kubernetescrd" - "--providers.kubernetesingress" - "--entrypoints.websecure.http.tls=true" env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumes: - name: data emptyDir: {} - name: tmp emptyDir: {} securityContext: fsGroupChangePolicy: OnRootMismatch runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 --- # Source: traefik/templates/ingressclass.yaml apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: annotations: ingressclass.kubernetes.io/is-default-class: "true" labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default helm.sh/chart: traefik-26.0.0 app.kubernetes.io/managed-by: Helm name: traefik spec: controller: traefik.io/ingress-controller --- # Source: traefik/templates/dashboard-ingressroute.yaml apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: traefik-dashboard namespace: default annotations: labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-default helm.sh/chart: traefik-26.0.0 app.kubernetes.io/managed-by: Helm spec: entryPoints: - traefik routes: - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) kind: Rule services: - name: api@internal kind: TraefikService