Kubernetes/k3s Rancher with Traefik for HTTP/3 - v20230709
A little update to rancher-traefik, this contains the values in it’s newest format.
Install with helm
Save this as 2023-traefik-values.yaml and adjust it for your needs:
additionalArguments: []
additionalVolumeMounts: []
affinity: {}
autoscaling:
enabled: false
certResolvers:
letsencrypt-prod:
email: support@jochum.dev
tlsChallenge: true
httpChallenge:
entryPoint: "web"
# It has to match the path with a persistent volume
storage: /data/acme.json
commonLabels: {}
deployment:
additionalContainers: []
additionalVolumes: []
annotations: {}
dnsConfig: {}
enabled: true
imagePullSecrets: []
initContainers: []
kind: Deployment
labels: {}
lifecycle: {}
minReadySeconds: 0
podAnnotations: {}
podLabels: {}
replicas: 1
shareProcessNamespace: false
terminationGracePeriodSeconds: 60
env: []
envFrom: []
experimental:
kubernetesGateway:
enabled: false
gateway:
enabled: true
plugins:
enabled: false
v3:
enabled: false
http3:
enabled: true
extraObjects: []
globalArguments: []
hostNetwork: false
image:
pullPolicy: IfNotPresent
registry: docker.io
repository: traefik
tag: v2.10.3
name: traefik
ingressClass:
enabled: true
isDefaultClass: true
ingressRoute:
dashboard:
annotations: {}
enabled: false
entryPoints:
- traefik
labels: {}
matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
middlewares: []
tls: {}
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
logs:
access:
enabled: true
fields:
general:
defaultmode: keep
names: {}
headers:
defaultmode: drop
names:
Content-Type: keep
RequestLine: keep
User-Agent: keep
filters: {}
general:
level: ERROR
metrics:
prometheus:
entryPoint: metrics
nodeSelector: {}
persistence:
accessMode: ReadWriteOnce
annotations: {}
enabled: true
name: data
path: /data
size: 128Mi
podDisruptionBudget:
enabled: false
podSecurityContext:
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityPolicy:
enabled: false
ports:
metrics:
expose: false
exposedPort: 9100
port: 9100
protocol: TCP
traefik:
expose: false
exposedPort: 9000
port: 9000
protocol: TCP
web:
expose: true
exposedPort: 80
port: 80
protocol: TCP
nodePort: 80
websecure:
expose: true
exposedPort: 443
nodePort: 443
http3:
enabled: true
advertisedPort: 443
middlewares: []
port: 443
protocol: TCP
tls:
certResolver: 'letsencrypt-prod'
domains: []
enabled: true
options: ''
priorityClassName: system-cluster-critical
providers:
kubernetesCRD:
allowCrossNamespace: false
allowEmptyServices: false
allowExternalNameServices: true
enabled: true
namespaces: []
kubernetesIngress:
allowEmptyServices: false
allowExternalNameServices: true
enabled: true
namespaces: []
publishedService:
enabled: true
rbac:
enabled: true
namespaced: false
readinessProbe:
failureThreshold: 1
initialDelaySeconds: 2
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
resources: {}
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
service:
annotations: {}
annotationsTCP: {}
annotationsUDP: {}
enabled: true
externalIPs: []
labels: {}
loadBalancerSourceRanges: []
single: true
spec: {}
type: NodePort
serviceAccount:
name: ''
serviceAccountAnnotations: {}
tlsOptions: {}
tlsStore: {}
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
topologySpreadConstraints: []
tracing: {}
updateStrategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
volumes: []
forwardedHeaders:
enabled: true
trustedIPs:
- 10.0.0.0/8
global:
cattle:
systemDefaultRegistry: ''
systemProjectId: p-g2j9j
systemDefaultRegistry: ''
proxyProtocol:
enabled: true
trustedIPs:
- 10.0.0.0/8
ssl:
enabled: true
permanentRedirect: true
Then run:
helm uninstall -n kube-system traefik
helm repo update
helm install traefik traefik/traefik -n kube-system -f 2023-traefik-values.yaml