--- apiVersion: apps/v1 kind: Deployment metadata: name: traefik labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik spec: replicas: 2 selector: matchLabels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 1 minReadySeconds: 0 template: metadata: annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "9100" labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik spec: topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app.kubernetes.io/name: traefik serviceAccountName: traefik terminationGracePeriodSeconds: 60 hostNetwork: true containers: - image: "traefik:3.2.1" imagePullPolicy: IfNotPresent name: traefik resources: readinessProbe: httpGet: path: /ping port: 9000 failureThreshold: 1 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 livenessProbe: httpGet: path: /ping port: 9000 failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 ports: - name: "admin" containerPort: 8080 protocol: "TCP" - name: "metrics" containerPort: 9100 protocol: "TCP" - name: "minecrafttcp" containerPort: 25565 protocol: "TCP" - name: "traefik" containerPort: 9000 protocol: "TCP" - name: "web" containerPort: 8000 protocol: "TCP" - name: "websecure" containerPort: 8443 protocol: "TCP" securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 volumeMounts: - name: data mountPath: /certs - name: tmp mountPath: /tmp args: - "--entrypoints.admin.address=:8080/tcp" - "--entrypoints.metrics.address=:9100/tcp" - "--entrypoints.minecrafttcp.address=:25565/tcp" - "--entrypoints.traefik.address=:9000/tcp" - "--entrypoints.web.address=:8000/tcp" - "--entrypoints.websecure.address=:8443/tcp" #- "--entryPoints.web.proxyProtocol.insecure=true" #- "--entryPoints.web.forwardedHeaders.insecure=true" - "--entryPoints.web.proxyProtocol.trustedIPs=10.20.0.0/24,51.15.80.73/32,192.168.113.0/24" - "--entryPoints.web.forwardedHeaders.trustedIPs=10.20.0.0/24,51.15.80.73/32,192.168.113.0/24" #- "--entryPoints.websecure.proxyProtocol.insecure=true" #- "--entryPoints.websecure.forwardedHeaders.insecure=true" - "--entryPoints.websecure.proxyProtocol.trustedIPs=10.20.0.0/24,51.15.80.73/32,192.168.113.0/24" - "--entryPoints.websecure.forwardedHeaders.trustedIPs=10.20.0.0/24,51.15.80.73/32,192.168.113.0/24" - "--api.dashboard=true" - "--ping=true" - "--metrics.prometheus=true" - "--metrics.prometheus.entrypoint=metrics" - "--providers.kubernetescrd" - "--providers.kubernetesingress" - "--entrypoints.web.http.redirections.entryPoint.to=:443" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - "--log.level=DEBUG" - "--accesslog=true" - "--entrypoints.websecure.http.tls=true" - "--entrypoints.websecure.http.tls.certresolver=letsencrypt" - "--entrypoints.websecure.http.tls.domains[0].sans=*.halis.io" - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=ovh" - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1" - "--certificatesresolvers.letsencrypt.acme.email=tanguy.herbron@outlook.com" - "--certificatesresolvers.letsencrypt.acme.storage=/certs/acme.json" env: - name: OVH_APPLICATION_KEY valueFrom: secretKeyRef: key: appKey name: ovh-api-credentials - name: OVH_APPLICATION_SECRET valueFrom: secretKeyRef: key: appSecret name: ovh-api-credentials - name: OVH_CONSUMER_KEY valueFrom: secretKeyRef: key: consumerKey name: ovh-api-credentials - name: OVH_ENDPOINT valueFrom: secretKeyRef: key: endpoint name: ovh-api-credentials volumes: - name: data persistentVolumeClaim: claimName: traefik - name: tmp emptyDir: {} securityContext: fsGroup: 65532