--- # Source: traefik/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: traefik-inter labels: app.kubernetes.io/name: traefik-inter app.kubernetes.io/instance: traefik-inter annotations: spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: traefik-inter app.kubernetes.io/instance: traefik-inter strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 1 minReadySeconds: 0 template: metadata: annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "9100" labels: app.kubernetes.io/name: traefik-inter app.kubernetes.io/instance: traefik-inter spec: serviceAccountName: traefik terminationGracePeriodSeconds: 60 hostNetwork: false containers: - image: "traefik:2.8.4" imagePullPolicy: IfNotPresent name: traefik-inter resources: readinessProbe: httpGet: path: /ping port: 9000 failureThreshold: 1 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 livenessProbe: httpGet: path: /ping port: 9000 failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 ports: - name: "admin" containerPort: 8080 protocol: "TCP" - name: "metrics" containerPort: 9100 protocol: "TCP" - name: "traefik" containerPort: 9000 protocol: "TCP" - name: "web" containerPort: 8000 protocol: "TCP" - name: "websecure" containerPort: 8443 protocol: "TCP" securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 volumeMounts: - name: data mountPath: /certs - name: tmp mountPath: /tmp args: - "--global.checknewversion" - "--entrypoints.admin.address=:8080/tcp" - "--entrypoints.metrics.address=:9100/tcp" - "--entrypoints.traefik.address=:9000/tcp" - "--entrypoints.web.address=:8000/tcp" - "--entrypoints.websecure.address=:8443/tcp" - "--api.dashboard=true" - "--api.insecure=true" - "--ping=true" - "--metrics.prometheus=true" - "--metrics.prometheus.entrypoint=metrics" - "--providers.kubernetescrd" - "--providers.kubernetesingress" - "--providers.kubernetescrd.ingressclass=traefik-inter" - "--providers.kubernetesingress.ingressclass=traefik-inter" - "--entrypoints.web.http.redirections.entryPoint.to=:443" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - "--log.level=DEBUG" - "--accesslog=true" - "--entrypoints.websecure.http.tls=true" - "--entrypoints.websecure.http.tls.certresolver=letsencrypt" - "--entrypoints.websecure.http.tls.domains[0].main=beta.entos" - "--entrypoints.websecure.http.tls.domains[0].sans=*.beta.entos" - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=ovh" - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1" - "--certificatesresolvers.letsencrypt.acme.email=tanguy.herbron@outlook.com" - "--certificatesresolvers.letsencrypt.acme.storage=/certs/acme.json" env: - name: OVH_APPLICATION_KEY valueFrom: secretKeyRef: key: appKey name: ovh-api-credentials - name: OVH_APPLICATION_SECRET valueFrom: secretKeyRef: key: appSecret name: ovh-api-credentials - name: OVH_CONSUMER_KEY valueFrom: secretKeyRef: key: consumerKey name: ovh-api-credentials - name: OVH_ENDPOINT valueFrom: secretKeyRef: key: endpoint name: ovh-api-credentials volumes: - name: data persistentVolumeClaim: claimName: traefik-inter - name: tmp emptyDir: {} securityContext: fsGroup: 65532