additionalArguments: # Configure your CertificateResolver here... # # DNS Challenge # --- # Cloudflare Example: - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare - --certificatesresolvers.cloudflare.acme.email=kevin.midboe+kazan-cf@gmail.com - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1 - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json logs: # Configure log settings here... general: level: ERROR ports: # Configure your entrypoints here... web: # address: :80 # http: # (optional) Permanent Redirect to HTTPS redirectTo: port: websecure websecure: tls: enabled: true # (optional) Set a Default CertResolver certResolver: cloudflare env: # Set your environment variables here... # # DNS Challenge Credentials # --- # Cloudflare Example: - name: CF_API_EMAIL valueFrom: secretKeyRef: key: email name: cloudflare-credentials - name: CF_API_KEY valueFrom: secretKeyRef: key: apiKey name: cloudflare-credentials # Disable Dashboard ingressRoute: dashboard: enabled: false # Persistent Storage persistence: enabled: true name: ssl-certs accessMode: ReadWriteOnce size: 1Gi storageClass: nfs-csi path: /ssl-certs deployment: initContainers: # The "volume-permissions" init container is required if you run into permission issues. # Related issue: https://github.com/containous/traefik/issues/6972 - name: volume-permissions image: busybox:1.31.1 command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"] volumeMounts: - name: ssl-certs mountPath: /ssl-certs # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes. ingressClass: enabled: true isDefaultClass: true # Set the container security context # To run the container with ports below 1024 this will need to be adjust to run as root securityContext: capabilities: drop: [ALL] readOnlyRootFilesystem: false runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 podSecurityContext: fsGroup: 65532