bump version

2025-11-25 21:48:13 -07:00
parent bbd382c667
commit 83eedaa96e
12 changed files with 456 additions and 43 deletions
--- a/traefik/values.yaml.gotmpl
+++ b/traefik/values.yaml.gotmpl
@@ -0,0 +1,102 @@
+deployment:
+  initContainers:
+    - name: volume-permissions
+      image: busybox:latest
+      command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
+      volumeMounts:
+        - name: data
+          mountPath: /data
+
+updateStrategy:
+  type: Recreate
+    
+env:
+ - name: HETZNER_API_KEY
+   valueFrom:
+     secretKeyRef:
+       name: hetzner-api-key
+       key: token
+
+additionalArguments:
+ - "--api.basePath=/fog/traefik"
+
+persistence:
+  enabled: true
+    
+logs:
+  format: json    
+  access:
+    enabled: true
+    format: json    
+
+service:
+  spec:
+    externalTrafficPolicy: Local
+    
+ingressRoute:
+  dashboard:
+    enabled: true
+    matchRule: Host(`fog.incngrnt.ca`) && (PathPrefix(`/fog/traefik/dashboard`) || PathPrefix(`/fog/traefik/api`))
+    entryPoints: ["websecure"]
+    middlewares:
+      - name: traefik-dashboard-auth
+    tls:
+      certResolver: letsencrypt
+
+ports:
+  websecure:
+    middlewares:
+      - traefik-rate-limit@kubernetescrd
+  web:
+    middlewares:
+      - traefik-redirectscheme@kubernetescrd      
+  ssh:
+    port: 2222
+    expose:
+      default: true
+    exposedPort: 2222
+    protocol: TCP
+    
+    
+extraObjects:
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: traefik-dashboard-auth-secret
+    type: kubernetes.io/basic-auth
+    stringData:
+      username: admin
+      password: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }}
+
+  - apiVersion: traefik.io/v1alpha1
+    kind: Middleware
+    metadata:
+      name: traefik-dashboard-auth
+    spec:
+      basicAuth:
+        secret: traefik-dashboard-auth-secret
+  - apiVersion: traefik.io/v1alpha1
+    kind: Middleware
+    metadata:
+      name: rate-limit
+    spec:
+      rateLimit:
+        average: 50
+        burst: 100
+  - apiVersion: traefik.io/v1alpha1
+    kind: Middleware
+    metadata:
+      name: redirectscheme
+    spec:
+      redirectScheme:
+        scheme: https
+        permanent: true
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      dnschallenge:
+        provider: hetzner
+        delaybeforecheck: 30
+      email: {{ requiredEnv "ACME_EMAIL" }}
+      storage: /data/acme.json