akamai
/
akashop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

modified: traefik/traefik-deployment.yml

This commit is contained in:
Sangmin Kim 2024-04-29 18:08:50 +09:00
parent b194736d7c
commit b5cd9207d6
2 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
akashop/traefik-ingressR.yml
View File

@ -5,8 +5,8 @@ metadata:
namespace: akashop namespace: akashop
spec: spec:
rateLimit: rateLimit:
average: 5 average: 30
burst: 10 burst: 50
--- ---

22
traefik/traefik-deployment.yml
View File

@ -23,19 +23,35 @@ spec:
image: traefik:latest image: traefik:latest
args: args:
- --api.insecure - --api.insecure
- --accesslog
- --log.level=DEBUG - --log.level=DEBUG
# access log - https://doc.traefik.io/traefik/observability/access-logs/#limiting-the-fieldsincluding-headers
- --accesslog.filepath=/root/traefik/access.log
- --accesslog.fields.headers.names.X-Forwarded-For=keep
- --accesslog.fields.headers.names.User-Agent=keep
# - --providers.kubernetesingress # - --providers.kubernetesingress
# - --providers.kubernetesingress.allowexternalnameservices=true # - --providers.kubernetesingress.allowexternalnameservices=true
- --providers.kubernetescrd - --providers.kubernetescrd
- --providers.kubernetescrd.allowCrossNamespace=true - --providers.kubernetescrd.allowCrossNamespace=true
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443
# Get real client IP using proxy protocol
# https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol
- --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16
- --entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16
# Get real client IP from X-Forwarded-For
# - --entrypoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.2.0.0/16
# - --entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,172.233.168.36/32
- --certificatesresolvers.le.acme.email=learn@akamai.com - --certificatesresolvers.le.acme.email=learn@akamai.com
- --certificatesresolvers.le.acme.storage=acme.json - --certificatesresolvers.le.acme.storage=acme.json
- --certificatesresolvers.le.acme.tlschallenge=true - --certificatesresolvers.le.acme.tlschallenge=true
# - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory # - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
# change caServer to production https://acme-v02.api.letsencrypt.org/directory # change caServer to production https://acme-v02.api.letsencrypt.org/directory
ports: ports:
- name: web - name: web