modified: traefik/traefik-deployment.yml
This commit is contained in:
parent
b194736d7c
commit
b5cd9207d6
|
@ -5,8 +5,8 @@ metadata:
|
||||||
namespace: akashop
|
namespace: akashop
|
||||||
spec:
|
spec:
|
||||||
rateLimit:
|
rateLimit:
|
||||||
average: 5
|
average: 30
|
||||||
burst: 10
|
burst: 50
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -23,19 +23,35 @@ spec:
|
||||||
image: traefik:latest
|
image: traefik:latest
|
||||||
args:
|
args:
|
||||||
- --api.insecure
|
- --api.insecure
|
||||||
- --accesslog
|
|
||||||
- --log.level=DEBUG
|
- --log.level=DEBUG
|
||||||
|
|
||||||
|
# access log - https://doc.traefik.io/traefik/observability/access-logs/#limiting-the-fieldsincluding-headers
|
||||||
|
- --accesslog.filepath=/root/traefik/access.log
|
||||||
|
- --accesslog.fields.headers.names.X-Forwarded-For=keep
|
||||||
|
- --accesslog.fields.headers.names.User-Agent=keep
|
||||||
|
|
||||||
# - --providers.kubernetesingress
|
# - --providers.kubernetesingress
|
||||||
# - --providers.kubernetesingress.allowexternalnameservices=true
|
# - --providers.kubernetesingress.allowexternalnameservices=true
|
||||||
- --providers.kubernetescrd
|
- --providers.kubernetescrd
|
||||||
- --providers.kubernetescrd.allowCrossNamespace=true
|
- --providers.kubernetescrd.allowCrossNamespace=true
|
||||||
|
|
||||||
- --entrypoints.web.address=:80
|
- --entrypoints.web.address=:80
|
||||||
- --entrypoints.websecure.address=:443
|
- --entrypoints.websecure.address=:443
|
||||||
|
|
||||||
|
# Get real client IP using proxy protocol
|
||||||
|
# https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol
|
||||||
|
- --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16
|
||||||
|
- --entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16
|
||||||
|
|
||||||
|
# Get real client IP from X-Forwarded-For
|
||||||
|
# - --entrypoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.2.0.0/16
|
||||||
|
# - --entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,172.233.168.36/32
|
||||||
|
|
||||||
- --certificatesresolvers.le.acme.email=learn@akamai.com
|
- --certificatesresolvers.le.acme.email=learn@akamai.com
|
||||||
- --certificatesresolvers.le.acme.storage=acme.json
|
- --certificatesresolvers.le.acme.storage=acme.json
|
||||||
- --certificatesresolvers.le.acme.tlschallenge=true
|
- --certificatesresolvers.le.acme.tlschallenge=true
|
||||||
# - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
- --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
|
# - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
|
||||||
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
|
# change caServer to production https://acme-v02.api.letsencrypt.org/directory
|
||||||
ports:
|
ports:
|
||||||
- name: web
|
- name: web
|
||||||
|
|
Loading…
Reference in New Issue