kind: Deployment apiVersion: apps/v1 metadata: name: traefik-deployment namespace: traefik labels: app: traefik spec: replicas: 1 selector: matchLabels: app: traefik template: metadata: labels: app: traefik spec: # serviceAccountName: traefik-account serviceAccountName: traefik-ingress-controller containers: - name: traefik image: traefik:latest args: - --api.insecure - --log.level=DEBUG # access log - https://doc.traefik.io/traefik/observability/access-logs/#limiting-the-fieldsincluding-headers - --accesslog.filepath=/root/traefik/access.log - --accesslog.fields.headers.names.X-Forwarded-For=keep - --accesslog.fields.headers.names.User-Agent=keep # - --providers.kubernetesingress # - --providers.kubernetesingress.allowexternalnameservices=true - --providers.kubernetescrd - --providers.kubernetescrd.allowCrossNamespace=true - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 # Get real client IP using proxy protocol # https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol - --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16 - --entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.2.0.0/16,172.233.0.0/16 # Get real client IP from X-Forwarded-For # - --entrypoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.2.0.0/16 # - --entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,172.233.168.36/32 - --certificatesresolvers.le.acme.email=learn@akamai.com - --certificatesresolvers.le.acme.storage=acme.json - --certificatesresolvers.le.acme.tlschallenge=true - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # - --certificatesresolvers.le.acme.caServer=https://acme-v02.api.letsencrypt.org/directory # change caServer to production https://acme-v02.api.letsencrypt.org/directory ports: - name: web containerPort: 80 - name: websecure containerPort: 443 - name: dashboard containerPort: 8080