djpbessems/GitOps.Rancher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update lab-rke2-001/values.yaml

Browse Source
This commit is contained in:
Danny Bessems
2026-01-09 05:35:37 +00:00
parent f13a92c4e7
commit 5e87ddfc08
1 changed files with 161 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
test-rke2-001/values.yaml → lab-rke2-001/values.yaml
View File

@@ -24,17 +24,167 @@ cluster:
enableNetworkPolicy: true enableNetworkPolicy: true
localClusterAuthEndpoint: localClusterAuthEndpoint:
enabled: false enabled: false
# additionalManifests: |- additionalManifests: |-
# apiVersion: v1 apiVersion: helm.cattle.io/v1
# kind: Pod kind: HelmChart
# metadata: metadata:
# name: example-manifest name: traefik
# spec: namespace: kube-system
# containers: spec:
# - name: example chart: traefik
# image: example:1.0.0 repo: https://traefik.github.io/charts
# ports: set:
# - containerPort: 80 global.clusterCIDR: 10.42.0.0/16
global.clusterCIDRv4: 10.42.0.0/16
global.clusterDNS: 10.43.0.10
global.clusterDomain: cluster.local
global.rke2DataDir: /var/lib/rancher/rke2
global.serviceCIDR: 10.43.0.0/16
global.systemDefaultIngressClass: ingress-nginx
targetNamespace: kube-system
valuesContent: |-
core:
defaultRuleSyntax: v2
additionalArguments:
- "--providers.file.directory=/etc/traefik/dynamic"
- "--providers.file.watch=true"
- "--entryPoints.websecure.transport.respondingTimeouts.readTimeout=300s"
certificatesResolvers:
default:
acme:
email: letsencrypt.org.danny@spamasaurus.com
storage: /data/acme.json
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 5m0s
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
deployment:
initContainers:
- name: volume-permissions
image: busybox:latest
command:
[
"sh",
"-c",
"touch /data/acme.json; chown 65532 /data/acme.json; chmod -v 600 /data/acme.json",
]
securityContext:
runAsNonRoot: false
runAsGroup: 0
runAsUser: 0
volumeMounts:
- name: traefik-data
mountPath: /data
env:
- name: CF_API_EMAIL
valueFrom:
secretKeyRef:
name: traefik-cloudflare
key: CF_API_EMAIL
- name: CF_API_KEY
valueFrom:
secretKeyRef:
name: traefik-cloudflare
key: CF_API_KEY
extraObjects:
- apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-file-provider
namespace: kube-system
data:
config.yml: |
http:
middlewares:
2fa-authentication:
forwardAuth:
address: "https://auth.spamasaurus.com/api/verify?rd=https://auth.spamasaurus.com/"
trustForwardHeader: true
security-headers:
headers:
forceSTSHeader: true
stsSeconds: 315360000
stsIncludeSubdomains: true
stsPreload: true
tls:
options:
defaults:
minVersion: VersionTLS12
sniStrict: false
curvePreferences:
- secp521r1
- secp384r1
- secp256r1
cipherSuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_FALLBACK_SCSV
ingressRoute:
dashboard:
enabled: true
entryPoints:
- websecure
matchRule: Host(`ingress.lab.spamasaurus.com`)
middlewares:
- name: 2fa-authentication@file
- name: security-headers@file
logs:
general:
level: INFO
persistence:
enabled: true
name: traefik-data
path: /data
ports:
web:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
forwardedHeaders:
insecure: true
tls:
options: defaults@file
certResolver: default
domains:
- main: '*.pvr.spamasaurus.com'
- main: '*.lab.spamasaurus.com'
- main: '*.spamasaurus.com'
sans:
- 'spamasaurus.com'
- main: '*.bessems.com'
sans:
- 'bessems.com'
- main: '*.bessems.eu'
sans:
- 'bessems.eu'
- main: '*.gabaldon.eu'
sans:
- 'gabaldon.eu'
- main: '*.gabaldon.nl'
sans:
- 'gabaldon.nl'
- main: '*.itch.fyi'
sans:
- 'itch.fyi'
updateStrategy:
type: Recreate
rollingUpdate: null
volumes:
- name: traefik-file-provider
type: configMap
mountPath: /etc/traefik/dynamic
# agentEnvVars: # agentEnvVars:
# - name: A # - name: A
# value: B # value: B