Update traefik role

templates/default-network-dns-policy.yaml.j2

@@ -0,0 +1,46 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: intra-namespace
+spec:
+  podSelector: {}
+  ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            name: {{ traefik_namespace }}
+
+#---
+#apiVersion: networking.k8s.io/v1
+#kind: NetworkPolicy
+#metadata:
+#  name: allow-dns-access
+#spec:
+#  podSelector:
+#    matchLabels: {}
+#  policyTypes:
+#  - Egress
+#  egress:
+#  - to:
+#    - namespaceSelector:
+#        matchLabels:
+#          kubernetes.io/metadata.name: kube-system
+#      podSelector:
+#        matchLabels:
+#          k8s-app: kube-dns
+#    ports:
+#    - protocol: UDP
+#      port: 53
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-traefik-v121-ingress
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: traefik
+  ingress:
+  - {}
+  policyTypes:
+  - Ingress

templates/traefik-helm-value.yaml.j2

@@ -140,11 +140,10 @@ metrics:
 #             severity: warning
 #           annotations:
 #             summary: "Traefik Down"
-#             description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
+#             description: "{% raw %}{{ $labels.pod }} on {{ $labels.nodename }} is down{% endraw %}"
 experimental:
-  plugins:
-    enabled: true
 {% if traefik_ondemand is defined %}
+  plugins:
     sablier:
       moduleName: "github.com/acouvreur/sablier"
       version: "v1.7.0"
@@ -155,3 +154,10 @@ experimental:
   hub:
     enabled: true
 {% endif %}
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop: [ALL]
+  readOnlyRootFilesystem: true
+  seccompProfile: 
+    type: RuntimeDefault

templates/traefik-ingressroute.yml.j2

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: traefik