diff --git a/defaults/main.yml b/defaults/main.yml index d4fd918..4636822 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,7 +13,7 @@ traefik_memory_limit: 300Mi traefik_entrypoints: - { name: "http", port: 8000, proto: "TCP", hostport: 80 } - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true } -# - { name: "traefik", port: 8080, proto: "TCP" } + - { name: "traefik", port: 8080, proto: "TCP" } basic_auth: false #traefik_dashboard_certificate: wildcard-cluster \ No newline at end of file diff --git a/templates/traefik-ingressroute.yml.j2 b/templates/traefik-ingressroute.yml.j2 index fe5d341..5c8ca55 100644 --- a/templates/traefik-ingressroute.yml.j2 +++ b/templates/traefik-ingressroute.yml.j2 @@ -13,8 +13,7 @@ spec: # Match is the rule corresponding to an underlying router. # Later on, match could be the simple form of a path prefix, e.g. just "/bar", # but for now we only support a traefik style matching rule. -# - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) - - match: Host(`traefik.{{ traefik_domain }}`) + - match: Host(`traefik.{{ traefik_domain }}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header", # "Parameter", etc, to support simpler forms of rule matching, but for now we # only support "Rule". diff --git a/templates/traefik-psp.yml.j2 b/templates/traefik-psp.yml.j2 index aa93c50..ac10d3d 100644 --- a/templates/traefik-psp.yml.j2 +++ b/templates/traefik-psp.yml.j2 @@ -19,7 +19,7 @@ spec: - secret - emptyDir - projected -# - persistentVolumeClaim + # - persistentVolumeClaim hostNetwork: false hostIPC: false hostPID: false @@ -39,13 +39,11 @@ spec: - min: 1 max: 65535 hostPorts: - - max: 65535 - min: 1 readOnlyRootFilesystem: true seLinux: rule: 'RunAsAny' hostPorts: - max: 65535 min: 1 -# allowedUnsafeSysctls: -# - kernel.net.ipv4.ip_unprivileged_port_start \ No newline at end of file + #allowedUnsafeSysctls: + # - kernel.net.ipv4.ip_unprivileged_port_start \ No newline at end of file