2.3 with PSP is working

defaults/main.yml

@@ -13,7 +13,7 @@ traefik_memory_limit: 300Mi
 traefik_entrypoints:
     - { name: "http", port: 8000, proto: "TCP", hostport: 80 }
     - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true }
-#    - { name: "traefik", port: 8080, proto: "TCP" }
+    - { name: "traefik", port: 8080, proto: "TCP" }
 
 basic_auth: false
 #traefik_dashboard_certificate: wildcard-cluster

templates/traefik-ingressroute.yml.j2

@@ -13,8 +13,7 @@ spec:
   # Match is the rule corresponding to an underlying router.
   # Later on, match could be the simple form of a path prefix, e.g. just "/bar",
   # but for now we only support a traefik style matching rule.
-#  - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
+  - match: Host(`traefik.{{ traefik_domain }}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
-  - match: Host(`traefik.{{ traefik_domain }}`)
     # kind could eventually be one of "Rule", "Path", "Host", "Method", "Header",
     # "Parameter", etc, to support simpler forms of rule matching, but for now we
     # only support "Rule".

templates/traefik-psp.yml.j2

@@ -19,7 +19,7 @@ spec:
     - secret
     - emptyDir
     - projected
-#    - persistentVolumeClaim
+  #  - persistentVolumeClaim
   hostNetwork: false
   hostIPC: false
   hostPID: false
@@ -39,13 +39,11 @@ spec:
       - min: 1
         max: 65535
     hostPorts:
-  - max: 65535
-    min: 1
   readOnlyRootFilesystem: true
   seLinux:
     rule: 'RunAsAny'
   hostPorts:
     - max: 65535
       min: 1
-#  allowedUnsafeSysctls:
+  #allowedUnsafeSysctls:
-#    - kernel.net.ipv4.ip_unprivileged_port_start
+  #  - kernel.net.ipv4.ip_unprivileged_port_start