kind: DaemonSet apiVersion: apps/v1 metadata: namespace: {{ traefik_namespace }} name: traefik labels: app: traefik spec: # replicas: {% if traefik_node_selector is defined %}{{ traefik_node_selector|length }}{% else %}1{% endif %} strategy: type: Recreate selector: matchLabels: app: traefik template: metadata: labels: app: traefik spec: serviceAccountName: traefik-ingress-controller # securityContext: # sysctls: # - name: kernel.net.ipv4.ip_unprivileged_port_start # value: "80" containers: - name: traefik image: traefik:{{ lookup('vars', 'traefik_version_' + traefik_version | regex_replace('\.','_')) }} args: - --configfile=/config/traefik.yaml # imagePullPolicy: IfNotPresent ports: {% for traefik_entrypoint in traefik_entrypoints %} - name: {{ traefik_entrypoint.name }} containerPort: {{ traefik_entrypoint.port }} protocol: {{ traefik_entrypoint.proto }} {% if traefik_entrypoint.hostport is defined %} hostPort: {{ traefik_entrypoint.hostport }} {% endif %} {% endfor %} readinessProbe: httpGet: path: /ping port: traefik failureThreshold: 1 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 livenessProbe: httpGet: path: /ping port: traefik failureThreshold: 3 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: true resources: limits: cpu: {{ traefik_cpu_limit }} memory: {{ traefik_memory_limit }} requests: cpu: 100m memory: 20Mi volumeMounts: - mountPath: /config name: config {% if traefik_node_selector is defined %} nodeSelector: reslinger.net/entrypoint: traefik {% endif %} dnsPolicy: ClusterFirst hostNetwork: false restartPolicy: Always terminationGracePeriodSeconds: 1 tolerations: - effect: NoSchedule operator: Exists volumes: - configMap: defaultMode: 420 name: traefik name: config