ansible-role-k8s-traefik/templates/traefik-cm.yml.j2

apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    app: traefik
  name: traefik-conf
data:
  traefik.yaml: |
    global:
      checkNewVersion: true
      sendAnonymousUsage: true
    serversTransport:
      insecureSkipVerify: true
    entryPoints:
      web:
        address: ":8000/tcp"
        http:
    #      middlewares:
    #        - auth@file
    #        - secure_headers@file
    #        - crowdsec-bouncer@file
    #        - {{ traefik_namespace }}-crowdsec-traefik-bouncer@kubernetescrd
          redirections:
            entryPoint:
              to: websecure
              scheme: https
              permanent: true
      websecure:
        address: ":8443"
        http:
          tls:
            options: default
    #      middlewares:
    #        - auth@file
    #        - secure_headers@file
    #        - crowdsec-bouncer@file
        http3:
          advertisedPort: 443
      traefik:
        address: ":9000/tcp"
      metrics:
        address: ":9100/tcp"
{% if traefik_hub_token is defined %}
      traefikhub-api:
        address: ":9900"
      traefikhub-tunl:
        address: ":9901/tcp"
{% endif%}
{% for traefik_entrypoint in traefik_entrypoints %}
      {{ traefik_entrypoint.name }}:
{% if traefik_entrypoint.proto is defined %}
        address: ":{{ traefik_entrypoint.port }}/{{ traefik_entrypoint.proto | lower }}"
{% else %}
        address: ":{{ traefik_entrypoint.port }}"
{% endif %}
{% if traefik_entrypoint.tls is defined or traefik_entrypoint.middlewares is defined %}
        http:
{% if traefik_entrypoint.middlewares is defined %}
          middlewares:
{% for middleware in traefik_entrypoint.middlewares %}
            - {{ middleware }}
{% endfor %}
{% endif %}
{% if traefik_entrypoint.tls is defined and traefik_entrypoint.tls|bool %}
          tls: {}
{% endif %}
{% endif %}
{% endfor %}
    providers:
      kubernetesCRD:
    #    ingressClass: "traefik"
        throttleDuration: 2s
        allowEmptyServices: true
      kubernetesIngress:
        ingressClass: "traefik"
{% if traefik_hub_token is defined %}
        allowExternalNameServices: true
{% endif%}
        allowEmptyServices: true
      file:
        directory: /etc/traefik/file/
        watch: true
    metrics:
      prometheus:
        entryPoint: metrics
        addRoutersLabels: true
    ping:
      entryPoint: traefik
    api:
      dashboard: true
{% if traefik_hub_token is defined %}
    hub: {}
{% endif %}
    log:
      level: ERROR
    #  format: json
    accessLog: {}
    #accessLog:
    #  filePath: "/var/log/traefik/access.log"
    #  bufferingSize: 50
    ##  format: json
    ##  fields:
    ##    names:
    ##      BackendAddr: keep
    ##      BackendName: keep
    ##      BackendURL: keep
    ##      FrontendName: keep
{% if traefik_hub_token is defined or traefik_ondemand is defined %}
    experimental:
    #  kubernetesGateway: true
{% if traefik_hub_token is defined %}
      hub: true
{% endif %}
{% if traefik_ondemand is defined %}
      plugins:
        traefik-ondemand-plugin:
          moduleName: github.com/acouvreur/traefik-ondemand-plugin
          version: v1.2.0
{% endif %}
{% endif %}