|
|
|
@ -58,12 +58,23 @@ For me that wasn't a 5 minutes job as I had to replace [ingress-nginx](https://g
|
|
|
|
|
ports:
|
|
|
|
|
web:
|
|
|
|
|
hostPort: 80
|
|
|
|
|
http:
|
|
|
|
|
redirections:
|
|
|
|
|
entryPoint:
|
|
|
|
|
to: websecure
|
|
|
|
|
scheme: https
|
|
|
|
|
|
|
|
|
|
websecure:
|
|
|
|
|
hostPort: 443
|
|
|
|
|
http3:
|
|
|
|
|
advertisedPort: 443
|
|
|
|
|
tls:
|
|
|
|
|
enabled: true
|
|
|
|
|
websecure-udp:
|
|
|
|
|
port: 9443
|
|
|
|
|
expose: true
|
|
|
|
|
exposedPort: 443
|
|
|
|
|
protocol: UDP
|
|
|
|
|
podAnnotations:
|
|
|
|
|
prometheus.io/port: "8082"
|
|
|
|
|
prometheus.io/scrape: "true"
|
|
|
|
@ -81,20 +92,16 @@ For me that wasn't a 5 minutes job as I had to replace [ingress-nginx](https://g
|
|
|
|
|
- key: "node-role.kubernetes.io/master"
|
|
|
|
|
operator: "Exists"
|
|
|
|
|
effect: "NoSchedule"
|
|
|
|
|
service:
|
|
|
|
|
type: NodePort
|
|
|
|
|
ipFamilyPolicy: "PreferDualStack"
|
|
|
|
|
|
|
|
|
|
experimental:
|
|
|
|
|
http3:
|
|
|
|
|
enabled: true
|
|
|
|
|
additionalArguments:
|
|
|
|
|
- "--accesslog"
|
|
|
|
|
- "--providers.kubernetesingress.allowexternalnameservices"
|
|
|
|
|
- "--providers.kubernetescrd.allowexternalnameservices"
|
|
|
|
|
- "--entrypoints.websecure.http3.advertisedport=443"
|
|
|
|
|
- "--certificatesresolvers.letsencrypt-prod.acme.tlschallenge"
|
|
|
|
|
- "--certificatesresolvers.letsencrypt-prod.acme.email=support@example.com"
|
|
|
|
|
- "--certificatesresolvers.letsencrypt-prod.acme.email=support@jochum.dev"
|
|
|
|
|
- "--certificatesresolvers.letsencrypt-prod.acme.storage=/data/acme.json"
|
|
|
|
|
- "--certificatesresolvers.letsencrypt-prod.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
|
|
|
|
|
image:
|
|
|
|
@ -111,6 +118,23 @@ For me that wasn't a 5 minutes job as I had to replace [ingress-nginx](https://g
|
|
|
|
|
ssl:
|
|
|
|
|
enabled: true
|
|
|
|
|
permanentRedirect: true
|
|
|
|
|
|
|
|
|
|
logs:
|
|
|
|
|
# general:
|
|
|
|
|
# format: json
|
|
|
|
|
access:
|
|
|
|
|
enabled: true
|
|
|
|
|
# format: json
|
|
|
|
|
fields:
|
|
|
|
|
headers:
|
|
|
|
|
defaultmode: drop
|
|
|
|
|
names:
|
|
|
|
|
User-Agent: keep
|
|
|
|
|
Content-Type: keep
|
|
|
|
|
RequestLine: keep
|
|
|
|
|
|
|
|
|
|
persistence:
|
|
|
|
|
enabled: true
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- Change the acme email address there
|
|
|
|
|