From a1a28daf7f71328040df4ef6643096fdd90f3add Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Jochum?= <rene@jochum.dev>
Date: Wed, 14 Sep 2022 04:21:34 +0200
Subject: [PATCH] Fix traefik post, drone: build on every push

---
 .drone.yml                               |  1 +
 content/post/20220904-rancher-traefik.md | 34 ++++++++++++++++++++----
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index d98c467..e3e3d7c 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -12,6 +12,7 @@ trigger:
   - cron
   - custom
   - tag
+  - push
 
 steps:
 - name: build
diff --git a/content/post/20220904-rancher-traefik.md b/content/post/20220904-rancher-traefik.md
index bb7f76f..72195c1 100644
--- a/content/post/20220904-rancher-traefik.md
+++ b/content/post/20220904-rancher-traefik.md
@@ -58,12 +58,23 @@ For me that wasn't a 5 minutes job as I had to replace [ingress-nginx](https://g
   ports:
     web:
       hostPort: 80
+      http:
+        redirections:
+          entryPoint:
+            to: websecure
+            scheme: https
+
     websecure:
       hostPort: 443
       http3:
         advertisedPort: 443
       tls:
         enabled: true
+    websecure-udp:
+      port: 9443
+      expose: true
+      exposedPort: 443
+      protocol: UDP
   podAnnotations:
     prometheus.io/port: "8082"
     prometheus.io/scrape: "true"
@@ -81,20 +92,16 @@ For me that wasn't a 5 minutes job as I had to replace [ingress-nginx](https://g
   - key: "node-role.kubernetes.io/master"
     operator: "Exists"
     effect: "NoSchedule"
-  service:
-    type: NodePort
-    ipFamilyPolicy: "PreferDualStack"
 
   experimental:
     http3:
       enabled: true
   additionalArguments:
-    - "--accesslog"
     - "--providers.kubernetesingress.allowexternalnameservices"
     - "--providers.kubernetescrd.allowexternalnameservices"
     - "--entrypoints.websecure.http3.advertisedport=443"
     - "--certificatesresolvers.letsencrypt-prod.acme.tlschallenge"
-    - "--certificatesresolvers.letsencrypt-prod.acme.email=support@example.com"
+    - "--certificatesresolvers.letsencrypt-prod.acme.email=support@jochum.dev"
     - "--certificatesresolvers.letsencrypt-prod.acme.storage=/data/acme.json"
     - "--certificatesresolvers.letsencrypt-prod.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
   image:
@@ -111,6 +118,23 @@ For me that wasn't a 5 minutes job as I had to replace [ingress-nginx](https://g
   ssl:
     enabled: true
     permanentRedirect: true
+
+  logs:
+    # general:
+    #   format: json
+    access:
+      enabled: true
+      # format: json
+      fields:
+        headers:
+          defaultmode: drop
+          names:
+            User-Agent: keep
+            Content-Type: keep
+            RequestLine: keep
+
+  persistence:
+    enabled: true
   ```
 
 - Change the acme email address there