apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: traefik namespace: argocd annotations: argocd.argoproj.io/sync-wave: "-1" spec: project: default source: repoURL: https://traefik.github.io/charts chart: traefik targetRevision: 26.0.0 helm: values: | deployment: replicas: 2 service: enabled: true type: LoadBalancer spec: loadBalancerIP: "10.100.40.6" # Zwingt Kube-VIP diese IP zu nutzen ports: web: port: 8000 expose: true exposedPort: 80 protocol: TCP websecure: port: 8443 expose: true exposedPort: 443 protocol: TCP ingressRoute: dashboard: enabled: false providers: kubernetesCRD: enabled: true allowCrossNamespace: true kubernetesIngress: enabled: true allowCrossNamespace: true publishedService: enabled: true # File Provider für Edge-Config (dynamic configs) file: directory: /etc/traefik/dynamic watch: true # ACME/Certificates für TLS Termination (Edge-Funktionalität) certificatesResolvers: le: acme: email: acme@infrastructure.stabify.de storage: /certs/acme.json dnsChallenge: provider: cloudflare delayBeforeCheck: 10 # Additional Arguments für File Provider (Edge-Config) additionalArguments: - "--providers.file.directory=/etc/traefik/dynamic" - "--providers.file.watch=true" # ACME/Certificates für TLS Termination (Edge-Funktionalität) certificatesResolvers: le: acme: email: acme@infrastructure.stabify.de storage: /certs/acme.json dnsChallenge: provider: cloudflare delayBeforeCheck: 10 # Extra Volumes (ConfigMaps + PVC für ACME + EmptyDir für dynamic directory) extraVolumes: - name: dynamic-dir-empty type: emptyDir emptyDir: {} - name: traefik-edge-dynamic-k3s type: configMap configMap: name: traefik-edge-dynamic-k3s - name: traefik-edge-dynamic-legacy type: configMap configMap: name: traefik-edge-dynamic-legacy - name: traefik-edge-acme type: persistentVolumeClaim persistentVolumeClaim: claimName: traefik-edge-acme # Init Container um /etc/traefik/dynamic Verzeichnis zu erstellen # (EmptyDir wird erst erstellt, wenn initContainer läuft) initContainers: - name: create-dynamic-dir image: busybox:latest command: ["sh", "-c", "mkdir -p /etc/traefik/dynamic && touch /etc/traefik/dynamic/.keep"] volumeMounts: - name: dynamic-dir-empty mountPath: /etc/traefik/dynamic # Extra Volume Mounts extraVolumeMounts: - name: dynamic-dir-empty mountPath: /etc/traefik/dynamic - name: traefik-edge-dynamic-k3s mountPath: /etc/traefik/dynamic/10-k3s.yaml subPath: 10-k3s.yaml readOnly: true - name: traefik-edge-dynamic-legacy mountPath: /etc/traefik/dynamic/20-legacy-vm.yaml subPath: 20-legacy-vm.yaml readOnly: true - name: traefik-edge-acme mountPath: /certs readOnly: false # Environment Variables für Cloudflare DNS Challenge env: - name: CF_DNS_API_TOKEN valueFrom: secretKeyRef: name: traefik-edge-cloudflare key: CF_DNS_API_TOKEN - name: CF_API_EMAIL valueFrom: secretKeyRef: name: traefik-edge-cloudflare key: CF_API_EMAIL destination: server: https://kubernetes.default.svc namespace: traefik-system syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true