a094b7d70a
Configure myks env-data with global repoURL pointing to Forgejo repo, switch destination from cluster name to in-cluster server URL, and disable placeholder cluster Secret generation. Add deploy key init Job that generates an SSH keypair, registers it with Forgejo, and creates the ArgoCD repository secret. Switch job images from bitnami/kubectl to alpine/k8s. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
134 lines
4 KiB
YAML
134 lines
4 KiB
YAML
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
annotations:
|
|
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
|
|
labels:
|
|
app.kubernetes.io/instance: traefik-traefik
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: traefik
|
|
helm.sh/chart: traefik-39.0.5
|
|
name: traefik
|
|
namespace: traefik
|
|
spec:
|
|
minReadySeconds: 0
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/instance: traefik-traefik
|
|
app.kubernetes.io/name: traefik
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
prometheus.io/path: /metrics
|
|
prometheus.io/port: "9100"
|
|
prometheus.io/scrape: "true"
|
|
labels:
|
|
app.kubernetes.io/instance: traefik-traefik
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/name: traefik
|
|
helm.sh/chart: traefik-39.0.5
|
|
spec:
|
|
automountServiceAccountToken: true
|
|
containers:
|
|
- args:
|
|
- --entryPoints.metrics.address=:9100/tcp
|
|
- --entryPoints.traefik.address=:8080/tcp
|
|
- --entryPoints.web.address=:8000/tcp
|
|
- --entryPoints.websecure.address=:8443/tcp
|
|
- --api.dashboard=true
|
|
- --ping=true
|
|
- --metrics.prometheus=true
|
|
- --metrics.prometheus.entrypoint=metrics
|
|
- --providers.kubernetescrd
|
|
- --providers.kubernetescrd.allowEmptyServices=true
|
|
- --providers.kubernetesingress
|
|
- --providers.kubernetesingress.allowEmptyServices=true
|
|
- --providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik
|
|
- --entryPoints.websecure.http.tls=true
|
|
- --log.level=INFO
|
|
env:
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: USER
|
|
value: traefik
|
|
image: docker.io/traefik:v3.6.10
|
|
imagePullPolicy: IfNotPresent
|
|
lifecycle: null
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /ping
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 2
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 2
|
|
name: traefik
|
|
ports:
|
|
- containerPort: 9100
|
|
name: metrics
|
|
protocol: TCP
|
|
- containerPort: 8080
|
|
name: traefik
|
|
protocol: TCP
|
|
- containerPort: 8000
|
|
hostPort: 80
|
|
name: web
|
|
protocol: TCP
|
|
- containerPort: 8443
|
|
hostPort: 443
|
|
name: websecure
|
|
protocol: TCP
|
|
readinessProbe:
|
|
failureThreshold: 1
|
|
httpGet:
|
|
path: /ping
|
|
port: 8080
|
|
scheme: HTTP
|
|
initialDelaySeconds: 2
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 2
|
|
resources: null
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: data
|
|
- mountPath: /tmp
|
|
name: tmp
|
|
hostNetwork: false
|
|
securityContext:
|
|
runAsGroup: 65532
|
|
runAsNonRoot: true
|
|
runAsUser: 65532
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
serviceAccountName: traefik
|
|
terminationGracePeriodSeconds: 60
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
volumes:
|
|
- emptyDir: {}
|
|
name: data
|
|
- emptyDir: {}
|
|
name: tmp
|
|
updateStrategy:
|
|
rollingUpdate:
|
|
maxSurge: 0
|
|
maxUnavailable: 1
|
|
type: RollingUpdate
|