manifests/overlays/gke/traefik-ingress-controller-deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
k8s-app: traefik-ingress-lb
name: traefik-ingress-controller
namespace: kube-system
spec:
template:
metadata:
labels:
k8s-app: traefik-ingress-lb
spec:
containers:
- args:
- --kubernetes
- --defaultentrypoints=http,https
- --entrypoints=Name:http Address::80 Redirect.EntryPoint:https Compress:true
- --entrypoints=Name:https Address::443 TLS Compress:true TLS.MinVersion:VersionTLS12
TLS.CipherSuites:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS.SniStrict:true
- --acme
- --acme.onhostrule
- --acme.entrypoint=https
- --acme.domains=branch-review-apps.cds-snc.ca
- --acme.email=max.neuvians@cds-snc.ca
- --acme.storage=/certs/acme.json
- --acme.httpchallenge
- --acme.httpchallenge.entrypoint=http
image: traefik:1.7
name: traefik-ingress-lb
ports:
- containerPort: 80
hostPort: 80
name: http
- containerPort: 443
hostPort: 443
name: https
- containerPort: 8080
hostPort: 8080
name: admin
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
volumeMounts:
- mountPath: /certs
name: certs-claim
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
volumes:
- name: certs-claim
persistentVolumeClaim:
claimName: certs-claim