# Traefik Helm values — Phase 1 # Chart: traefik/traefik # Deploy: # helm repo add traefik https://helm.traefik.io/traefik # helm repo update # helm upgrade --install traefik traefik/traefik \ # --namespace traefik --create-namespace \ # -f values/traefik.yml globalArguments: - "--global.checknewversion=false" - "--global.sendanonymoususage=false" additionalArguments: - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.letsencrypt.acme.email=nik@nik4nao.xyz" - "--certificatesresolvers.letsencrypt.acme.storage=/data/traefik/acme.json" entryPoints: web: address: ":80" http: redirections: entryPoint: to: websecure scheme: https websecure: address: ":443" ingressClass: enabled: true isDefaultIngressClass: true service: type: LoadBalancer # K3s includes ServiceLB (klipper) — it will bind this to the node's IP automatically persistence: enabled: false existingClaim: "" storageClass: "" path: /data/traefik size: 128Mi accessMode: ReadWriteOnce volumes: - name: traefik-data hostPath: path: /data/traefik type: DirectoryOrCreate volumeMounts: - name: traefik-data mountPath: /data/traefik deployment: replicas: 1 # Pin to Minisforum (primary node) # Remove this section in Phase 2 once you have a multi-node cluster # and only want Traefik on the server node affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role operator: In values: - primary dashboard: enabled: true # Accessible internally at http://traefik.192.168.7.7.nip.io or via IngressRoute # Do NOT expose the dashboard externally ingressRoute: dashboard: enabled: true matchRule: Host(`traefik.home.arpa`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) entryPoints: - websecure # Add BasicAuth middleware here if you want dashboard password protection logs: general: level: INFO access: enabled: true