k8s-manifests/jupyter/base/charts/jupyterhub/templates/proxy/autohttps/_configmap-traefik.yaml

69 lines
2 KiB
YAML
Raw Normal View History

{{- define "jupyterhub.traefik.yaml" -}}
# Content of traefik.yaml to be merged merged with
# proxy.traefik.extraStaticConfig.
# ----------------------------------------------------------------------------
# Config of logs about web requests
#
# ref: https://docs.traefik.io/observability/access-logs/
accessLog:
# Redact commonly sensitive headers
fields:
headers:
names:
Authorization: redacted
Cookie: redacted
Set-Cookie: redacted
X-Xsrftoken: redacted
# Only log errors
filters:
statusCodes:
- 500-599
# Automatically acquire certificates certificates form a Certificate
# Authority (CA) like Let's Encrypt using the ACME protocol's HTTP-01
# challenge.
#
# ref: https://docs.traefik.io/https/acme/#certificate-resolvers
certificatesResolvers:
default:
acme:
caServer: {{ .Values.proxy.https.letsencrypt.acmeServer }}
email: {{ .Values.proxy.https.letsencrypt.contactEmail }}
httpChallenge:
entryPoint: http
storage: /etc/acme/acme.json
# Let Traefik listen to port 80 and port 443
#
# ref: https://docs.traefik.io/routing/entrypoints/
entryPoints:
# Port 80, used for:
# - ACME HTTP-01 challenges
# - Redirects to HTTPS
http:
address: ':8080'
# Port 443, used for:
# - TLS Termination Proxy, where HTTPS transitions to HTTP.
https:
address: ':8443'
# Configure a high idle timeout for our websockets connections
transport:
respondingTimeouts:
idleTimeout: 10m0s
# Config of logs about what happens to Traefik itself (startup,
# configuration, events, shutdown, and so on).
#
# ref: https://docs.traefik.io/observability/logs
log:
level: {{ if .Values.debug.enabled -}} DEBUG {{- else -}} WARN {{- end }}
# Let Traefik monitor another file we mount for dynamic configuration. As we
# mount this file through this configmap, we can make a `kubectl edit` on the
# configmap and have Traefik update on changes to dynamic.yaml.
providers:
file:
filename: /etc/traefik/dynamic.yaml
{{- end }}