apiVersion: v1 kind: ServiceAccount metadata: namespace: default name: traefik-ingress-controller --- kind: Deployment apiVersion: apps/v1 metadata: namespace: default name: traefik-deployment labels: app: traefik spec: replicas: 1 selector: matchLabels: app: traefik template: metadata: labels: app: traefik spec: serviceAccountName: traefik-ingress-controller containers: - name: traefik image: traefik:v2.10 args: - --api.insecure - --accesslog=True - --entrypoints.web.Address=:80 - --entrypoints.websecure.Address=:443 - --providers.kubernetescrd - --api.dashboard - --serverstransport.insecureskipverify=true # TLS (HTTPS) - "--certificatesresolvers.myresolver.acme.dnschallenge=true" - "--certificatesresolvers.myresolver.acme.httpChallenge=false" - "--certificatesresolvers.myresolver.acme.tlsChallenge=false" - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53" - "--certificatesresolvers.myresolver.acme.email=junte.kim@mealcraft.com" - "--certificatesresolvers.myresolver.acme.storage=/certs/acme.json" - "--certificatesresolvers.myresolver.acme.httpChallenge.entryPoint=web" - "--entrypoints.web.http.redirections.entrypoint.to=websecure" - "--entrypoints.web.http.redirections.entrypoint.scheme=https" - "--providers.kubernetescrd.allowexternalnameservices=true" - "--providers.kubernetescrd.allowcrossnamespace=false" - "--providers.kubernetescrd.legacyCRDDisabled=true env: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: aws-secrets key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: aws-secrets key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION valueFrom: secretKeyRef: name: aws-secrets key: AWS_REGION ports: - name: web containerPort: 80 - name: admin containerPort: 8080 - name: websecure containerPort: 443 volumeMounts: - name: cert-volume mountPath: /certs imagePullSecrets: - name: registrypullsecret volumes: - name: cert-volume persistentVolumeClaim: claimName: certs-pvc