apiVersion: apps/v1 kind: Deployment metadata: name: traefik namespace: default spec: replicas: 1 selector: matchLabels: app: traefik template: metadata: labels: app: traefik spec: serviceAccountName: traefik-ingress-controller nodeSelector: kubernetes.io/hostname: mist volumes: - name: acme persistentVolumeClaim: claimName: certs-pvc containers: - name: traefik image: traefik:v2.11 ports: - name: web containerPort: 80 - name: websecure containerPort: 443 - name: admin containerPort: 8080 volumeMounts: - name: acme mountPath: /acme args: - "--api.dashboard=true" - "--api.insecure=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.web.http.redirections.entrypoint.to=websecure" - "--entrypoints.web.http.redirections.entrypoint.scheme=https" - "--providers.kubernetescrd=true" - "--providers.kubernetescrd.allowCrossNamespace=true" - "--certificatesresolvers.myresolver.acme.email=junte.kim@mealcraft.com" - "--certificatesresolvers.myresolver.acme.storage=/acme/acme.json" - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53" # STAGING (uncomment for first-time) # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" env: - name: AWS_REGION valueFrom: secretKeyRef: name: aws-secrets key: AWS_REGION - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: aws-secrets key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: aws-secrets key: AWS_SECRET_ACCESS_KEY