juntekim.com/traefik/edge-router/traefik-deployment.yml

apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: default
  name: traefik-ingress-controller

---

kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: default
  name: traefik-deployment
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      containers:
        - name: traefik
          image: traefik:v2.10
          args:
            - --api.insecure
            - --accesslog=True
            - --entrypoints.web.Address=:80
            - --entrypoints.websecure.Address=:443
            - --providers.kubernetescrd
            - --api.dashboard
            - --serverstransport.insecureskipverify=true
            # TLS (HTTPS)
            - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
            - "--certificatesresolvers.myresolver.acme.httpChallenge=false"
            - "--certificatesresolvers.myresolver.acme.tlsChallenge=false"
            - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53"
            - "--certificatesresolvers.myresolver.acme.email=junte.kim@mealcraft.com"
            - "--certificatesresolvers.myresolver.acme.storage=/certs/acme.json"
            - "--certificatesresolvers.myresolver.acme.httpChallenge.entryPoint=web"
            - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
            - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
            - "--providers.kubernetescrd.allowexternalnameservices=true"
            - "--providers.kubernetescrd.allowcrossnamespace=false"
          env:
            - name: AWS_ACCESS_KEY_ID
              valueFrom:
                secretKeyRef:
                  name: aws-secrets
                  key: AWS_ACCESS_KEY_ID
            - name: AWS_SECRET_ACCESS_KEY
              valueFrom:
                secretKeyRef:
                  name: aws-secrets
                  key: AWS_SECRET_ACCESS_KEY
            - name: AWS_REGION
              valueFrom:
                secretKeyRef:
                  name: aws-secrets
                  key: AWS_REGION
          ports:
            - name: web
              containerPort: 80
            - name: admin
              containerPort: 8080
            - name: websecure
              containerPort: 443
          volumeMounts:
          - name: cert-volume
            mountPath: /certs
      imagePullSecrets:
        - name: registrypullsecret
      volumes:
      - name: cert-volume
        persistentVolumeClaim:
          claimName: certs-pvc