From 6fb4ac3fca3e8f075f57fe8e9aba4ddab2e3db08 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Wed, 14 Oct 2020 15:15:48 -0400 Subject: [PATCH] helmify --- external/deploy.yaml | 59 ------------- external/pvc/pvc.yaml | 14 ---- external/rbac.yaml | 64 -------------- external/service.yaml | 32 ------- helm/.helmignore | 23 +++++ helm/Chart.yaml | 23 +++++ helm/templates/deploy.yaml | 84 +++++++++++++++++++ {external => helm/templates}/ingress.yaml | 16 ++-- helm/templates/middleware.yaml | 35 ++++++++ {internal/pvc => helm/templates}/pvc.yaml | 5 +- {internal => helm/templates}/rbac.yaml | 10 +-- .../templates}/resourcedefinition.yaml | 4 +- helm/templates/service.yaml | 32 +++++++ internal/deploy.yaml | 64 -------------- internal/ingress.yaml | 43 ---------- internal/service.yaml | 32 ------- middleware/basicauth.yaml | 8 -- middleware/redirectscheme.yaml | 9 -- middleware/stricttransport.yaml | 7 -- values-external.yaml | 26 ++++++ values-internal.yaml | 29 +++++++ 21 files changed, 270 insertions(+), 349 deletions(-) delete mode 100644 external/deploy.yaml delete mode 100644 external/pvc/pvc.yaml delete mode 100644 external/rbac.yaml delete mode 100644 external/service.yaml create mode 100644 helm/.helmignore create mode 100644 helm/Chart.yaml create mode 100644 helm/templates/deploy.yaml rename {external => helm/templates}/ingress.yaml (60%) create mode 100644 helm/templates/middleware.yaml rename {internal/pvc => helm/templates}/pvc.yaml (65%) rename {internal => helm/templates}/rbac.yaml (84%) rename {k8s => helm/templates}/resourcedefinition.yaml (96%) create mode 100644 helm/templates/service.yaml delete mode 100644 internal/deploy.yaml delete mode 100644 internal/ingress.yaml delete mode 100644 internal/service.yaml delete mode 100644 middleware/basicauth.yaml delete mode 100644 middleware/redirectscheme.yaml delete mode 100644 middleware/stricttransport.yaml create mode 100644 values-external.yaml create mode 100644 values-internal.yaml diff --git a/external/deploy.yaml b/external/deploy.yaml deleted file mode 100644 index 9262f18..0000000 --- a/external/deploy.yaml +++ /dev/null @@ -1,59 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: traefik-external-controller - labels: - app: traefik-external-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app: traefik-external-controller - template: - metadata: - labels: - app: traefik-external-controller - spec: - serviceAccountName: traefik-external-controller - containers: - - name: traefik - image: traefik:v2.2 - args: - - --providers.kubernetescrd.ingressclass=traefik-external - - --log.level=ERROR - - --accesslog=true - - --api - - --api.insecure - - --entrypoints.web.address=:9080 - - --entrypoints.websecure.address=:9443 - - --entrypoints.websecure.http.tls=true - - --providers.kubernetescrd - - --metrics.statsd=true - - --metrics.statsd.address=graphite.ducoterra.net:8125 - - --metrics.statsd.addEntryPointsLabels=true - - --metrics.statsd.addServicesLabels=true - - --metrics.statsd.prefix="traefik-external" - - --certificatesresolvers.myresolver.acme.tlschallenge - - --certificatesresolvers.myresolver.acme.email=ducoterra@icloud.com - - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json - - --tracing=true - - --tracing.serviceName=traefik-external-controller - - --tracing.spanNameLimit=0 - - --tracing.zipkin=true - - --tracing.zipkin.httpEndpoint=http://zipkin:9411/api/v2/spans - - --tracing.zipkin.sampleRate=1.0 - volumeMounts: - - mountPath: /acme - name: traefik-external-acme - ports: - - name: web - containerPort: 9080 - - name: websecure - containerPort: 9443 - - name: admin - containerPort: 8080 - volumes: - - name: traefik-external-acme - persistentVolumeClaim: - claimName: traefik-external-acme \ No newline at end of file diff --git a/external/pvc/pvc.yaml b/external/pvc/pvc.yaml deleted file mode 100644 index 36b6b62..0000000 --- a/external/pvc/pvc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: traefik-external-acme - labels: - app: traefik-external-controller - namespace: kube-system -spec: - storageClassName: nvme - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi \ No newline at end of file diff --git a/external/rbac.yaml b/external/rbac.yaml deleted file mode 100644 index f15a68d..0000000 --- a/external/rbac.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: traefik-external-controller - namespace: kube-system ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-external-controller -rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - traefik.containo.us - resources: - - middlewares - - ingressroutes - - traefikservices - - ingressroutetcps - - ingressrouteudps - - tlsoptions - - tlsstores - verbs: - - get - - list - - watch - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: traefik-external-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: traefik-external-controller -subjects: - - kind: ServiceAccount - name: traefik-external-controller - namespace: kube-system \ No newline at end of file diff --git a/external/service.yaml b/external/service.yaml deleted file mode 100644 index c43fe5d..0000000 --- a/external/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: traefik-external-controller - namespace: kube-system -spec: - type: LoadBalancer - selector: - app: traefik-external-controller - ports: - - protocol: TCP - port: 9080 - name: web - targetPort: 9080 - - protocol: TCP - port: 9443 - name: websecure - targetPort: 9443 ---- -apiVersion: v1 -kind: Service -metadata: - name: traefik-external-admin - namespace: kube-system -spec: - selector: - app: traefik-external-controller - ports: - - protocol: TCP - port: 8080 - name: admin - targetPort: 8080 \ No newline at end of file diff --git a/helm/.helmignore b/helm/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..b9714b3 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: internal +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.16.0 diff --git a/helm/templates/deploy.yaml b/helm/templates/deploy.yaml new file mode 100644 index 0000000..f06ac0e --- /dev/null +++ b/helm/templates/deploy.yaml @@ -0,0 +1,84 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Release.Name }} + labels: + app: {{ .Release.Name }} + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }} + spec: + serviceAccountName: {{ .Release.Name }} + containers: + - name: traefik + image: {{ .Values.image }} + args: + - --providers.kubernetescrd.ingressclass={{ .Values.config.ingressclass }} + - --log.level=ERROR + - --accesslog=true + - --api + - --api.insecure + - --entrypoints.web.address=:{{ .Values.config.http_port }} + - --entrypoints.websecure.address=:{{ .Values.config.https_port }} + - --entrypoints.websecure.http.tls=true + - --providers.kubernetescrd +{{ if .Values.enable.statsd }} + - --metrics.statsd=true + - --metrics.statsd.address={{ .Values.config.statsd_endpoint }} + - --metrics.statsd.addEntryPointsLabels=true + - --metrics.statsd.addServicesLabels=true + - --metrics.statsd.prefix={{ .Release.Name }} +{{ end }} +{{ if .Values.enable.dnschallenge }} + - --certificatesresolvers.myresolver.acme.dnschallenge=true + - --certificatesresolvers.myresolver.acme.dnschallenge.provider={{ .Values.config.dnschallenge_provider }} + - --certificatesresolvers.myresolver.acme.email={{ .Values.config.acme_email }} + - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json + - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1 +{{ end }} +{{ if .Values.enable.tlschallenge }} + - --certificatesresolvers.myresolver.acme.tlschallenge + - --certificatesresolvers.myresolver.acme.email={{ .Values.config.acme_email }} + - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json +{{ end }} +{{ if .Values.enable.tracing }} + - --tracing=true + - --tracing.serviceName={{ .Release.Name }} + - --tracing.spanNameLimit=0 + - --tracing.zipkin=true + - --tracing.zipkin.httpEndpoint={{ .Values.config.tracing_endpoint}} + - --tracing.zipkin.sampleRate=1.0 +{{ end }} + volumeMounts: + - mountPath: /acme + name: acme-certs + ports: + - name: web + containerPort: {{ .Values.config.http_port }} + - name: websecure + containerPort: {{ .Values.config.https_port }} + - name: admin + containerPort: {{ .Values.config.admin_port }} + envFrom: +{{ if .Values.enable.dnschallenge }} + - secretRef: + name: {{ .Values.config.dnschallenge_provider_secret }} +{{ end }} + resources: + requests: + memory: 128Mi + cpu: 250m + limits: + memory: 1Gi + cpu: "1" + volumes: + - name: acme-certs + persistentVolumeClaim: + claimName: {{ .Release.Name }} \ No newline at end of file diff --git a/external/ingress.yaml b/helm/templates/ingress.yaml similarity index 60% rename from external/ingress.yaml rename to helm/templates/ingress.yaml index d8d880e..9145333 100644 --- a/external/ingress.yaml +++ b/helm/templates/ingress.yaml @@ -1,10 +1,10 @@ apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: - name: traefik-external-tls + name: {{ .Release.Name }}-tls namespace: kube-system annotations: - kubernetes.io/ingress.class: traefik-internal + kubernetes.io/ingress.class: {{ .Values.config.ingressclass }} spec: entryPoints: - websecure @@ -13,10 +13,10 @@ spec: domains: - main: "*.ducoterra.net" routes: - - match: Host(`traefik-external.ducoterra.net`) + - match: Host(`{{ .Release.Name }}.ducoterra.net`) kind: Rule services: - - name: traefik-external-admin + - name: {{ .Release.Name }}-admin port: 8080 middlewares: - name: basic-auth @@ -26,18 +26,18 @@ spec: apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: - name: traefik-external-web + name: {{ .Release.Name }}-web namespace: kube-system annotations: - kubernetes.io/ingress.class: traefik-internal + kubernetes.io/ingress.class: {{ .Values.config.ingressclass }} spec: entryPoints: - web routes: - - match: Host(`traefik-external.ducoterra.net`) + - match: Host(`{{ .Release.Name }}.ducoterra.net`) kind: Rule services: - - name: traefik-external-admin + - name: {{ .Release.Name }}-admin port: 8080 middlewares: - name: httpsredirect \ No newline at end of file diff --git a/helm/templates/middleware.yaml b/helm/templates/middleware.yaml new file mode 100644 index 0000000..9021271 --- /dev/null +++ b/helm/templates/middleware.yaml @@ -0,0 +1,35 @@ +{{ if .Values.middleware.basicauth }} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: basic-auth + namespace: kube-system +spec: + basicAuth: + secret: authsecret + removeHeader: true +{{ end }} +--- +{{ if .Values.middleware.redirectscheme }} +# Redirect to https +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: httpsredirect + namespace: kube-system +spec: + redirectScheme: + scheme: https + permanent: true +{{ end }} +--- +{{ if .Values.middleware.stricttransport }} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: stricttransport + namespace: kube-system +spec: + headers: + stsSeconds: 15552000 +{{ end }} \ No newline at end of file diff --git a/internal/pvc/pvc.yaml b/helm/templates/pvc.yaml similarity index 65% rename from internal/pvc/pvc.yaml rename to helm/templates/pvc.yaml index 31bf8d1..d3bed0a 100644 --- a/internal/pvc/pvc.yaml +++ b/helm/templates/pvc.yaml @@ -1,12 +1,11 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: traefik-internal-acme + name: {{ .Release.Name }} labels: - app: traefik-internal-controller + app: {{ .Release.Name }} namespace: kube-system spec: - storageClassName: nvme accessModes: - ReadWriteOnce resources: diff --git a/internal/rbac.yaml b/helm/templates/rbac.yaml similarity index 84% rename from internal/rbac.yaml rename to helm/templates/rbac.yaml index 799c62e..84d0eb1 100644 --- a/internal/rbac.yaml +++ b/helm/templates/rbac.yaml @@ -1,14 +1,14 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: traefik-internal-controller + name: {{ .Release.Name }} namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: - name: traefik-internal-controller + name: {{ .Release.Name }} rules: - apiGroups: - "" @@ -53,12 +53,12 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: - name: traefik-internal-controller + name: {{ .Release.Name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: traefik-internal-controller + name: {{ .Release.Name }} subjects: - kind: ServiceAccount - name: traefik-internal-controller + name: {{ .Release.Name }} namespace: kube-system \ No newline at end of file diff --git a/k8s/resourcedefinition.yaml b/helm/templates/resourcedefinition.yaml similarity index 96% rename from k8s/resourcedefinition.yaml rename to helm/templates/resourcedefinition.yaml index da1a06d..87e7ab7 100644 --- a/k8s/resourcedefinition.yaml +++ b/helm/templates/resourcedefinition.yaml @@ -1,3 +1,4 @@ +{{ if .Values.install.resourcedefinition }} # All resources definition must be declared apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -101,4 +102,5 @@ spec: kind: TraefikService plural: traefikservices singular: traefikservice - scope: Namespaced \ No newline at end of file + scope: Namespaced +{{ end }} \ No newline at end of file diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml new file mode 100644 index 0000000..f3f494a --- /dev/null +++ b/helm/templates/service.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + namespace: kube-system +spec: + type: LoadBalancer + selector: + app: {{ .Release.Name }} + ports: + - protocol: TCP + port: {{ .Values.config.http_port }} + name: web + targetPort: {{ .Values.config.http_port }} + - protocol: TCP + port: {{ .Values.config.https_port }} + name: websecure + targetPort: {{ .Values.config.https_port }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-admin + namespace: kube-system +spec: + selector: + app: {{ .Release.Name }} + ports: + - protocol: TCP + port: {{ .Values.config.admin_port }} + name: admin + targetPort: {{ .Values.config.admin_port }} \ No newline at end of file diff --git a/internal/deploy.yaml b/internal/deploy.yaml deleted file mode 100644 index 5b4eba5..0000000 --- a/internal/deploy.yaml +++ /dev/null @@ -1,64 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: traefik-internal-controller - labels: - app: traefik-internal-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app: traefik-internal-controller - template: - metadata: - labels: - app: traefik-internal-controller - spec: - serviceAccountName: traefik-internal-controller - containers: - - name: traefik - image: traefik:v2.2 - args: - - --providers.kubernetescrd.ingressclass=traefik-internal - - --log.level=ERROR - - --accesslog=true - - --api - - --api.insecure - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --entrypoints.websecure.http.tls=true - - --providers.kubernetescrd - - --metrics.statsd=true - - --metrics.statsd.address=graphite.ducoterra.net:8125 - - --metrics.statsd.addEntryPointsLabels=true - - --metrics.statsd.addServicesLabels=true - - --metrics.statsd.prefix="traefik-internal" - - --certificatesresolvers.myresolver.acme.dnschallenge=true - - --certificatesresolvers.myresolver.acme.dnschallenge.provider=namedotcom - - --certificatesresolvers.myresolver.acme.email=ducoterra@icloud.com - - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json - - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=8.8.8.8:53 - - --tracing=true - - --tracing.serviceName=traefik-internal-controller - - --tracing.spanNameLimit=0 - - --tracing.zipkin=true - - --tracing.zipkin.httpEndpoint=http://zipkin:9411/api/v2/spans - - --tracing.zipkin.sampleRate=1.0 - volumeMounts: - - mountPath: /acme - name: traefik-internal-acme - ports: - - name: web - containerPort: 80 - - name: websecure - containerPort: 443 - - name: admin - containerPort: 8080 - envFrom: - - secretRef: - name: namedotcom - volumes: - - name: traefik-internal-acme - persistentVolumeClaim: - claimName: traefik-internal-acme \ No newline at end of file diff --git a/internal/ingress.yaml b/internal/ingress.yaml deleted file mode 100644 index 2e84850..0000000 --- a/internal/ingress.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: traefik-internal-tls - namespace: kube-system - annotations: - kubernetes.io/ingress.class: traefik-internal -spec: - entryPoints: - - websecure - tls: - certResolver: myresolver - domains: - - main: "*.ducoterra.net" - routes: - - match: Host(`traefik-internal.ducoterra.net`) - kind: Rule - services: - - name: traefik-internal-admin - port: 8080 - middlewares: - - name: basic-auth - ---- - -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: traefik-internal-web - namespace: kube-system - annotations: - kubernetes.io/ingress.class: traefik-internal -spec: - entryPoints: - - web - routes: - - match: Host(`traefik-internal.ducoterra.net`) - kind: Rule - services: - - name: traefik-internal-admin - port: 8080 - middlewares: - - name: httpsredirect \ No newline at end of file diff --git a/internal/service.yaml b/internal/service.yaml deleted file mode 100644 index 54f2a5e..0000000 --- a/internal/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: traefik-internal-controller - namespace: kube-system -spec: - type: LoadBalancer - selector: - app: traefik-internal-controller - ports: - - protocol: TCP - port: 80 - name: web - targetPort: 80 - - protocol: TCP - port: 443 - name: websecure - targetPort: 443 ---- -apiVersion: v1 -kind: Service -metadata: - name: traefik-internal-admin - namespace: kube-system -spec: - selector: - app: traefik-internal-controller - ports: - - protocol: TCP - port: 8080 - name: admin - targetPort: 8080 \ No newline at end of file diff --git a/middleware/basicauth.yaml b/middleware/basicauth.yaml deleted file mode 100644 index 41794a3..0000000 --- a/middleware/basicauth.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: basic-auth -spec: - basicAuth: - secret: authsecret - removeHeader: true \ No newline at end of file diff --git a/middleware/redirectscheme.yaml b/middleware/redirectscheme.yaml deleted file mode 100644 index 8b3ce65..0000000 --- a/middleware/redirectscheme.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Redirect to https -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: httpsredirect -spec: - redirectScheme: - scheme: https - permanent: true \ No newline at end of file diff --git a/middleware/stricttransport.yaml b/middleware/stricttransport.yaml deleted file mode 100644 index 0a44f37..0000000 --- a/middleware/stricttransport.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: stricttransport -spec: - headers: - stsSeconds: 15552000 \ No newline at end of file diff --git a/values-external.yaml b/values-external.yaml new file mode 100644 index 0000000..7ac1189 --- /dev/null +++ b/values-external.yaml @@ -0,0 +1,26 @@ +image: traefik:v2.2 + +install: + resourcedefinition: false + +enable: + dnschallenge: false + tlschallenge: true + tracing: true + statsd: true + +middleware: + basicauth: false + redirectscheme: false + stricttransport: false + +config: + ingressclass: traefik-external + http_port: 9080 + https_port: 9443 + admin_port: 8080 + # statsd reporting + statsd_endpoint: graphite.ducoterra.net:8125 + acme_email: ducoterra@icloud.com + # zipkin tracing + tracing_endpoint: http://zipkin:9411/api/v2/spans \ No newline at end of file diff --git a/values-internal.yaml b/values-internal.yaml new file mode 100644 index 0000000..6e878fb --- /dev/null +++ b/values-internal.yaml @@ -0,0 +1,29 @@ +image: traefik:v2.2 + +install: + resourcedefinition: true + +enable: + dnschallenge: true + tlschallenge: false + tracing: true + statsd: true + +middleware: + basicauth: true + redirectscheme: true + stricttransport: true + +config: + ingressclass: traefik-internal + http_port: 80 + https_port: 443 + admin_port: 8080 + # statsd reporting + statsd_endpoint: graphite.ducoterra.net:8125 + acme_email: ducoterra@icloud.com + # letsencrypt dns challenge for wildcard cert + dnschallenge_provider: namedotcom + dnschallenge_provider_secret: namedotcom + # zipkin tracing + tracing_endpoint: http://zipkin:9411/api/v2/spans \ No newline at end of file