kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-internal-controller
  labels:
    app: traefik-internal-controller
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik-internal-controller
  template:
    metadata:
      labels:
        app: traefik-internal-controller
    spec:
      serviceAccountName: traefik-internal-controller
      containers:
        - name: traefik
          image: traefik:v2.2
          envFrom:
            - secretRef:
                name: namedotcom
          args:
            - --providers.kubernetescrd.ingressclass=traefik-internal
            - --log.level=DEBUG
            - --api
            - --api.insecure
            - --entrypoints.web.address=:80
            - --entrypoints.websecure.address=:443
            - --entrypoints.websecure.http.tls=true
            - --providers.kubernetescrd
            - --metrics.statsd=true
            - --metrics.statsd.address=graphite.ducoterra.net:8125
            - --certificatesresolvers.myresolver.acme.dnschallenge=true
            - --certificatesresolvers.myresolver.acme.dnschallenge.provider=namedotcom
            - --certificatesresolvers.myresolver.acme.email=ducoterra@icloud.com
            - --certificatesresolvers.myresolver.acme.storage=/acme/acme.json
            - --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=8.8.8.8:53
            - --certificatesresolvers.myresolver.acme.dnschallenge.delayBeforeCheck=5
          volumeMounts:
          - mountPath: /acme
            name: traefik-internal-acme
          ports:
            - name: web
              containerPort: 80
            - name: websecure
              containerPort: 443
            - name: admin
              containerPort: 8080
      volumes:
        - name: traefik-internal-acme
          persistentVolumeClaim:
              claimName: traefik-internal-acme