Move prod to its own values

Too not common, causes problems

Author: p4block

cluster/traefik/values-prod.yaml

@@ -0,0 +1,105 @@
+traefik:
+
+  deployment:
+    enabled: true
+    kind: DaemonSet
+    dnsPolicy: ClusterFirstWithHostNet
+    additionalVolumes:
+    - name: dockersocket
+      hostPath:
+        path: /var/run/docker.sock
+        type: Socket
+
+  additionalVolumeMounts:
+  - name: dockersocket
+    mountPath: /var/run/docker.sock
+
+  additionalArguments:
+  - "--providers.docker=true"
+  - "--providers.docker.exposedByDefault=false"
+  - "--entrypoints.websecure.http.encodequerysemicolons=true"
+
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+      maxSurge: 0
+
+  hostNetwork: true
+  affinity:
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+          - key: app.kubernetes.io/name
+            operator: In
+            values:
+            - traefik
+        topologyKey: kubernetes.io/hostname
+
+  ports:
+    metrics:
+      # When using hostNetwork, use another port to avoid conflict with node exporter:
+      # https://github.com/prometheus/prometheus/wiki/Default-port-allocations
+      port: 9101
+    web:
+      port: 80
+      redirectTo.port: websecure
+    websecure:
+      port: 443
+      transport:
+        respondingTimeouts:
+          readTimeout: 0
+
+      # Trust the Cloudflare IPs found at https://www.cloudflare.com/en-in/ips/
+      forwardedHeaders:
+        trustedIPs:
+          - "173.245.48.0/20"
+          - "103.21.244.0/22"
+          - "103.22.200.0/22"
+          - "103.31.4.0/22"
+          - "141.101.64.0/18"
+          - "108.162.192.0/18"
+          - "190.93.240.0/20"
+          - "188.114.96.0/20"
+          - "197.234.240.0/22"
+          - "198.41.128.0/17"
+          - "162.158.0.0/15"
+          - "104.16.0.0/13"
+          - "104.24.0.0/14"
+          - "172.64.0.0/13"
+          - "131.0.72.0/22"
+    replay-stream:
+      port: 15000
+    irc-plain:
+      port: 6667
+    irc-tls:
+      port: 6697
+
+  # HostNetwork
+  service:
+    enabled: false
+
+  logs:
+    general:
+      # -- By default, the logs use a text format (common), but you can
+      # also ask for the json format in the format option
+      # format: json
+      # By default, the level is set to ERROR.
+      # -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
+      level: ERROR
+
+  # This is bugged on 3.0 helmchart, use the CRD in another file
+  # tlsStore:
+  #   default:
+  #     defaultCertificate:
+  #       secretName: cloudflare-faf-xyz
+
+  securityContext:
+    capabilities:
+      drop: [ALL]
+      add: [NET_BIND_SERVICE]
+    readOnlyRootFilesystem: true
+    runAsGroup: 0
+    runAsNonRoot: false
+    runAsUser: 0