kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik
        name: traefik-ingress-lb
        resources:
          limits:
            cpu: 200m
            memory: 30Mi
          requests:
            cpu: 100m
            memory: 20Mi
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: https
          hostPort: 443
          containerPort: 443
        - name: admin
          containerPort: 8081
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        volumeMounts:
        - mountPath: "/config"
          name: "config"
        args:
        - --api
        - --configfile=/config/traefik.toml
        - --kubernetes
        - --logLevel=INFO
      volumes:
      - name: config
        configMap:
          name: traefik-config
          items:
            - key: traefik.toml
              path: traefik.toml
      nodeSelector:
        # node must be labelled with roles=ingress-controller
        role: ingress-controller