Support DaemonSet in Helm

Reposting from GitHub

This is extremely disappointing to see the Traefik team refusing to support a valid deployment strategy that was used previously to great effect. If you're going make the helm chart highly opinionated then it should only be provided along with the standard YAML as part of the install documentation

In my use case I ran Traefik 1.x in DaemonSet because, gasp, there are some people who DON'T run in the cloud. I don't have load balancers in front of my servers. Instead I provide load balancing via DNS RR. I need those hosts to all be running Traefik with 100% guarantee. The correct way to assure one and exactly one copy of a pod is running on every host is a DaemonSet. This is not my opinion, it's in the official docs. Anti-Affinity hacks are not the recommended solution, DaemonSet is. Oh and since I'm aware I can't have LetsEncrypt on multiple nodes, I run CertManager. As it was previously recommended. It's not rocket science.

It used to be easier to get all this running in Traefik 1.x, now 2.x has obscured setups behind helm charts and made it a huge effort in order to even figure out what the correct "default" configuration is, let alone customize it.

Hey, running it as daemon set in v2 works exactly the same as it used to in v1. Since this is not going to be supported in helm chart, you can relatively easily set it up manually - I've done that before.

You just need to examine the final manifests that get applied in both cases, and port v1 DaemonSet to v2. It does work. And IMO it's not a biggy.

If you need help, post what's does not seem to work and I'll have a look.

I'm working on it, dealing with RBAC issues between v1 and v2 which I may ask about if I can't figure out.

However if it works exactly the same, why reject a PR for someone who did the work to support it in the helm chart? It's clear that people want to use DaemonSet (and are using DaemonSet), enough that someone went through the effort of PR'ing a helm chart.

HA LE won't work obviously, but you are not using it. I mean that from your perspective as a user of CertManager there will be no changes.