---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: traefik-repo
  namespace: traefik-system
spec:
  interval: 15m0s
  url: https://helm.traefik.io/traefik
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: traefik
  namespace: traefik-system
spec:
  chart:
    spec:
      chart: traefik
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: traefik-repo
      version: 32.1.0
  interval: 1m0s
  values:
    replicas: 1
    nodeSelector:
      ingress: 'true'
    tolerations:
    - key: "dedicated"
      operator: "Equal"
      value: "ingress"
      effect: "NoSchedule"
    service:
      type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-external
  namespace: traefik-system
  annotations:
    metallb.universe.tf/address-pool: premhome-gc1
    external-dns.alpha.kubernetes.io/hostname: "*.yadunut.dev,yadunut.dev"
spec:
  type: LoadBalancer
  ports:
    - name: web
      port: 80
      targetPort: web
    - name: websecure
      port: 443
      targetPort: websecure
  selector:
    app.kubernetes.io/name: traefik
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-internal
  namespace: traefik-system
spec:
  type: LoadBalancer
  ports:
    - name: traefik
      port: 80
      targetPort: traefik
  selector:
    app.kubernetes.io/name: traefik
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: traefik-dashboard-ingress
  namespace: traefik-system
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: authentik-system-authentik@kubernetescrd
spec:
  ingressClassName: traefik
  rules:
  - host: traefik.i.yadunut.dev
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: traefik-internal
            port:
              name: traefik
  tls:
  - hosts:
    - authentik.yadunut.dev
    secretName: wildcard-cert-yadunut.dev-prod