homelab/infra/controllers/traefik/traefik.yaml

---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: traefik-repo
  namespace: traefik-system
spec:
  interval: 15m0s
  url: https://helm.traefik.io/traefik
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: traefik
  namespace: traefik-system
spec:
  chart:
    spec:
      chart: traefik
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: traefik-repo
      version: 32.1.0
  interval: 1m0s
  values:
    replicas: 1
    nodeSelector:
      ingress: 'true'
    tolerations:
    - key: "dedicated"
      operator: "Equal"
      value: "ingress"
      effect: "NoSchedule"
    service:
      type: LoadBalancer
    ports:
      git-ssh:
        port: 2222
        expose:
          default: true
        exposedPort: 2222
        protocol: TCP
    additionalArguments:
      - "--api.insecure=true"
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-external
  namespace: traefik-system
  annotations:
    metallb.universe.tf/address-pool: premhome-gc1
    external-dns.alpha.kubernetes.io/hostname: "*.yadunut.dev,yadunut.dev"
spec:
  type: LoadBalancer
  ports:
    - name: web
      port: 80
      targetPort: web
    - name: websecure
      port: 443
      targetPort: websecure
    - name: git-ssh
      port: 2222
      targetPort: git-ssh
  selector:
    app.kubernetes.io/name: traefik
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-internal
  namespace: traefik-system
spec:
  type: LoadBalancer
  ports:
    - name: traefik
      port: 80
      targetPort: traefik
  selector:
    app.kubernetes.io/name: traefik
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: traefik-dashboard-ingress
  namespace: traefik-system
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: authentik-system-authentik@kubernetescrd
spec:
  ingressClassName: traefik
  rules:
  - host: traefik.i.yadunut.dev
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: traefik-internal
            port:
              name: traefik
  tls:
  - hosts:
    - traefik.i.yadunut.dev
    secretName: wildcard-cert-i.yadunut.dev-prod