deployment:
  initContainers:
    - name: volume-permissions
      image: busybox:latest
      command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
      volumeMounts:
        - name: data
          mountPath: /data

updateStrategy:
  type: Recreate
    
env:
 - name: HETZNER_API_KEY
   valueFrom:
     secretKeyRef:
       name: hetzner-api-key
       key: token

additionalArguments:
 - "--api.basePath=/fog/traefik"

persistence:
  enabled: true
    
logs:
  format: json    
  access:
    enabled: true
    format: json    

service:
  spec:
    externalTrafficPolicy: Local
    
ingressRoute:
  dashboard:
    enabled: true
    matchRule: Host(`fog.goatchat.ca`) && (PathPrefix(`/fog/traefik/dashboard`) || PathPrefix(`/fog/traefik/api`))
    entryPoints: ["websecure"]
    middlewares:
      - name: traefik-dashboard-auth
    tls:
      certResolver: letsencrypt

ports:
  websecure:
    middlewares:
      - traefik-rate-limit@kubernetescrd

extraObjects:
  - apiVersion: v1
    kind: Secret
    metadata:
      name: traefik-dashboard-auth-secret
    type: kubernetes.io/basic-auth
    stringData:
      username: admin
      password: # set through cli args

  - apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: traefik-dashboard-auth
    spec:
      basicAuth:
        secret: traefik-dashboard-auth-secret
  - apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: rate-limit
    spec:
      rateLimit:
        average: 50
        burst: 100

certificatesResolvers:
  letsencrypt:
    acme:
      dnschallenge:
        provider: hetzner
        delaybeforecheck: 30
      email: # set through cli args
      storage: /data/acme.json