image:
  tag: v3.3.2

deployment:
  initContainers:
    - name: volume-permissions
      image: busybox:latest
      command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
      volumeMounts:
        - name: data
          mountPath: /data

env:
 - name: DO_AUTH_TOKEN
   valueFrom:
     secretKeyRef:
       name: digitalocean-api-key
       key: token
 # TODO: add once v3.3 is released
 # - name: TRAEFIK_API_BASEPATH
 #   value: /fog/traefik

persistence:
  enabled: true

ingressRoute:
  dashboard:
    enabled: true
    matchRule: Host(`fog.goatchat.ca`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
    entryPoints: ["websecure"]
    middlewares:
      - name: traefik-dashboard-auth
    tls:
      certResolver: letsencrypt

extraObjects:
  - apiVersion: v1
    kind: Secret
    metadata:
      name: traefik-dashboard-auth-secret
    type: kubernetes.io/basic-auth
    stringData:
      username: admin
      password: # set through cli args

  - apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: traefik-dashboard-auth
    spec:
      basicAuth:
        secret: traefik-dashboard-auth-secret

certificatesResolvers:
  letsencrypt:
    acme:
      dnschallenge:
        provider: digitalocean
        delaybeforecheck: 30
      email: # set through cli args
      storage: /data/acme.json