deployment:
  replicas: 2

resources:
  requests:
    cpu: 50m
    memory: 64Mi
  limits:
    cpu: 1
    memory: 128Mi

updateStrategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1
    maxSurge: 1

podDisruptionBudget:
  enabled: true
  minAvailable: 1

affinity:
  podAntiAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      - weight: 100
        podAffinityTerm:
          labelSelector:
            matchExpressions:
              - key: app.kubernetes.io/name
                operator: In
                values:
                  - traefik
          topologyKey: kubernetes.io/hostname
    
additionalArguments:
 - "--api.basePath=/fog/traefik"

persistence:
  enabled: false
    
logs:
  format: json    
  access:
    enabled: true
    format: json    

service:
  spec:
    externalTrafficPolicy: Local
    
ingressRoute:
  dashboard:
    enabled: true
    matchRule: Host(`fog.incngrnt.ca`) && (PathPrefix(`/fog/traefik/dashboard`) || PathPrefix(`/fog/traefik/api`))
    entryPoints: ["websecure"]
    middlewares:
      - name: traefik-dashboard-auth
    tls:
      secretName: fog-incngrnt-ca-tls

ports:
  websecure:
    middlewares:
      - traefik-rate-limit@kubernetescrd
  web:
    middlewares:
      - traefik-redirectscheme@kubernetescrd      
  ssh:
    port: 2222
    expose:
      default: true
    exposedPort: 2222
    protocol: TCP
    
    
extraObjects:
  - apiVersion: v1
    kind: Secret
    metadata:
      name: traefik-dashboard-auth-secret
    type: kubernetes.io/basic-auth
    stringData:
      username: admin
      password: {{ requiredEnv "TRAEFIK_ADMIN_PASSWORD" }}

  - apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: traefik-dashboard-auth
    spec:
      basicAuth:
        secret: traefik-dashboard-auth-secret
  - apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: rate-limit
    spec:
      rateLimit:
        average: 50
        burst: 100
  - apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: redirectscheme
    spec:
      redirectScheme:
        scheme: https
        permanent: true
  - apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      name: fog-incngrnt-ca
      namespace: traefik
    spec:
      secretName: fog-incngrnt-ca-tls
      issuerRef:
        name: letsencrypt-incngrnt
        kind: ClusterIssuer
      dnsNames:
        - fog.incngrnt.ca

# other certs
  - apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      name: goatchat-ca
      namespace: goatchat
    spec:
      secretName: goatchat-ca-tls
      issuerRef:
        name: letsencrypt-goatchat
        kind: ClusterIssuer
      dnsNames:
        - goatchat.ca
  - apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      name: incngrnt-ca
      namespace: incngrnt-web
    spec:
      secretName: incngrnt-ca-tls
      issuerRef:
        name: letsencrypt-incngrnt
        kind: ClusterIssuer
      dnsNames:
        - incngrnt.ca
  - apiVersion: cert-manager.io/v1
    kind: Certificate
    metadata:
      name: photos-incngrnt-ca
      namespace: immich
    spec:
      secretName: photos-incngrnt-ca-tls
      issuerRef:
        name: letsencrypt-incngrnt
        kind: ClusterIssuer
      dnsNames:
        - photos.incngrnt.ca