---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: traefik
  namespace: traefik-production
spec:
  interval: 24h
  url: https://helm.traefik.io/traefik
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: traefik
  namespace: traefik-production
spec:
  chart:
    spec:
      chart: traefik
      sourceRef:
        kind: HelmRepository
        name: traefik
      version: 31.1.1
  interval: 1m0s
  releaseName: traefik
  targetNamespace: default
  valuesFrom:
    - kind: Secret
      name: traefik-secret
---
apiVersion: v1
kind: Secret
metadata:
  creationTimestamp: null
  name: traefik-secret
  namespace: traefik-production
stringData:
  values.yaml: |
    globalArguments:
      - "--global.sendanonymoususage=false"
      - "--global.checknewversion=false"

    additionalArguments:
      - "--serversTransport.insecureSkipVerify=true"
      - "--log.level=INFO"
      - "--providers.kubernetescrd.allowCrossNamespace=true"

    deployment:
      enabled: true
      replicas: 1
      annotations: {}
      podAnnotations: {}
      additionalContainers: []
      initContainers: []

    ports:
      web:
        redirectTo:
          port: websecure
          priority: 10
      websecure:
        # http3:
        #   enabled: true
        # advertisedPort: 4443
        tls:
          enabled: true

    ingressRoute:
      dashboard:
        enabled: false

    providers:
      kubernetesCRD:
        enabled: true
        ingressClass: traefik-external
        allowExternalNameServices: true
        allowCrossNamespace: true
      kubernetesIngress:
        enabled: true
        allowExternalNameServices: true
        allowCrossNamespace: true
        publishedService:
          enabled: false

    rbac:
      enabled: true

    service:
      enabled: true
      type: LoadBalancer
      annotations: {}
      labels: {}
      spec:
        loadBalancerIP: 10.0.69.250 # this should be an IP in the MetalLB range
      loadBalancerSourceRanges: []
      externalIPs: []