certResolvers:
  cloudflare:
    dnsChallenge:
      provider: cloudflare
    storage: /ssl-certs/acme-cloudflare.json

env:
  - name: CF_DNS_API_TOKEN
    valueFrom:
      secretKeyRef:
        key: token
        name: cloudflare-token-jafner-net-dns-edit

logs:
  general:
    level: error

ports:
  web:
    redirectTo: 
      port: websecure
  websecure:
    tls:
      enabled: true
      certResolver: cloudflare

ingressRoute: 
  dashboard:
    enabled: true

additionalArguments:
- "--api.insecure=true"

tlsStore:
  default:
    defaultCertificate:
      secretName: traefik-k3s-jafner-net

persistence:
  enabled: true
  name: ssl-certs
  size: 1Gi
  path: /ssl-certs
  storageClass: local-path

deployment:
  initContainers:
    - name: volume-permissions
      image: busybox:1.36.1
      command: ["sh", "-c", "touch /ssl-certs/acme-cloudflare.json; chmod -v 600 /ssl-certs/acme-cloudflare.json"]
      volumeMounts:
        - name: ssl-certs
          mountPath: /ssl-certs

ingressClass:
  enabled: true
  isDefaultClass: true

extraObjects:
  - apiVersion: v1
    kind: Service
    metadata:
      name: traefik-dashboard
    spec:
      selector:
        app.kubernetes.io/name: traefik
        app.kubernetes.io/instance: traefik-traefik
      ports:
      - port: 8080
        name: traefik
        targetPort: 9000
        protocol: TCP
  - apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: traefik-dashboard
      annotations:
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
    spec:
      rules:
      - host: traefik.k3s.jafner.net
        http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service: 
                name: traefik-dashboard
                port:
                  name: traefik