traefik: move to kustomize

Closes #102

traefik/kustomization.yaml

@@ -0,0 +1,70 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: traefik
+
+# spec: https://kubectl.docs.kubernetes.io/references/kustomize/builtins/#_helmchartinflationgenerator_
+helmCharts:
+- includeCRDs: true
+  name: &name traefik
+  releaseName: *name
+  repo: https://traefik.github.io/charts
+  valuesInline: # https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml
+    namespace: *name
+    image:
+      registry: mirror.gcr.io/library
+    websecure: # might not be needed
+      tls: {enabled: true}
+    providers:
+      kubernetesCRD:
+        allowExternalNameServices: true
+      kubernetesIngress:
+        allowExternalNameServices: true
+    deployment:
+      replicas: 4
+      annotations:
+        keel.sh/policy: minor
+        keel.sh/trigger: patch
+        keel.sh/pollSchedule: "@midnight"
+    affinity:
+     podAntiAffinity:
+       requiredDuringSchedulingIgnoredDuringExecution:
+         - labelSelector:
+             matchLabels:
+               app.kubernetes.io/name: '{{ template "traefik.name" . }}'
+               app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}'
+           topologyKey: topology.kubernetes.io/zone
+    logs:
+      access:
+        enabled: true
+        format: json
+    ports:
+      web:
+        redirections:
+          entryPoint:
+            to: websecure
+            scheme: https
+            permanent: true
+    service:
+      annotations:
+        external-dns.alpha.kubernetes.io/hostname: traefik.k-space.ee
+      spec:
+        externalTrafficPolicy: Local
+    ingressRoute:
+      dashboard:
+        enabled: true
+        domain: traefik.k-space.ee
+        matchRule: Host(`traefik.k-space.ee`)
+        entryPoints: ["websecure"]
+        middlewares:
+          - name: "dashboard"
+          - name: "dashboard-redirect"
+    tlsOptions: # https://ssl-config.mozilla.org/#server=traefik&config=modern&hsts=false
+      default:
+        minVersion: VersionTLS13
+        curvePreferences: ["X25519", "CurveP256", "CurveP384"]
+  version: v36.2.0 # helm search repo traefik/traefik --versions
+
+resources:
+- ./application-extras.yml
+- ./networkpolicy-base.yml #TODO: should be ../shared/networkpolicy-base.yml