---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: sso
spec:
  chain:
    middlewares:
      - name: chain-k6-authelia-auth
        namespace: authelia
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-dashboard
  namespace: traefik
spec:
  selector:
    app.kubernetes.io/name: traefik
    app.kubernetes.io/instance: k6
  ports:
    - protocol: TCP
      port: 9000
      targetPort: 9000
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-metrics
  namespace: traefik
spec:
  selector:
    app.kubernetes.io/name: traefik
    app.kubernetes.io/instance: k6
  ports:
    - protocol: TCP
      port: 9100
      targetPort: 9100
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: traefik-dashboard
  namespace: traefik
  annotations:
    kubernetes.io/ingress.class: traefik
    cert-manager.io/cluster-issuer: default
    # Keep IP address in sync with values.yaml
    external-dns.alpha.kubernetes.io/target: 193.40.103.36
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd,traefik-dashboard-redirect@kubernetescrd
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  rules:
  - host: traefik.k-space.ee
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: traefik-dashboard
            port:
              number: 9000
  tls:
  - hosts:
    - "*.k-space.ee"
    secretName: wildcard-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
  name: default
spec:
  defaultCertificate:
    secretName: wildcard-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: dashboard-redirect
spec:
  redirectRegex:
    regex: ^https://traefik.k-space.ee/?$
    replacement: https://traefik.k-space.ee/dashboard/
    permanent: false
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: traefik
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: traefik
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: prometheus-operator
      podSelector:
        matchLabels:
          app.kubernetes.io/name: prometheus
    ports:
    - protocol: TCP
      port: 9100
  - from:
    - ipBlock:
        cidr: 0.0.0.0/0
  - ports:
    - port: 80
    - port: 443
  egress:
  - {}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: block-metrics
spec:
  replacePathRegex:
    regex: ^/metrics
    replacement: /
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: traefik
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: traefik
  podMetricsEndpoints:
    - port: metrics