image:
  registry: mirror.gcr.io/library
  tag: "2.10.4@sha256:bbdacc7c3bec50bd2a4430e8a967df44376419634b733185a80ed79388134bdb"
  pullPolicy: IfNotPresent

websecure:
  tls:
    enabled: true

providers:
  kubernetesCRD:
    enabled: true
    allowEmptyServices: true
    allowExternalNameServices: true

  kubernetesIngress:
    allowEmptyServices: true
    allowExternalNameServices: true

deployment:
  replicas: 2

  annotations:
    keel.sh/policy: minor
    keel.sh/trigger: patch
    keel.sh/pollSchedule: "@midnight"

accessLog:
  format: json

# Globally redirect to https://
globalArguments:
 - --entryPoints.web.http.redirections.entryPoint.to=:443
 - --entryPoints.web.http.redirections.entryPoint.scheme=https

service:
  spec:
    # Keep sync with ingress.yml
    loadBalancerIP: 193.40.103.36
    externalTrafficPolicy: Local

ingressRoute:
  dashboard:
    enabled: true
    domain: traefik.k-space.ee

tlsOptions:
  default:
    minVersion: VersionTLS12
    cipherSuites:
      # TLS 1.1 and 1.2 ciphers
      - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
      - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
      # TLS 1.3 ciphers
      - TLS_AES_128_GCM_SHA256
      - TLS_AES_256_GCM_SHA384
      - TLS_CHACHA20_POLY1305_SHA256