ingressRoute:
  dashboard:
    # -- Create an IngressRoute for the dashboard
    enabled: true
    # -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
    annotations: {}
    # -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
    labels: {}
    # -- The router match rule used for the dashboard ingressRoute
    matchRule: Host(`traefik.${my_domain}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
    # -- Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
    # By default, it's using traefik entrypoint, which is not exposed.
    # /!\ Do not expose your dashboard without any protection over the internet /!\
    entryPoints: ["websecure"]
    # -- Additional ingressRoute middlewares (e.g. for authentication)
    middlewares:
      - name: traefik-dashboard-auth 
    # -- TLS options (e.g. secret containing certificate)
    tls: {}

  healthcheck:
    # -- Create an IngressRoute for the healthcheck probe
    enabled: true
    # -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
    annotations: {}
    # -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
    labels: {}
    # -- The router match rule used for the healthcheck ingressRoute
    matchRule: Host(`traefik.${my_domain}`) && PathPrefix(`/ping`)
    # -- Specify the allowed entrypoints to use for the healthcheck ingress route, (e.g. traefik, web, websecure).
    # By default, it's using traefik entrypoint, which is not exposed.
    entryPoints: ["websecure"]
    # -- Additional ingressRoute middlewares (e.g. for authentication)
    middlewares: []
    # -- TLS options (e.g. secret containing certificate)
    tls: {}

providers:
  kubernetesCRD:
    allowCrossNamespace: true

service:
  annotations: 
    oci.oraclecloud.com/load-balancer-type: "nlb"

extraObjects:
  - apiVersion: v1
    kind: Secret
    metadata:
      name: cloudflare-origin-certificate
      namespace: traefik-loadbalancer
    type: Opaque
    data:
      tls.crt: ${cloudflare_origin_certificate_pem}
      tls.key: ${cloudflare_origin_certificate_key}

  - apiVersion: traefik.io/v1alpha1
    kind: TLSStore
    metadata:
      name: default
      namespace: traefik-loadbalancer
    spec:
      defaultCertificate:
        secretName: cloudflare-origin-certificate

  - apiVersion: v1
    kind: Secret
    metadata:
      name: dashboard-authsecret
      namespace: traefik-loadbalancer
    type: kubernetes.io/basic-auth
    data:
      username: ${traefik_dashboard_username}
      password: ${traefik_dashboard_password}
      
  - apiVersion: traefik.containo.us/v1alpha1
    kind: Middleware
    metadata:
      name: traefik-dashboard-auth
      namespace: traefik-loadbalancer
    spec:
      basicAuth:
        secret: dashboard-authsecret