apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: traefik-dash-ingress
  namespace: traefik
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
spec:
  rules:
    - host: "traefik.${SECRET_DOMAIN}"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: traefik
                port:
                  number: 9000
  tls:
    - hosts:
      - "${SECRET_DOMAIN}"
      - "traefik.${SECRET_DOMAIN}"
      secretName: wildcard-main-tls