apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: traefik-external
  namespace: traefik
spec:
  interval: 5m
  chart:
    spec:
      chart: traefik
      version: '33.2.1'
      sourceRef:
        kind: HelmRepository
        name: traefik-charts
        namespace: flux-system
      interval: 1m
  values:
    service:
      annotations:
        io.cilium/lb-ipam-ips: 192.168.2.50
      labels:
        bgp/service-type: public

    additionalArguments:
    - --api.insecure

    providers:
      kubernetesCRD:
        enabled: true
        allowCrossNamespace: false
        allowExternalNameServices: false
        allowEmptyServices: false
        namespaces: []

      kubernetesIngress:
        enabled: true
        allowExternalNameServices: false
        allowEmptyServices: false
        namespaces: []
        publishedService:
          enabled: false

    ports:
      traefik:
        port: 9000
        expose:
          default: false
        exposedPort: 9000
        protocol: TCP

      web:
        port: 8000
        nodePort: 30080
        expose:
          default: true
        redirectTo:
          port: websecure
        protocol: TCP

      websecure:
        port: 8443
        nodePort: 30443
        expose:
          default: true
        protocol: TCP
        tls:
          enabled: true

      metrics:
        port: 9100
        expose:
          default: false
        protocol: TCP

    # Disable Dashboard
    ingressRoute:
      dashboard:
        enabled: false

    ingressClass:
      enabled: true
      isDefaultClass: false
      name: external

    metrics:
      prometheus:
        entryPoint: metrics

    # Set default certificate
#    tlsStore:
#      default:
#        defaultCertificate:
#          secretName: wildcard-main-tls